diff --git a/packages/1password/_dev/build/build.yml b/packages/1password/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/1password/_dev/build/build.yml +++ b/packages/1password/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/1password/changelog.yml b/packages/1password/changelog.yml index f97562eeecd..3f40ef74f86 100644 --- a/packages/1password/changelog.yml +++ b/packages/1password/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.4.0" changes: - description: Change name of package diff --git a/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json b/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json index b098b585adf..bc1b6d3c9fd 100644 --- a/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json +++ b/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-30T18:57:42.484Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "reveal", @@ -76,7 +76,7 @@ { "@timestamp": "2021-08-30T19:10:00.123Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml index 1b6e7d384ae..45e5a82b2d0 100644 --- a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/1password/data_stream/item_usages/sample_event.json b/packages/1password/data_stream/item_usages/sample_event.json index ee20ab64c06..aee4d1ccdee 100644 --- a/packages/1password/data_stream/item_usages/sample_event.json +++ b/packages/1password/data_stream/item_usages/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "8652330e-4de6-4596-a16f-4463a6c56e9e", diff --git a/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json b/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json index 1fe419bb431..755e9f56c61 100644 --- a/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json +++ b/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-11T14:28:03.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "success", @@ -78,7 +78,7 @@ { "@timestamp": "2021-08-11T15:04:22.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "credentials_failed", diff --git a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml index 8f8c07dbf4d..2505e0562d5 100644 --- a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/1password/data_stream/signin_attempts/sample_event.json b/packages/1password/data_stream/signin_attempts/sample_event.json index fdec23bd855..ec1dadbdd78 100644 --- a/packages/1password/data_stream/signin_attempts/sample_event.json +++ b/packages/1password/data_stream/signin_attempts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "8652330e-4de6-4596-a16f-4463a6c56e9e", diff --git a/packages/1password/docs/README.md b/packages/1password/docs/README.md index 46e066520fe..47a3560674f 100644 --- a/packages/1password/docs/README.md +++ b/packages/1password/docs/README.md @@ -90,7 +90,7 @@ An example event for `signin_attempts` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "8652330e-4de6-4596-a16f-4463a6c56e9e", @@ -232,7 +232,7 @@ An example event for `item_usages` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "8652330e-4de6-4596-a16f-4463a6c56e9e", diff --git a/packages/1password/manifest.yml b/packages/1password/manifest.yml index 656bd368849..f642814bc86 100644 --- a/packages/1password/manifest.yml +++ b/packages/1password/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: 1password title: "1Password" -version: 1.4.0 +version: "1.5.0" license: basic description: Collect events from 1Password Events API with Elastic Agent. type: integration diff --git a/packages/akamai/_dev/build/build.yml b/packages/akamai/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/akamai/_dev/build/build.yml +++ b/packages/akamai/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml index 82d3a19ef23..df1fcc041fc 100644 --- a/packages/akamai/changelog.yml +++ b/packages/akamai/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.1" changes: - description: improve the English in the readme file diff --git a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json index 3208aeab049..88a73edfb5c 100644 --- a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json +++ b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json @@ -1,112 +1,124 @@ { "expected": [ { + "@timestamp": "2017-04-04T10:57:02.000Z", "akamai": { "siem": { + "bot": { + "response_segment": 3, + "score": 100 + }, "client_data": { - "sdk_version": "4.7.1", + "app_bundle_id": "com.mydomain.myapp", "app_version": "1.23", - "telemetry_type": 2, - "app_bundle_id": "com.mydomain.myapp" + "sdk_version": "4.7.1", + "telemetry_type": 2 }, + "config_id": "14227", + "policy_id": "qik1_26545", "request": { "headers": { "Accept": "text/html,application/xhtml xml", "User-Agent": "BOT/0.1 (BOT for JCE)" } }, - "policy_id": "qik1_26545", - "config_id": "14227", "response": { "headers": { - "Server": "AkamaiGHost", - "Mime-Version": "1.0", "Content-Length": "150", - "Content-Type": "text/html" + "Content-Type": "text/html", + "Mime-Version": "1.0", + "Server": "AkamaiGHost" } }, - "bot": { - "score": 100, - "response_segment": 3 - }, - "user_risk": { - "allow": 0, - "trust": { - "ugp": "US" - }, - "score": 75, - "general": { - "duc_1d": "30", - "duc_1h": "10" - }, - "risk": { - "unp": "74256/H", - "udfp": "1325gdg4g4343g/M" - }, - "uuid": "964d54b7-0821-413a-a4d6-8131770ec8d5", - "status": 0 - }, "rules": [ { - "ruleSelectors": "ARGS:option", - "ruleVersions": "4", + "ruleActions": "alert", + "ruleData": "telnet.exe", "ruleMessages": "System Command Access", + "ruleSelectors": "ARGS:option", "ruleTags": "OWASP_CRS/WEB_ATTACK/FILE_INJECTION", - "ruleActions": "alert", - "rules": "950002", - "ruleData": "telnet.exe" + "ruleVersions": "4", + "rules": "950002" }, { - "ruleSelectors": "ARGS:option", - "ruleVersions": "4", + "ruleActions": "alert", + "ruleData": "telnet.exe", "ruleMessages": "System Command Injection", + "ruleSelectors": "ARGS:option", "ruleTags": "OWASP_CRS/WEB_ATTACK/COMMAND_INJECT", - "ruleActions": "alert", - "rules": "950006", - "ruleData": "telnet.exe" + "ruleVersions": "4", + "rules": "950006" }, { - "ruleVersions": "1", - "rules": "CMD-INJECTION-ANOMALY", - "ruleMessages": "Anomaly Score Exceeded fo", + "ruleActions": "deny", "ruleData": "Vector Score: 10, DENY threshold: 9, Ale", - "ruleActions": "deny" + "ruleMessages": "Anomaly Score Exceeded fo", + "ruleVersions": "1", + "rules": "CMD-INJECTION-ANOMALY" } - ] + ], + "user_risk": { + "allow": 0, + "general": { + "duc_1d": "30", + "duc_1h": "10" + }, + "risk": { + "udfp": "1325gdg4g4343g/M", + "unp": "74256/H" + }, + "score": 75, + "status": 0, + "trust": { + "ugp": "US" + }, + "uuid": "964d54b7-0821-413a-a4d6-8131770ec8d5" + } } }, - "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "client": { + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "url": { - "path": "/", - "port": 80, - "domain": "www.hmapi.com", - "query": "option=com_jce telnet.exe", - "full": "www.hmapi.com/?option=com_jce%20telnet.exe" + "ecs": { + "version": "8.3.0" + }, + "event": { + "category": "network", + "id": "1158db1758e37bfe67b7c09", + "kind": "event", + "original": "{\"format\":\"json\",\"type\":\"akamai_siem\",\"version\":\"1.0\",\"attackData\":{\"clientIP\":\"89.160.20.156\",\"configId\":\"14227\",\"policyId\":\"qik1_26545\",\"ruleActions\":\"YWxlcnQ%3d%3bYWxlcnQ%3d%3bZGVueQ%3d%3d\",\"ruleData\":\"dGVsbmV0LmV4ZQ%3d%3d%3bdGVsbmV0LmV4ZQ%3d%3d%3bVmVjdG9yIFNjb3JlOiAxMCwgREVOWSB0aHJlc2hvbGQ6IDksIEFsZX \",\"ruleMessages\":\"U3lzdGVtIENvbW1hbmQgQWNjZXNz%3bU3lzdGVtIENvbW1hbmQgSW5qZWN0aW9u%3bQW5vbWFseSBTY29yZSBFeGNlZWRlZCBmb3 \",\"ruleSelectors\":\"QVJHUzpvcHRpb24%3d%3bQVJHUzpvcHRpb24%3d%3b\",\"ruleTags\":\"T1dBU1BfQ1JTL1dFQl9BVFRBQ0svRklMRV9JTkpFQ1RJT04%3d%3bT1dBU1BfQ1JTL1dFQl9BVFRBQ0svQ09NTUFORF9JTkpFQ1R \",\"ruleVersions\":\"NA%3d%3d%3bNA%3d%3d%3bMQ%3d%3d\",\"rules\":\"OTUwMDAy%3bOTUwMDA2%3bQ01ELUlOSkVDVElPTi1BTk9NQUxZ\"},\"geo\":{\"asn\":\"14618\",\"city\":\"ASHBURN\",\"continent\":\"288\",\"country\":\"US\",\"regionCode\":\"VA\"},\"httpMessage\":{\"bytes\":\"266\",\"host\":\"www.hmapi.com\",\"method\":\"GET\",\"path\":\"/\",\"port\":\"80\",\"protocol\":\"HTTP/1.1\",\"query\":\"option=com_jce%20telnet.exe\",\"requestHeaders\":\"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml\",\"requestId\":\"1158db1758e37bfe67b7c09\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20150\",\"start\":\"1491303422\",\"status\":\"200\"},\"userRiskData\":{\"uuid\":\"964d54b7-0821-413a-a4d6-8131770ec8d5\",\"status\":\"0\",\"score\":\"75\",\"risk\":\"udfp:1325gdg4g4343g/M|unp:74256/H\",\"trust\":\"ugp:US\",\"general\":\"duc_1h:10|duc_1d:30\",\"allow\":\"0\"},\"clientData\":{\"appBundleId\":\"com.mydomain.myapp\",\"appVersion\":\"1.23\",\"sdkVersion\":\"4.7.1\",\"telemetryType\":\"2\"},\"botData\":{\"botScore\":\"100\",\"responseSegment\":\"3\"}}", + "start": "2017-04-04T10:57:02.000Z" + }, + "http": { + "request": { + "id": "1158db1758e37bfe67b7c09", + "method": "GET" + }, + "response": { + "bytes": 266, + "status_code": 200 + }, + "version": "1.1" }, - "tags": [ - "preserve_original_event" - ], "network": { "protocol": "http", "transport": "tcp" @@ -115,153 +127,153 @@ "type": "proxy", "vendor": "akamai" }, - "@timestamp": "2017-04-04T10:57:02.000Z", - "ecs": { - "version": "8.2.0" - }, "related": { "ip": [ "89.160.20.156" ] }, - "http": { - "request": { - "method": "GET", - "id": "1158db1758e37bfe67b7c09" + "source": { + "address": "89.160.20.156", + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } }, - "version": "1.1", - "response": { - "bytes": 266, - "status_code": 200 - } - }, - "client": { "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", "city_name": "Linköping", + "continent_name": "Europe", "country_iso_code": "SE", "country_name": "Sweden", - "region_name": "Östergötland County", "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" }, - "address": "89.160.20.156", "ip": "89.160.20.156" }, - "event": { - "start": "2017-04-04T10:57:02.000Z", - "original": "{\"format\":\"json\",\"type\":\"akamai_siem\",\"version\":\"1.0\",\"attackData\":{\"clientIP\":\"89.160.20.156\",\"configId\":\"14227\",\"policyId\":\"qik1_26545\",\"ruleActions\":\"YWxlcnQ%3d%3bYWxlcnQ%3d%3bZGVueQ%3d%3d\",\"ruleData\":\"dGVsbmV0LmV4ZQ%3d%3d%3bdGVsbmV0LmV4ZQ%3d%3d%3bVmVjdG9yIFNjb3JlOiAxMCwgREVOWSB0aHJlc2hvbGQ6IDksIEFsZX \",\"ruleMessages\":\"U3lzdGVtIENvbW1hbmQgQWNjZXNz%3bU3lzdGVtIENvbW1hbmQgSW5qZWN0aW9u%3bQW5vbWFseSBTY29yZSBFeGNlZWRlZCBmb3 \",\"ruleSelectors\":\"QVJHUzpvcHRpb24%3d%3bQVJHUzpvcHRpb24%3d%3b\",\"ruleTags\":\"T1dBU1BfQ1JTL1dFQl9BVFRBQ0svRklMRV9JTkpFQ1RJT04%3d%3bT1dBU1BfQ1JTL1dFQl9BVFRBQ0svQ09NTUFORF9JTkpFQ1R \",\"ruleVersions\":\"NA%3d%3d%3bNA%3d%3d%3bMQ%3d%3d\",\"rules\":\"OTUwMDAy%3bOTUwMDA2%3bQ01ELUlOSkVDVElPTi1BTk9NQUxZ\"},\"geo\":{\"asn\":\"14618\",\"city\":\"ASHBURN\",\"continent\":\"288\",\"country\":\"US\",\"regionCode\":\"VA\"},\"httpMessage\":{\"bytes\":\"266\",\"host\":\"www.hmapi.com\",\"method\":\"GET\",\"path\":\"/\",\"port\":\"80\",\"protocol\":\"HTTP/1.1\",\"query\":\"option=com_jce%20telnet.exe\",\"requestHeaders\":\"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml\",\"requestId\":\"1158db1758e37bfe67b7c09\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20150\",\"start\":\"1491303422\",\"status\":\"200\"},\"userRiskData\":{\"uuid\":\"964d54b7-0821-413a-a4d6-8131770ec8d5\",\"status\":\"0\",\"score\":\"75\",\"risk\":\"udfp:1325gdg4g4343g/M|unp:74256/H\",\"trust\":\"ugp:US\",\"general\":\"duc_1h:10|duc_1d:30\",\"allow\":\"0\"},\"clientData\":{\"appBundleId\":\"com.mydomain.myapp\",\"appVersion\":\"1.23\",\"sdkVersion\":\"4.7.1\",\"telemetryType\":\"2\"},\"botData\":{\"botScore\":\"100\",\"responseSegment\":\"3\"}}", - "id": "1158db1758e37bfe67b7c09", - "category": "network", - "kind": "event" + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "www.hmapi.com", + "full": "www.hmapi.com/?option=com_jce%20telnet.exe", + "path": "/", + "port": 80, + "query": "option=com_jce telnet.exe" } }, { + "@timestamp": "2016-08-11T13:45:33.026Z", "akamai": { "siem": { + "bot": { + "response_segment": 3, + "score": 100 + }, "client_data": { - "sdk_version": "4.7.1", + "app_bundle_id": "com.mydomain.myapp", "app_version": "1.23", - "telemetry_type": 2, - "app_bundle_id": "com.mydomain.myapp" + "sdk_version": "4.7.1", + "telemetry_type": 2 }, + "config_id": "6724", + "policy_id": "scoe_5426", "request": { "headers": { "Accept": "text/html,application/xhtml xml", "User-Agent": "BOT/0.1 (BOT for JCE)" } }, - "policy_id": "scoe_5426", - "config_id": "6724", "response": { "headers": { - "Server": "AkamaiGHost", + "Content-Type": "text/html", "Mime-Version": "1.0", - "Content-Type": "text/html" + "Server": "AkamaiGHost" } }, - "bot": { - "score": 100, - "response_segment": 3 - }, - "user_risk": { - "allow": 0, - "trust": { - "ugp": "US" - }, - "score": 75, - "general": { - "duc_1d": "30", - "duc_1h": "10" - }, - "risk": { - "unp": "74256/H", - "udfp": "1325gdg4g4343g/M" - }, - "uuid": "964d54b7-0821-413a-a4d6-8131770ec8d5", - "status": 0 - }, "rules": [ { - "ruleSelectors": "ARGS:a", - "rules": "950004", + "ruleActions": "ALERT", + "ruleData": "alert(", "ruleMessages": "Cross-site Scripting (XSS) Attack", + "ruleSelectors": "ARGS:a", "ruleTags": "WEB_ATTACK/XSS", - "ruleData": "alert(", - "ruleActions": "ALERT" + "rules": "950004" }, { - "ruleSelectors": "REQUEST_HEADERS:User-Agent", - "rules": "990011", + "ruleActions": "DENY", + "ruleData": "curl", "ruleMessages": "Request Indicates an automated program explored the site", + "ruleSelectors": "REQUEST_HEADERS:User-Agent", "ruleTags": "AUTOMATION/MISC", - "ruleData": "curl", - "ruleActions": "DENY" + "rules": "990011" } - ] + ], + "user_risk": { + "allow": 0, + "general": { + "duc_1d": "30", + "duc_1h": "10" + }, + "risk": { + "udfp": "1325gdg4g4343g/M", + "unp": "74256/H" + }, + "score": 75, + "status": 0, + "trust": { + "ugp": "US" + }, + "uuid": "964d54b7-0821-413a-a4d6-8131770ec8d5" + } } }, - "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "client": { + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "url": { - "path": "/examples/1/", - "port": 80, - "domain": "www.example.com", - "query": "a=../../../etc/passwd", - "full": "www.example.com/examples/1/?a%3D..%2F..%2F..%2Fetc%2Fpasswd" + "ecs": { + "version": "8.3.0" + }, + "event": { + "category": "network", + "id": "2ab418ac8515f33", + "kind": "event", + "original": "{\"format\":\"json\",\"type\":\"akamai_siem\",\"version\":\"1.0\",\"attackData\":{\"clientIP\":\"89.160.20.156\",\"configId\":\"6724\",\"policyId\":\"scoe_5426\",\"ruleActions\":\"QUxFUlQ;REVOWQ==\",\"ruleData\":\"YWxlcnQo;Y3VybA==\",\"ruleMessages\":\"Q3Jvc3Mtc2l0ZSBTY3 JpcHRpbmcgKFhTUykgQXR0YWNr; UmVxdWVzdCBJbmRpY2F0ZXMgYW4 gYXV0b21hdGVkIHByb2 dyYW0gZXhwbG9yZWQgdGhlIHNpdGU=\",\"ruleSelectors\":\"QVJHUzph;UkVRVUVTVF9IRU FERVJTOlVzZXItQWdlbnQ=\",\"ruleTags\":\"V0VCX0FUVEFDSy9YU1M=;QV VUT01BVElPTi9NSVND\",\"ruleVersions\":\";\",\"rules\":\"OTUwMDA0;OTkwMDEx\"},\"geo\":{\"asn\":\"12271\",\"city\":\"NEWYORK\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"NY\"},\"httpMessage\":{\"bytes\":\"34523\",\"host\":\"www.example.com\",\"method\":\"POST\",\"path\":\"/examples/1/\",\"port\":\"80\",\"protocol\":\"http/2\",\"query\":\"a%3D..%2F..%2F..%2Fetc%2Fpasswd\",\"requestHeaders\":\"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml\",\"requestId\":\"2ab418ac8515f33\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml\",\"start\":\"1470923133.026\",\"status\":\"301\",\"tls\": \"TLSv1.2\"},\"userRiskData\":{\"uuid\":\"964d54b7-0821-413a-a4d6-8131770ec8d5\",\"status\":\"0\",\"score\":\"75\",\"risk\":\"udfp:1325gdg4g4343g/M|unp:74256/H\",\"trust\":\"ugp:US\",\"general\":\"duc_1h:10|duc_1d:30\",\"allow\":\"0\"},\"clientData\":{\"appBundleId\":\"com.mydomain.myapp\",\"appVersion\":\"1.23\",\"sdkVersion\":\"4.7.1\",\"telemetryType\":\"2\"},\"botData\":{\"botScore\":\"100\",\"responseSegment\":\"3\"}}", + "start": "2016-08-11T13:45:33.026Z" + }, + "http": { + "request": { + "id": "2ab418ac8515f33", + "method": "POST" + }, + "response": { + "bytes": 34523, + "status_code": 301 + }, + "version": "2" }, - "tags": [ - "preserve_original_event" - ], "network": { "protocol": "http", "transport": "tcp" @@ -270,58 +282,46 @@ "type": "proxy", "vendor": "akamai" }, - "@timestamp": "2016-08-11T13:45:33.026Z", - "ecs": { - "version": "8.2.0" - }, "related": { "ip": [ "89.160.20.156" ] }, - "http": { - "request": { - "method": "POST", - "id": "2ab418ac8515f33" + "source": { + "address": "89.160.20.156", + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } }, - "version": "2", - "response": { - "bytes": 34523, - "status_code": 301 - } - }, - "client": { "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", "city_name": "Linköping", + "continent_name": "Europe", "country_iso_code": "SE", "country_name": "Sweden", - "region_name": "Östergötland County", "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" }, - "address": "89.160.20.156", "ip": "89.160.20.156" }, + "tags": [ + "preserve_original_event" + ], "tls": { "version": "1.2", "version_protocol": "tls" }, - "event": { - "start": "2016-08-11T13:45:33.026Z", - "original": "{\"format\":\"json\",\"type\":\"akamai_siem\",\"version\":\"1.0\",\"attackData\":{\"clientIP\":\"89.160.20.156\",\"configId\":\"6724\",\"policyId\":\"scoe_5426\",\"ruleActions\":\"QUxFUlQ;REVOWQ==\",\"ruleData\":\"YWxlcnQo;Y3VybA==\",\"ruleMessages\":\"Q3Jvc3Mtc2l0ZSBTY3 JpcHRpbmcgKFhTUykgQXR0YWNr; UmVxdWVzdCBJbmRpY2F0ZXMgYW4 gYXV0b21hdGVkIHByb2 dyYW0gZXhwbG9yZWQgdGhlIHNpdGU=\",\"ruleSelectors\":\"QVJHUzph;UkVRVUVTVF9IRU FERVJTOlVzZXItQWdlbnQ=\",\"ruleTags\":\"V0VCX0FUVEFDSy9YU1M=;QV VUT01BVElPTi9NSVND\",\"ruleVersions\":\";\",\"rules\":\"OTUwMDA0;OTkwMDEx\"},\"geo\":{\"asn\":\"12271\",\"city\":\"NEWYORK\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"NY\"},\"httpMessage\":{\"bytes\":\"34523\",\"host\":\"www.example.com\",\"method\":\"POST\",\"path\":\"/examples/1/\",\"port\":\"80\",\"protocol\":\"http/2\",\"query\":\"a%3D..%2F..%2F..%2Fetc%2Fpasswd\",\"requestHeaders\":\"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml\",\"requestId\":\"2ab418ac8515f33\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml\",\"start\":\"1470923133.026\",\"status\":\"301\",\"tls\": \"TLSv1.2\"},\"userRiskData\":{\"uuid\":\"964d54b7-0821-413a-a4d6-8131770ec8d5\",\"status\":\"0\",\"score\":\"75\",\"risk\":\"udfp:1325gdg4g4343g/M|unp:74256/H\",\"trust\":\"ugp:US\",\"general\":\"duc_1h:10|duc_1d:30\",\"allow\":\"0\"},\"clientData\":{\"appBundleId\":\"com.mydomain.myapp\",\"appVersion\":\"1.23\",\"sdkVersion\":\"4.7.1\",\"telemetryType\":\"2\"},\"botData\":{\"botScore\":\"100\",\"responseSegment\":\"3\"}}", - "id": "2ab418ac8515f33", - "category": "network", - "kind": "event" + "url": { + "domain": "www.example.com", + "full": "www.example.com/examples/1/?a%3D..%2F..%2F..%2Fetc%2Fpasswd", + "path": "/examples/1/", + "port": 80, + "query": "a=../../../etc/passwd" } }, null diff --git a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml index 004f5fcf3f4..7c082edad8d 100644 --- a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml +++ b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Akamai logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/akamai/data_stream/siem/sample_event.json b/packages/akamai/data_stream/siem/sample_event.json index 3a25038b372..3d92ea7ecd7 100644 --- a/packages/akamai/data_stream/siem/sample_event.json +++ b/packages/akamai/data_stream/siem/sample_event.json @@ -99,7 +99,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/akamai/docs/README.md b/packages/akamai/docs/README.md index fa269fa08e0..5a8d333267f 100644 --- a/packages/akamai/docs/README.md +++ b/packages/akamai/docs/README.md @@ -236,7 +236,7 @@ An example event for `siem` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/akamai/manifest.yml b/packages/akamai/manifest.yml index 4a387753fc2..44b5b3847a2 100644 --- a/packages/akamai/manifest.yml +++ b/packages/akamai/manifest.yml @@ -1,6 +1,6 @@ name: akamai title: Akamai -version: 1.0.1 +version: "1.1.0" release: ga description: Akamai Integration type: integration diff --git a/packages/atlassian_bitbucket/_dev/build/build.yml b/packages/atlassian_bitbucket/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/atlassian_bitbucket/_dev/build/build.yml +++ b/packages/atlassian_bitbucket/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/atlassian_bitbucket/changelog.yml b/packages/atlassian_bitbucket/changelog.yml index 861f0da4965..c6529c03361 100644 --- a/packages/atlassian_bitbucket/changelog.yml +++ b/packages/atlassian_bitbucket/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.2.2" changes: - description: Add correct field mapping for event.created diff --git a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 1e5c176fedc..a8dff3294e3 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -2,91 +2,55 @@ "expected": [ { "@timestamp": "2021-11-27T17:38:58.087Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin", - "test.user" - ], - "hosts": [ - "bitbucket.internal" - ], - "ip": [ - "10.50.73.5" - ] - }, - "service": { - "address": "http://bitbucket.internal:7990" - }, - "source": { - "address": "10.50.73.5", - "ip": "10.50.73.5" - }, "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "test.user", "type": "USER" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.userdeleted", - "action": "User deleted", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "test.user" } - ] + ], + "method": "Browser", + "type": { + "action": "User deleted", + "actionI18nKey": "bitbucket.service.user.audit.action.userdeleted", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.userdeleted", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:38:58.087Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.userdeleted\",\"action\":\"User deleted\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"USER\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"test.user\"}]}", "type": [ "user", "deletion" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test.user" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:38:53.360Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin", - "test", - "test.user" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin", + "test.user" ] }, "service": { @@ -96,22 +60,36 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-27T17:38:53.360Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "test.user", - "type": "USER", - "id": "3" + "type": "USER" + } + ], + "changed_values": [ + { + "from": "test", + "i18nKey": "bitbucket.service.user.audit.attribute.user.name", + "key": "Username", + "to": "test.user" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.userrenamed", - "action": "Username changed", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "details", @@ -124,58 +102,41 @@ "value": "test.user" } ], - "changed_values": [ - { - "from": "test", - "to": "test.user", - "i18nKey": "bitbucket.service.user.audit.attribute.user.name", - "key": "Username" - } - ] + "method": "Browser", + "type": { + "action": "Username changed", + "actionI18nKey": "bitbucket.service.user.audit.action.userrenamed", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.userrenamed", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:38:53.360Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.userrenamed\",\"action\":\"Username changed\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"bitbucket.service.user.audit.attribute.user.name\",\"from\":\"test\",\"to\":\"test.user\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"oldUsername\\\":\\\"test\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"test.user\"}]}", "type": [ "user", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "changes": { - "name": "test.user" - }, - "id": "2", - "target": { - "name": "test", - "id": "3" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:38:42.151Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin", - "test" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin", + "test", + "test.user" ] }, "service": { @@ -185,70 +146,74 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "name": "test.user" + }, + "id": "2", + "name": "admin", + "target": { + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:38:42.151Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "test", - "type": "USER", - "id": "3" + "type": "USER" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.usercredentialupdated", - "action": "User password changed", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "test" } - ] + ], + "method": "Browser", + "type": { + "action": "User password changed", + "actionI18nKey": "bitbucket.service.user.audit.action.usercredentialupdated", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"timestamp\":\"2021-11-27T17:38:42.151Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercredentialupdated\",\"action\":\"User password changed\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"test\"}]}", - "kind": "event", "action": "bitbucket.service.user.audit.action.usercredentialupdated", - "type": [ - "user", - "change" - ], "category": [ "iam" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test", - "id": "3" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:38:29.423Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:38:42.151Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercredentialupdated\",\"action\":\"User password changed\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"test\"}]}", + "outcome": "success", + "type": [ + "user", + "change" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin", + "test" ] }, "service": { @@ -258,71 +223,74 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:38:29.423Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf", "id": "asdf", + "name": "asdf", "type": "GROUP", "uri": "http://bitbucket.internal:7990/admin/groups/view?name=asdf" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.groupdeleted", - "action": "User group deleted", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "asdf" } - ] + ], + "method": "Browser", + "type": { + "action": "User group deleted", + "actionI18nKey": "bitbucket.service.user.audit.action.groupdeleted", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupdeleted", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:38:29.423Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupdeleted\",\"action\":\"User group deleted\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=asdf\",\"id\":\"asdf\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"asdf\"}]}", "type": [ "group", "deletion" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" + ] }, - "tags": [ - "preserve_original_event" - ], "group": { - "name": "asdf", - "id": "asdf" - } - }, - { - "@timestamp": "2021-11-27T17:38:23.209Z", - "ecs": { - "version": "8.2.0" + "id": "asdf", + "name": "asdf" }, "related": { - "user": [ - "admin", - "test" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -332,28 +300,31 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:38:23.209Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf", "id": "asdf", + "name": "asdf", "type": "GROUP", "uri": "http://bitbucket.internal:7990/admin/groups/view?name=asdf" }, { + "id": "3", "name": "test", - "type": "USER", - "id": "3" + "type": "USER" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipdeleted", - "action": "User deleted from user group", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "Parent group", @@ -370,52 +341,41 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "asdf" } - ] + ], + "method": "Browser", + "type": { + "action": "User deleted from user group", + "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipdeleted", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipdeleted", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:38:23.209Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipdeleted\",\"action\":\"User deleted from user group\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=asdf\",\"id\":\"asdf\"},{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"name\":\"Parent group\",\"value\":\"asdf\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"entities\\\":\\\"test\\\",\\\"membership\\\":\\\"GROUP_USER\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"asdf\"}]}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test", - "id": "3", - "group": { - "name": "asdf", - "id": "asdf" - } - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:38:16.687Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin", - "test" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin", + "test" ] }, "service": { @@ -425,28 +385,39 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "group": { + "id": "asdf", + "name": "asdf" + }, + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:38:16.687Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf", "id": "asdf", + "name": "asdf", "type": "GROUP", "uri": "http://bitbucket.internal:7990/admin/groups/view?name=asdf" }, { + "id": "3", "name": "test", - "type": "USER", - "id": "3" + "type": "USER" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "action": "User added to user group", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "Parent group", @@ -463,51 +434,41 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "asdf" } - ] + ], + "method": "Browser", + "type": { + "action": "User added to user group", + "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:38:16.687Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"action\":\"User added to user group\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=asdf\",\"id\":\"asdf\"},{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"name\":\"Parent group\",\"value\":\"asdf\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"entities\\\":[\\\"test\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"asdf\"}]}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test", - "id": "3", - "group": { - "name": "asdf", - "id": "asdf" - } - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:38:04.808Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin", + "test" ] }, "service": { @@ -517,71 +478,78 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "group": { + "id": "asdf", + "name": "asdf" + }, + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:38:04.808Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf", "id": "asdf", + "name": "asdf", "type": "GROUP", "uri": "http://bitbucket.internal:7990/admin/groups/view?name=asdf" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.groupcreated", - "action": "User group created", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "asdf" } - ] + ], + "method": "Browser", + "type": { + "action": "User group created", + "actionI18nKey": "bitbucket.service.user.audit.action.groupcreated", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:38:04.808Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupcreated\",\"action\":\"User group created\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=asdf\",\"id\":\"asdf\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"asdf\"}]}", "type": [ "group", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" + ] }, - "tags": [ - "preserve_original_event" - ], "group": { - "name": "asdf", - "id": "asdf" - } - }, - { - "@timestamp": "2021-11-27T17:36:40.692Z", - "ecs": { - "version": "8.2.0" + "id": "asdf", + "name": "asdf" }, "related": { - "user": [ - "admin", - "test" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -591,28 +559,31 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:40.692Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "stash-users", "id": "stash-users", + "name": "stash-users", "type": "GROUP", "uri": "http://bitbucket.internal:7990/admin/groups/view?name=stash-users" }, { + "id": "3", "name": "test", - "type": "USER", - "id": "3" + "type": "USER" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "action": "User added to user group", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "Parent group", @@ -629,52 +600,41 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "stash-users" } - ] + ], + "method": "Browser", + "type": { + "action": "User added to user group", + "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:40.692Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"action\":\"User added to user group\"},\"affectedObjects\":[{\"name\":\"stash-users\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=stash-users\",\"id\":\"stash-users\"},{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"name\":\"Parent group\",\"value\":\"stash-users\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"entities\\\":[\\\"test\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"stash-users\"}]}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test", - "id": "3", - "group": { - "name": "stash-users", - "id": "stash-users" - } - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:40.674Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin", - "test" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin", + "test" ] }, "service": { @@ -684,69 +644,74 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "group": { + "id": "stash-users", + "name": "stash-users" + }, + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:36:40.674Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "test", - "type": "USER", - "id": "3" + "type": "USER" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.usercreated", - "action": "User created", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "test" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "bitbucket.service.user.audit.action.usercreated", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:40.674Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercreated\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"test\"}]}", "type": [ "user", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test", - "id": "3" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:19.269Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin", + "test" ] }, "service": { @@ -756,15 +721,22 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:36:19.269Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -785,37 +757,34 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-27T17:26:25.045Z - 2021-11-27T17:29:18.849Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-27T17:36:19.269Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 66\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"66\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:18.849Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:18.873Z", + }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:36:19.269Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 66\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"66\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:18.849Z\"}]}", + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -825,15 +794,18 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:18.873Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -854,37 +826,34 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-27T17:29:18.850Z - 2021-11-27T17:36:18.370Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:18.873Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"67 - 166\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:29:18.850Z - 2021-11-27T17:36:18.370Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:18.370Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -894,58 +863,58 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:18.370Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "action": "Audit Log configuration updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "changed_values": [ { "i18nKey": "atlassian.audit.event.change.retention", "key": "Retention", "to": "3 Years" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:18.370Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Retention\",\"i18nKey\":\"atlassian.audit.event.change.retention\",\"to\":\"3 Years\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.994Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -955,59 +924,59 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.994Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "action": "Audit Log configuration updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "changed_values": [ { "from": "security : base", - "to": "security : full", "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" + "key": "Coverage Level", + "to": "security : full" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:17.994Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"security : base\",\"to\":\"security : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.994Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -1017,59 +986,59 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.994Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "action": "Audit Log configuration updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "changed_values": [ { "from": "permissions : base", - "to": "permissions : full", "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" + "key": "Coverage Level", + "to": "permissions : full" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:17.994Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"permissions : base\",\"to\":\"permissions : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.994Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -1079,59 +1048,59 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.994Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "action": "Audit Log configuration updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "changed_values": [ { "from": "ecosystem : base", - "to": "ecosystem : full", "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" + "key": "Coverage Level", + "to": "ecosystem : full" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:17.994Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"ecosystem : base\",\"to\":\"ecosystem : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.994Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -1141,59 +1110,59 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.994Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "action": "Audit Log configuration updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "changed_values": [ { "from": "local_config_and_administration : base", - "to": "local_config_and_administration : full", "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" + "key": "Coverage Level", + "to": "local_config_and_administration : full" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:17.994Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"local_config_and_administration : base\",\"to\":\"local_config_and_administration : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.994Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -1203,59 +1172,59 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.994Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "action": "Audit Log configuration updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "changed_values": [ { "from": "user_management : base", - "to": "user_management : full", "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" + "key": "Coverage Level", + "to": "user_management : full" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:17.994Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"user_management : base\",\"to\":\"user_management : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.993Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -1265,59 +1234,59 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.993Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "action": "Audit Log configuration updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "changed_values": [ { "from": "end_user_activity : base", - "to": "end_user_activity : full", "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" + "key": "Coverage Level", + "to": "end_user_activity : full" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:17.993Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"end_user_activity : base\",\"to\":\"end_user_activity : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.991Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -1327,59 +1296,59 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.991Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "action": "Audit Log configuration updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "changed_values": [ { "from": "global_config_and_administration : base", - "to": "global_config_and_administration : full", "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" + "key": "Coverage Level", + "to": "global_config_and_administration : full" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:36:17.991Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"global_config_and_administration : base\",\"to\":\"global_config_and_administration : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:35:46.331Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -1389,15 +1358,18 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:35:46.331Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -1418,37 +1390,34 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-27T17:26:25.045Z - 2021-11-27T17:29:12.363Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:35:46.331Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 56\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"56\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:12.363Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:35:45.810Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -1458,15 +1427,18 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:35:45.810Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -1487,37 +1459,34 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-27T17:29:12.364Z - 2021-11-27T17:35:33.093Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:35:45.810Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"57 - 156\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:29:12.364Z - 2021-11-27T17:35:33.093Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:35:33.093Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -1527,15 +1496,18 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:35:33.093Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -1556,37 +1528,34 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-27T17:26:25.045Z - 2021-11-27T17:29:11.102Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:35:33.093Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 54\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"54\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:11.102Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:35:31.362Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { @@ -1596,15 +1565,18 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:35:31.362Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -1625,54 +1597,62 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-27T17:29:11.242Z - 2021-11-27T17:35:11.898Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:35:31.362Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"55 - 154\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:29:11.242Z - 2021-11-27T17:35:11.898Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:35:11.898Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "System" - ], "hosts": [ "bitbucket.internal" + ], + "ip": [ + "10.50.73.5" + ], + "user": [ + "admin" ] }, "service": { "address": "http://bitbucket.internal:7990" }, - "event": { - "action": "bitbucket.search.audit.action.elasticsearchconfigurationchange", - "original": "{\"timestamp\":\"2021-11-27T17:35:11.898Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.search.audit.action.elasticsearchconfigurationchange\",\"action\":\"Elasticsearch settings changed\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"bitbucket.search.audit.changedvalue.elasticsearchconfigurationchange.username\",\"to\":\"bitbucket\"}],\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"changed\\\":\\\",elasticsearchPasswordelasticsearchUsername\\\",\\\"username\\\":\\\"bitbucket\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"Elasticsearch\"}]}", - "type": "info", - "kind": "event" + "source": { + "address": "10.50.73.5", + "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:35:11.898Z", "bitbucket": { "audit": { - "method": "System", - "type": { - "actionI18nKey": "bitbucket.search.audit.action.elasticsearchconfigurationchange", - "action": "Elasticsearch settings changed", - "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", - "category": "Global administration" - }, + "changed_values": [ + { + "i18nKey": "bitbucket.search.audit.changedvalue.elasticsearchconfigurationchange.username", + "key": "Username", + "to": "bitbucket" + } + ], "extra_attributes": [ { "name": "details", @@ -1685,55 +1665,47 @@ "value": "Elasticsearch" } ], - "changed_values": [ - { - "i18nKey": "bitbucket.search.audit.changedvalue.elasticsearchconfigurationchange.username", - "key": "Username", - "to": "bitbucket" - } - ] + "method": "System", + "type": { + "action": "Elasticsearch settings changed", + "actionI18nKey": "bitbucket.search.audit.action.elasticsearchconfigurationchange", + "category": "Global administration", + "categoryI18nKey": "bitbucket.service.audit.category.globaladministration" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:34:26.112Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.search.audit.action.elasticsearchconfigurationchange", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:35:11.898Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.search.audit.action.elasticsearchconfigurationchange\",\"action\":\"Elasticsearch settings changed\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"bitbucket.search.audit.changedvalue.elasticsearchconfigurationchange.username\",\"to\":\"bitbucket\"}],\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"changed\\\":\\\",elasticsearchPasswordelasticsearchUsername\\\",\\\"username\\\":\\\"bitbucket\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"Elasticsearch\"}]}", + "type": "info" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "bitbucket.internal" ], - "ip": [ - "10.50.73.5" + "user": [ + "System" ] }, "service": { "address": "http://bitbucket.internal:7990" }, - "source": { - "address": "10.50.73.5", - "ip": "10.50.73.5" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:34:26.112Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", - "action": "Instance setup completed", - "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", - "category": "Global administration" - }, "extra_attributes": [ { "name": "details", @@ -1745,37 +1717,34 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "SERVER_IS_SETUP" } - ] + ], + "method": "Browser", + "type": { + "action": "Instance setup completed", + "actionI18nKey": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", + "category": "Global administration", + "categoryI18nKey": "bitbucket.service.audit.category.globaladministration" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:34:26.112Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.service.applicationconfiguration.audit.action.applicationsetup\",\"action\":\"Instance setup completed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"new\\\":true,\\\"old\\\":false}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"SERVER_IS_SETUP\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:34:26.108Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1785,23 +1754,26 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-27T17:34:26.108Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "admin", "id": "2", + "name": "admin", "type": "USER", "uri": "http://bitbucket.internal:7990/users/admin" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.globalpermissiongranted", - "action": "Global permission granted", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions" - }, "extra_attributes": [ { "name": "Permission", @@ -1818,37 +1790,34 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "Global" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission granted", + "actionI18nKey": "bitbucket.service.user.audit.action.globalpermissiongranted", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongranted", + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:34:26.108Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.globalpermissiongranted\",\"action\":\"Global permission granted\"},\"affectedObjects\":[{\"name\":\"admin\",\"type\":\"USER\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"id\":\"2\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"name\":\"Permission\",\"value\":\"SYS_ADMIN\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"permission\\\":\\\"SYS_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"Global\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:34:26.019Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1858,23 +1827,26 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-27T17:34:26.019Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "admin", "id": "2", + "name": "admin", "type": "USER", "uri": "http://bitbucket.internal:7990/users/admin" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", - "action": "Global permission requested", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions" - }, "extra_attributes": [ { "name": "Permission", @@ -1891,38 +1863,34 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "Global" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission requested", + "actionI18nKey": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:34:26.019Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.globalpermissiongrantrequested\",\"action\":\"Global permission requested\"},\"affectedObjects\":[{\"name\":\"admin\",\"type\":\"USER\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"id\":\"2\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"name\":\"Permission\",\"value\":\"SYS_ADMIN\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"permission\\\":\\\"SYS_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"Global\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:34:25.313Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "Anonymous", - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1932,29 +1900,32 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-27T17:34:25.313Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "stash-users", "id": "stash-users", + "name": "stash-users", "type": "GROUP", "uri": "http://bitbucket.internal:7990/admin/groups/view?name=stash-users" }, { - "name": "admin", "id": "2", + "name": "admin", "type": "USER", "uri": "http://bitbucket.internal:7990/users/admin" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "action": "User added to user group", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "Parent group", @@ -1971,52 +1942,41 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "stash-users" } - ] + ], + "method": "Browser", + "type": { + "action": "User added to user group", + "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:34:25.313Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"action\":\"User added to user group\"},\"affectedObjects\":[{\"name\":\"stash-users\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=stash-users\",\"id\":\"stash-users\"},{\"name\":\"admin\",\"type\":\"USER\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"id\":\"2\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"name\":\"Parent group\",\"value\":\"stash-users\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"entities\\\":[\\\"admin\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"stash-users\"}]}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "admin", - "id": "2", - "group": { - "name": "stash-users", - "id": "stash-users" - } - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:34:24.078Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "Anonymous", - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "Anonymous", + "admin" ] }, "service": { @@ -2026,70 +1986,75 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "group": { + "id": "stash-users", + "name": "stash-users" + }, + "id": "2", + "name": "admin" + } + } + }, + { + "@timestamp": "2021-11-27T17:34:24.078Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "admin", "id": "2", + "name": "admin", "type": "USER", "uri": "http://bitbucket.internal:7990/users/admin" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.usercreated", - "action": "User created", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "bitbucket.service.user.audit.action.usercreated", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:34:24.078Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercreated\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"admin\",\"type\":\"USER\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"id\":\"2\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"admin\"}]}", "type": [ "user", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "admin", - "id": "2" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:31:41.984Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "Anonymous", + "admin" ] }, "service": { @@ -2099,52 +2064,56 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "id": "2", + "name": "admin" + } + } + }, + { + "@timestamp": "2021-11-27T17:31:41.984Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "bitbucket.service.license.audit.action.licensechanged", - "action": "Product license changed", - "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", - "category": "Global administration" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "System" } - ] + ], + "method": "Browser", + "type": { + "action": "Product license changed", + "actionI18nKey": "bitbucket.service.license.audit.action.licensechanged", + "category": "Global administration", + "categoryI18nKey": "bitbucket.service.audit.category.globaladministration" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.license.audit.action.licensechanged", + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:31:41.984Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.service.license.audit.action.licensechanged\",\"action\":\"Product license changed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"System\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:31:41.375Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.50.73.5" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2154,15 +2123,25 @@ "address": "10.50.73.5", "ip": "10.50.73.5" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-27T17:31:41.375Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "bitbucket.service.applicationconfiguration.audit.action.baseurlchanged", - "action": "Base URL changed", - "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", - "category": "Global administration" - }, + "changed_values": [ + { + "i18nKey": "bitbucket.service.applicationconfiguration.audit.changedvalue.baseurlchanged.baseurl", + "key": "Base URL", + "to": "http://bitbucket.internal:7990" + } + ], "extra_attributes": [ { "name": "details", @@ -2175,60 +2154,60 @@ "value": "BASE_URL" } ], - "changed_values": [ - { - "i18nKey": "bitbucket.service.applicationconfiguration.audit.changedvalue.baseurlchanged.baseurl", - "key": "Base URL", - "to": "http://bitbucket.internal:7990" - } - ] + "method": "Browser", + "type": { + "action": "Base URL changed", + "actionI18nKey": "bitbucket.service.applicationconfiguration.audit.action.baseurlchanged", + "category": "Global administration", + "categoryI18nKey": "bitbucket.service.audit.category.globaladministration" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.baseurlchanged", + "kind": "event", "original": "{\"timestamp\":\"2021-11-27T17:31:41.375Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.service.applicationconfiguration.audit.action.baseurlchanged\",\"action\":\"Base URL changed\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Base URL\",\"i18nKey\":\"bitbucket.service.applicationconfiguration.audit.changedvalue.baseurlchanged.baseurl\",\"to\":\"http://bitbucket.internal:7990\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"new\\\":\\\"http://bitbucket.internal:7990\\\",\\\"old\\\":null}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"BASE_URL\"}]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" + "related": { + "hosts": [ + "bitbucket.internal" + ], + "ip": [ + "10.50.73.5" + ], + "user": [ + "Anonymous" + ] + }, + "service": { + "address": "http://bitbucket.internal:7990" + }, + "source": { + "address": "10.50.73.5", + "ip": "10.50.73.5" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "id": "-2", + "name": "Anonymous" + } }, { "@timestamp": "2021-11-27T17:29:52.694Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "System" - ] - }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.694Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"tac.bitbucket.languages.ja_JP\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0.rc1-202111050047\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"tac.bitbucket.languages.ja_JP\"}]}", - "type": "info", - "kind": "event" - }, "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "tac.bitbucket.languages.ja_JP", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2240,48 +2219,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "tac.bitbucket.languages.ja_JP" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.694Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"tac.bitbucket.languages.ja_JP\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0.rc1-202111050047\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"tac.bitbucket.languages.ja_JP\"}]}", + "type": "info" + }, + "related": { + "user": [ + "System" + ] }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "id": "-1", + "name": "System" + } }, { "@timestamp": "2021-11-27T17:29:52.688Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "System" - ] - }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.688Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"tac.bitbucket.languages.fr_FR\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0.rc1-202111050047\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"tac.bitbucket.languages.fr_FR\"}]}", - "type": "info", - "kind": "event" - }, "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "tac.bitbucket.languages.fr_FR", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2293,48 +2272,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "tac.bitbucket.languages.fr_FR" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.681Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.688Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"tac.bitbucket.languages.fr_FR\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0.rc1-202111050047\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"tac.bitbucket.languages.fr_FR\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.681Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"tac.bitbucket.languages.de_DE\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0.rc1-202111050047\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"tac.bitbucket.languages.de_DE\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.681Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "tac.bitbucket.languages.de_DE", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2346,48 +2325,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "tac.bitbucket.languages.de_DE" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.674Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.681Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"tac.bitbucket.languages.de_DE\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0.rc1-202111050047\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"tac.bitbucket.languages.de_DE\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.674Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.springsource.net.jcip.annotations-1.0.0\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.springsource.net.jcip.annotations-1.0.0\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.674Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.springsource.net.jcip.annotations-1.0.0", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2399,48 +2378,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.springsource.net.jcip.annotations-1.0.0" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.672Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.674Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.springsource.net.jcip.annotations-1.0.0\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.springsource.net.jcip.annotations-1.0.0\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.672Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.zdu.bitbucket-zdu-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.1.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.zdu.bitbucket-zdu-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.672Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.zdu.bitbucket-zdu-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2452,48 +2431,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.zdu.bitbucket-zdu-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.560Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.672Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.zdu.bitbucket-zdu-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.1.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.zdu.bitbucket-zdu-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.560Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.webhooks.atlassian-webhooks-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.webhooks.atlassian-webhooks-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.560Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.webhooks.atlassian-webhooks-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2505,48 +2484,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.webhooks.atlassian-webhooks-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.557Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.560Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.webhooks.atlassian-webhooks-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.webhooks.atlassian-webhooks-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.557Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.troubleshooting.plugin-bitbucket\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.33.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.troubleshooting.plugin-bitbucket\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.557Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.troubleshooting.plugin-bitbucket", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2558,48 +2537,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.troubleshooting.plugin-bitbucket" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.502Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.557Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.troubleshooting.plugin-bitbucket\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.33.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.troubleshooting.plugin-bitbucket\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.502Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.stash.plugins.stash-remote-event-bitbucket-server-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.9.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.stash.plugins.stash-remote-event-bitbucket-server-spi\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.502Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.stash.plugins.stash-remote-event-bitbucket-server-spi", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2611,48 +2590,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.stash.plugins.stash-remote-event-bitbucket-server-spi" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.491Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.502Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.stash.plugins.stash-remote-event-bitbucket-server-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.9.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.stash.plugins.stash-remote-event-bitbucket-server-spi\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.491Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.soy.soy-template-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"5.1.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.soy.soy-template-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.491Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.soy.soy-template-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2664,48 +2643,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.soy.soy-template-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.477Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.491Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.soy.soy-template-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"5.1.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.soy.soy-template-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.477Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.prettyurls.atlassian-pretty-urls-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.0.3\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.prettyurls.atlassian-pretty-urls-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.477Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.prettyurls.atlassian-pretty-urls-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2717,48 +2696,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.prettyurls.atlassian-pretty-urls-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.472Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.477Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.prettyurls.atlassian-pretty-urls-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.0.3\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.prettyurls.atlassian-pretty-urls-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.472Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.static-assets-url\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.static-assets-url\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.472Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.static-assets-url", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2770,48 +2749,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.static-assets-url" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.450Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.472Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.static-assets-url\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.static-assets-url\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.450Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.shortcuts.atlassian-shortcuts-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.3.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.shortcuts.atlassian-shortcuts-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.450Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.shortcuts.atlassian-shortcuts-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2823,48 +2802,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.shortcuts.atlassian-shortcuts-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.439Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.450Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.shortcuts.atlassian-shortcuts-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.3.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.shortcuts.atlassian-shortcuts-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.439Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.less-transformer-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.less-transformer-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.439Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.less-transformer-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2876,48 +2855,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.less-transformer-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.216Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.439Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.less-transformer-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.less-transformer-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.216Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.jquery\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.4.11-c72c117\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.jquery\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.216Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.jquery", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2929,48 +2908,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.jquery" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.214Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.216Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.jquery\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.4.11-c72c117\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.jquery\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.214Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.issue-status-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.issue-status-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.214Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.issue-status-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -2982,48 +2961,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.issue-status-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.212Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.214Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.issue-status-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.issue-status-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.212Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.cleanup-hub-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0.7\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.cleanup-hub-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.212Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.cleanup-hub-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3035,48 +3014,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.cleanup-hub-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.203Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.212Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.cleanup-hub-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0.7\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.cleanup-hub-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.203Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.browser.metrics.browser-metrics-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.browser.metrics.browser-metrics-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.203Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.browser.metrics.browser-metrics-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3088,48 +3067,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.browser.metrics.browser-metrics-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:52.201Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.203Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.browser.metrics.browser-metrics-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.browser.metrics.browser-metrics-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:52.201Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.authentication.atlassian-authentication-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.2.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.authentication.atlassian-authentication-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:52.201Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.authentication.atlassian-authentication-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3141,48 +3120,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.authentication.atlassian-authentication-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:51.049Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:52.201Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.authentication.atlassian-authentication-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.2.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.authentication.atlassian-authentication-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:51.049Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-remote-event-producer-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-remote-event-producer-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:51.049Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.atlassian-remote-event-producer-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3194,48 +3173,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.atlassian-remote-event-producer-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:51.037Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:51.049Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-remote-event-producer-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-remote-event-producer-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:51.037Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-remote-event-consumer-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-remote-event-consumer-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:51.037Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.atlassian-remote-event-consumer-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3247,48 +3226,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.atlassian-remote-event-consumer-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:51.022Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:51.037Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-remote-event-consumer-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-remote-event-consumer-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:51.022Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-plugins-webresource-rest\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.4.4-bitbucket1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-plugins-webresource-rest\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:51.022Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.atlassian-plugins-webresource-rest", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3300,48 +3279,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.atlassian-plugins-webresource-rest" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:51.005Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:51.022Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-plugins-webresource-rest\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.4.4-bitbucket1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-plugins-webresource-rest\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:51.005Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-plugins-webresource-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.4.4-bitbucket1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-plugins-webresource-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:51.005Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.atlassian-plugins-webresource-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3353,48 +3332,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.atlassian-plugins-webresource-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:51.001Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:51.005Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-plugins-webresource-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.4.4-bitbucket1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-plugins-webresource-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:51.001Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-clientside-extensions-runtime\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-clientside-extensions-runtime\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:51.001Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.atlassian-clientside-extensions-runtime", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3406,48 +3385,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.atlassian-clientside-extensions-runtime" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.889Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:51.001Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-clientside-extensions-runtime\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-clientside-extensions-runtime\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.889Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-client-resource\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.3\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-client-resource\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.889Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.atlassian-client-resource", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3459,48 +3438,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.atlassian-client-resource" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.887Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.889Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-client-resource\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.3\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-client-resource\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.887Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-chaperone\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-chaperone\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.887Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.atlassian-chaperone", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3512,48 +3491,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.atlassian-chaperone" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.863Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.887Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-chaperone\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-chaperone\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.863Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugin.atlassian-spring-scanner-runtime\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugin.atlassian-spring-scanner-runtime\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.863Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugin.atlassian-spring-scanner-runtime", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3565,48 +3544,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugin.atlassian-spring-scanner-runtime" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.862Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.863Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugin.atlassian-spring-scanner-runtime\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugin.atlassian-spring-scanner-runtime\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.862Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.serviceprovider.sal\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.serviceprovider.sal\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.862Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.oauth.serviceprovider.sal", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3618,48 +3597,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.oauth.serviceprovider.sal" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.861Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.862Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.serviceprovider.sal\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.serviceprovider.sal\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.861Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.serviceprovider\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.serviceprovider\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.861Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.oauth.serviceprovider", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3671,48 +3650,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.oauth.serviceprovider" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.849Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.861Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.serviceprovider\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.serviceprovider\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.849Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.consumer\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.consumer\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.849Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.oauth.consumer", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3724,48 +3703,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.oauth.consumer" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.846Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.849Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.consumer\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.consumer\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.846Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.admin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.admin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.846Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.oauth.admin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3777,48 +3756,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.oauth.admin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.845Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.846Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.admin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.admin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.845Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.healthcheck.atlassian-healthcheck\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"5.1.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.healthcheck.atlassian-healthcheck\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.845Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.healthcheck.atlassian-healthcheck", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3830,48 +3809,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.healthcheck.atlassian-healthcheck" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.824Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.845Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.healthcheck.atlassian-healthcheck\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"5.1.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.healthcheck.atlassian-healthcheck\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.824Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.diagnostics.atlassian-diagnostics-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.1.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.diagnostics.atlassian-diagnostics-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.824Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.diagnostics.atlassian-diagnostics-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3883,48 +3862,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.diagnostics.atlassian-diagnostics-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.801Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.824Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.diagnostics.atlassian-diagnostics-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.1.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.diagnostics.atlassian-diagnostics-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.801Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.crowd.embedded.admin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.crowd.embedded.admin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.801Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.crowd.embedded.admin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3936,48 +3915,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.crowd.embedded.admin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.718Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.801Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.crowd.embedded.admin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.crowd.embedded.admin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.718Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.business.insights.core-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.business.insights.core-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.718Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.business.insights.core-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -3989,48 +3968,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.business.insights.core-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.698Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.718Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.business.insights.core-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.business.insights.core-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.698Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.business.insights.bitbucket-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.business.insights.bitbucket-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.698Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.business.insights.bitbucket-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4042,48 +4021,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.business.insights.bitbucket-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.697Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.698Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.business.insights.bitbucket-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.business.insights.bitbucket-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.697Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.support-info-providers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.support-info-providers\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.697Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.support-info-providers", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4095,48 +4074,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.support-info-providers" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:50.634Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.697Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.support-info-providers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.support-info-providers\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:50.634Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.feature-wrm-data\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.feature-wrm-data\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:50.634Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.feature-wrm-data", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4148,48 +4127,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.feature-wrm-data" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:49.656Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:50.634Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.feature-wrm-data\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.feature-wrm-data\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:49.656Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.config-wrm-data\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.config-wrm-data\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:49.656Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.config-wrm-data", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4201,48 +4180,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.config-wrm-data" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:49.399Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:49.656Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.config-wrm-data\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.config-wrm-data\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:49.399Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-xcode\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-xcode\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:49.399Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-xcode", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4254,48 +4233,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-xcode" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:49.394Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:49.399Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-xcode\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-xcode\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:49.394Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-webpack-INTERNAL\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-webpack-INTERNAL\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:49.394Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-webpack-INTERNAL", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4307,48 +4286,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-webpack-INTERNAL" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:48.385Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:49.394Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-webpack-INTERNAL\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-webpack-INTERNAL\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:48.385Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-web-resource-transformers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-web-resource-transformers\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:48.385Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-web-resource-transformers", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4360,48 +4339,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-web-resource-transformers" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:48.370Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:48.385Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-web-resource-transformers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-web-resource-transformers\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:48.370Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-web-api\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-web-api\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:48.370Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-web-api", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4413,48 +4392,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-web-api" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:48.363Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:48.370Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-web-api\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-web-api\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:48.363Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-web\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-web\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:48.363Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-web", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4466,48 +4445,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-web" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:32.073Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:48.363Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-web\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-web\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:32.073Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-velocity-helper\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-velocity-helper\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:32.073Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-velocity-helper", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4519,48 +4498,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-velocity-helper" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:32.072Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:32.073Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-velocity-helper\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-velocity-helper\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:32.072Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-user-erasure\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-user-erasure\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:32.072Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-user-erasure", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4572,48 +4551,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-user-erasure" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:32.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:32.072Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-user-erasure\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-user-erasure\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:32Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-upm-accessor\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-upm-accessor\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:32.000Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-upm-accessor", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4625,48 +4604,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-upm-accessor" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:31.999Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:32Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-upm-accessor\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-upm-accessor\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:31.999Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-tag\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-tag\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:31.999Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-tag", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4678,48 +4657,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-tag" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:31.988Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:31.999Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-tag\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-tag\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:31.988Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-suggestions\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-suggestions\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:31.988Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-suggestions", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4731,48 +4710,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-suggestions" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:31.723Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:31.988Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-suggestions\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-suggestions\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:31.723Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-soy-functions\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-soy-functions\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:31.723Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-soy-functions", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4784,48 +4763,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-soy-functions" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:24.643Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:31.723Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-soy-functions\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-soy-functions\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:24.643Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-sourcetree\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-sourcetree\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:24.643Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-sourcetree", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4837,48 +4816,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-sourcetree" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:24.638Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:24.643Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-sourcetree\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-sourcetree\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:24.638Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-server-web-fragments\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-server-web-fragments\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:24.638Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-server-web-fragments", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4890,48 +4869,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-server-web-fragments" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:23.479Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:24.638Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-server-web-fragments\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-server-web-fragments\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:23.479Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-search\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-search\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:23.479Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-search", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4943,48 +4922,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-search" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:23.434Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:23.479Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-search\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-search\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:23.434Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-sal\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-sal\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:23.434Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-sal", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -4996,48 +4975,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-sal" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:23.432Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:23.434Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-sal\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-sal\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:23.432Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-rest-ui\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-rest-ui\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:23.432Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-rest-ui", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5049,48 +5028,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-rest-ui" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:23.422Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:23.432Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-rest-ui\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-rest-ui\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:23.422Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-shortcuts\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-shortcuts\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:23.422Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-repository-shortcuts", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5102,48 +5081,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-repository-shortcuts" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:23.406Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:23.422Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-shortcuts\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-shortcuts\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:23.406Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-management\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-management\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:23.406Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-repository-management", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5155,48 +5134,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-repository-management" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:23.343Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:23.406Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-management\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-management\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:23.343Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-hooks\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-hooks\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:23.343Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-repository-hooks", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5208,48 +5187,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-repository-hooks" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:23.039Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:23.343Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-hooks\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-hooks\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:23.039Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-ref-metadata\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-ref-metadata\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:23.039Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-ref-metadata", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5261,48 +5240,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-ref-metadata" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:22.847Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:23.039Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-ref-metadata\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-ref-metadata\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:22.847Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-rate-limit\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-rate-limit\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:22.847Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-rate-limit", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5314,48 +5293,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-rate-limit" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:22.726Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:22.847Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-rate-limit\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-rate-limit\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:22.726Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-properties\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-properties\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:22.726Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-pull-request-properties", "type": "MISC" - } - ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, + } + ], "extra_attributes": [ { "name": "Version", @@ -5367,48 +5346,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-pull-request-properties" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:22.723Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:22.726Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-properties\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-properties\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:22.723Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-cleanup\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-cleanup\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:22.723Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-pull-request-cleanup", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5420,48 +5399,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-pull-request-cleanup" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:22.706Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:22.723Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-cleanup\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-cleanup\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:22.706Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-policies\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-policies\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:22.706Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-policies", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5473,48 +5452,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-policies" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:22.681Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:22.706Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-policies\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-policies\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:22.681Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-plugin-information-provider\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-plugin-information-provider\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:22.681Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-plugin-information-provider", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5526,48 +5505,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-plugin-information-provider" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:22.680Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:22.681Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-plugin-information-provider\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-plugin-information-provider\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:22.680Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-page-data\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-page-data\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:22.680Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-page-data", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5579,48 +5558,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-page-data" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:21.575Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:22.680Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-page-data\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-page-data\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:21.575Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-notification\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-notification\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:21.575Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-notification", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5632,48 +5611,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-notification" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:21.522Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:21.575Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-notification\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-notification\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:21.522Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-nav-links\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-nav-links\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:21.522Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-nav-links", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5685,48 +5664,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-nav-links" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:21.519Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:21.522Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-nav-links\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-nav-links\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:21.519Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-mirroring-upstream\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-mirroring-upstream\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:21.519Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-mirroring-upstream", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5738,48 +5717,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-mirroring-upstream" } - ] - } - }, - "user": { - "name": "System", - "id": "-1" + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } + } }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:21.497Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:21.519Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-mirroring-upstream\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-mirroring-upstream\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:21.497Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-connect-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-connect-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:21.497Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.atlassian-connect-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5791,48 +5770,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.atlassian-connect-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:21.330Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:21.497Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-connect-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-connect-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:21.330Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.upm.atlassian-universal-plugin-manager-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.2.10\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.upm.atlassian-universal-plugin-manager-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:21.330Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.upm.atlassian-universal-plugin-manager-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5844,48 +5823,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.upm.atlassian-universal-plugin-manager-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:20.129Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:21.330Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.upm.atlassian-universal-plugin-manager-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.2.10\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.upm.atlassian-universal-plugin-manager-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:20.129Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"rome.rome-1.0\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"rome.rome-1.0\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:20.129Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "rome.rome-1.0", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5897,48 +5876,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "rome.rome-1.0" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:20.128Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:20.129Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"rome.rome-1.0\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"rome.rome-1.0\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:20.128Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bundles.json-schema-validator-atlassian-bundle\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bundles.json-schema-validator-atlassian-bundle\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:20.128Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bundles.json-schema-validator-atlassian-bundle", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -5950,48 +5929,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bundles.json-schema-validator-atlassian-bundle" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:20.127Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:20.128Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bundles.json-schema-validator-atlassian-bundle\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bundles.json-schema-validator-atlassian-bundle\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:20.127Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-markup-renderers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-markup-renderers\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:20.127Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-markup-renderers", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6003,48 +5982,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-markup-renderers" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:20.119Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:20.127Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-markup-renderers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-markup-renderers\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:20.119Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-labels\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-labels\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:20.119Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-labels", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6056,48 +6035,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-labels" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:19.922Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:20.119Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-labels\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-labels\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:19.922Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-keyboard-shortcuts\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-keyboard-shortcuts\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:19.922Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-keyboard-shortcuts", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6109,48 +6088,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-keyboard-shortcuts" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:19.913Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:19.922Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-keyboard-shortcuts\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-keyboard-shortcuts\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:19.913Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-jira-development-integration\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-jira-development-integration\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:19.913Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-jira-development-integration", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6162,48 +6141,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-jira-development-integration" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:19.896Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:19.913Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-jira-development-integration\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-jira-development-integration\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:19.896Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-ref-sync\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-ref-sync\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:19.896Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-repository-ref-sync", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6215,48 +6194,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-repository-ref-sync" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:19.622Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:19.896Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-ref-sync\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-ref-sync\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:19.622Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.remote-link-aggregator-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.remote-link-aggregator-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:19.622Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.remote-link-aggregator-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6268,48 +6247,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.remote-link-aggregator-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:19.613Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:19.622Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.remote-link-aggregator-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.remote-link-aggregator-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:19.613Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-remote-event-common-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-remote-event-common-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:19.613Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.atlassian-remote-event-common-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6321,48 +6300,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.atlassian-remote-event-common-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:19.602Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:19.613Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-remote-event-common-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-remote-event-common-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:19.602Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-nav-links-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-nav-links-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:19.602Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.atlassian-nav-links-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6374,48 +6353,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.atlassian-nav-links-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:18.850Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:19.602Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-nav-links-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-nav-links-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:18.850Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugin.atlassian-spring-scanner-annotation\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugin.atlassian-spring-scanner-annotation\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:18.850Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugin.atlassian-spring-scanner-annotation", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6427,48 +6406,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugin.atlassian-spring-scanner-annotation" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:18.849Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:18.850Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugin.atlassian-spring-scanner-annotation\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugin.atlassian-spring-scanner-annotation\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:18.849Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-jira-commit-checker\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-jira-commit-checker\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:18.849Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-jira-commit-checker", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6480,48 +6459,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-jira-commit-checker" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:18.770Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:18.849Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-jira-commit-checker\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-jira-commit-checker\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:18.770Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-instance-migration\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-instance-migration\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:18.770Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-instance-migration", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6533,48 +6512,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-instance-migration" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:18.764Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:18.770Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-instance-migration\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-instance-migration\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:18.764Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-importer\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-importer\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:18.764Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-importer", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6586,48 +6565,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-importer" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:18.134Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:18.764Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-importer\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-importer\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:18.134Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-i18n\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-i18n\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:18.134Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-i18n", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6639,48 +6618,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-i18n" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:17.595Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:18.134Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-i18n\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-i18n\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:17.595Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-http-scm-protocol\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-http-scm-protocol\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:17.595Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-http-scm-protocol", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6692,48 +6671,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-http-scm-protocol" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:17.589Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:17.595Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-http-scm-protocol\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-http-scm-protocol\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:17.589Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-highlight\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-highlight\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:17.589Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-highlight", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6745,48 +6724,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-highlight" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:12.439Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:17.589Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-highlight\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-highlight\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:12.439Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-gpg\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-gpg\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:12.439Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-gpg", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6798,48 +6777,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-gpg" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:12.421Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:12.439Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-gpg\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-gpg\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:12.421Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-git-rest\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-git-rest\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:12.421Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-git-rest", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6851,48 +6830,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-git-rest" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:12.393Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:12.421Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-git-rest\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-git-rest\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:12.393Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-git-lfs\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-git-lfs\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:12.393Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-git-lfs", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6904,48 +6883,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-git-lfs" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:12.364Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:12.393Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-git-lfs\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-git-lfs\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:12.364Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.httpclient.atlassian-httpclient-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.httpclient.atlassian-httpclient-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:12.364Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.httpclient.atlassian-httpclient-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -6957,48 +6936,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.httpclient.atlassian-httpclient-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:12.363Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:12.364Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.httpclient.atlassian-httpclient-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.httpclient.atlassian-httpclient-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:12.363Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-git\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-git\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:12.363Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-git", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7010,48 +6989,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-git" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:11.242Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:12.363Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-git\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-git\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:11.242Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-frontend\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-frontend\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:11.242Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-frontend", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7063,48 +7042,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-frontend" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:11.102Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:11.242Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-frontend\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-frontend\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:11.102Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-jira\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-jira\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:11.102Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-jira", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7116,48 +7095,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-jira" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:11.019Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:11.102Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-jira\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-jira\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:11.019Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-deployments\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-deployments\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:11.019Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-deployments", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7169,48 +7148,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-deployments" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:10.955Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:11.019Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-deployments\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-deployments\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:10.955Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-default-reviewers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-default-reviewers\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:10.955Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-default-reviewers", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7222,48 +7201,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-default-reviewers" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:10.661Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:10.955Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-default-reviewers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-default-reviewers\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:10.661Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-crowd-sso\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-crowd-sso\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:10.661Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-crowd-sso", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7275,48 +7254,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-crowd-sso" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:10.658Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:10.661Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-crowd-sso\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-crowd-sso\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:10.658Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-crowd-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-crowd-spi\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:10.658Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-crowd-spi", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7328,48 +7307,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-crowd-spi" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:10.656Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:10.658Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-crowd-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-crowd-spi\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:10.656Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-contributing-guidelines\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-contributing-guidelines\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:10.656Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-contributing-guidelines", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7381,48 +7360,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-contributing-guidelines" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:10.644Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:10.656Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-contributing-guidelines\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-contributing-guidelines\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:10.644Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-connect-support\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-connect-support\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:10.644Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-connect-support", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7434,48 +7413,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-connect-support" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:10.643Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:10.644Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-connect-support\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-connect-support\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:10.643Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.jwt.jwt-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.jwt.jwt-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:10.643Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.jwt.jwt-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7487,48 +7466,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.jwt.jwt-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:10.560Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:10.643Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.jwt.jwt-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.jwt.jwt-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:10.560Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-compare\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-compare\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:10.560Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-compare", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7540,48 +7519,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-compare" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:09.996Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:10.560Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-compare\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-compare\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:09.996Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-comment-properties\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-comment-properties\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:09.996Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-comment-properties", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7593,48 +7572,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-comment-properties" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:09.992Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:09.996Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-comment-properties\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-comment-properties\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:09.992Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-comment-likes\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-comment-likes\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:09.992Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-comment-likes", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7646,48 +7625,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-comment-likes" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:09.967Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:09.992Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-comment-likes\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-comment-likes\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:09.967Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-emoticons\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-emoticons\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:09.967Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-emoticons", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7699,48 +7678,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-emoticons" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:09.825Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:09.967Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-emoticons\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-emoticons\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:09.825Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-code-insights\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-code-insights\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:09.825Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-code-insights", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7752,48 +7731,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-code-insights" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:09.800Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:09.825Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-code-insights\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-code-insights\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:09.800Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-cluster-info\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-cluster-info\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:09.800Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-cluster-info", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7805,48 +7784,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-cluster-info" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:09.796Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:09.800Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-cluster-info\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-cluster-info\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:09.796Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-client-web-fragments\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-client-web-fragments\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:09.796Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-client-web-fragments", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7858,48 +7837,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-client-web-fragments" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:09.732Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:09.796Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-client-web-fragments\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-client-web-fragments\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:09.732Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-bundled-hooks\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-bundled-hooks\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:09.732Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-bundled-hooks", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7911,48 +7890,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-bundled-hooks" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:09.340Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:09.732Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-bundled-hooks\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-bundled-hooks\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:09.340Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build-jenkins\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build-jenkins\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:09.340Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-build-jenkins", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -7964,48 +7943,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-build-jenkins" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:09.068Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:09.340Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build-jenkins\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build-jenkins\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:09.068Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build-feature\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build-feature\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:09.068Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-build-feature", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8017,48 +7996,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-build-feature" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:09.008Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:09.068Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build-feature\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build-feature\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:09.008Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build-bamboo\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build-bamboo\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:09.008Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-build-bamboo", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8070,48 +8049,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-build-bamboo" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:08.877Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:09.008Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build-bamboo\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build-bamboo\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:08.877Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:08.877Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-build", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8123,48 +8102,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-build" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:08.836Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:08.877Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:08.836Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-branch\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-branch\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:08.836Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-branch", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8176,48 +8155,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-branch" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:08.642Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:08.836Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-branch\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-branch\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:08.642Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.integration.jira.jira-integration-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.integration.jira.jira-integration-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:08.642Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.integration.jira.jira-integration-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8229,48 +8208,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.integration.jira.jira-integration-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:08.597Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:08.642Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.integration.jira.jira-integration-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.integration.jira.jira-integration-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:08.597Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-ref-restriction\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-ref-restriction\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:08.597Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-ref-restriction", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8282,48 +8261,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-ref-restriction" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:07.438Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:08.597Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-ref-restriction\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-ref-restriction\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:07.438Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.stash.ssh-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.stash.ssh-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:07.438Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.stash.ssh-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8335,48 +8314,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.stash.ssh-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:07.326Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:07.438Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.stash.ssh-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.stash.ssh-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:07.326Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-authentication\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-authentication\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:07.326Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-authentication", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8388,48 +8367,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-authentication" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:07.312Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:07.326Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-authentication\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-authentication\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:07.312Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-audit\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-audit\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:07.312Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-audit", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8441,48 +8420,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-audit" } - ] - } - }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:07.281Z", + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } + } + }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:07.312Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-audit\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-audit\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:07.281Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-announcement-banner\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-announcement-banner\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:07.281Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-announcement-banner", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8494,48 +8473,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-announcement-banner" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:05.974Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:07.281Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-announcement-banner\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-announcement-banner\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:05.974Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-analytics-whitelist\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-analytics-whitelist\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:05.974Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-analytics-whitelist", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8547,48 +8526,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-analytics-whitelist" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:05.973Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:05.974Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-analytics-whitelist\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-analytics-whitelist\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:05.973Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-access-tokens\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-access-tokens\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:05.973Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-access-tokens", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8600,48 +8579,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-access-tokens" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:05.941Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:05.973Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-access-tokens\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-access-tokens\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:05.941Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-rest\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-rest\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:05.941Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-rest", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8653,48 +8632,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-rest" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:05.922Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:05.941Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-rest\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-rest\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:05.922Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-webhooks\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-webhooks\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:05.922Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-webhooks", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8706,48 +8685,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-webhooks" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:05.893Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:05.922Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-webhooks\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-webhooks\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:05.893Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-ao-common\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-ao-common\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:05.893Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bitbucket.server.bitbucket-ao-common", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8759,48 +8738,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bitbucket.server.bitbucket-ao-common" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:05.892Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:05.893Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-ao-common\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-ao-common\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:05.892Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.auiplugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"9.3.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.auiplugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:05.892Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.auiplugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8812,48 +8791,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.auiplugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:05.892Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.auiplugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"9.3.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.auiplugin\"}]}", + "type": "info" + }, + "related": { + "user": [ + "System" + ] }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "id": "-1", + "name": "System" + } }, { "@timestamp": "2021-11-27T17:29:03.203Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "System" - ] - }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:03.203Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.audit.atlassian-audit-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.12.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.audit.atlassian-audit-plugin\"}]}", - "type": "info", - "kind": "event" - }, "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.audit.atlassian-audit-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8865,48 +8844,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.audit.atlassian-audit-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.812Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:03.203Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.audit.atlassian-audit-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.12.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.audit.atlassian-audit-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.812Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.atlassian-failure-cache-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.atlassian-failure-cache-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.812Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.atlassian-failure-cache-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8918,48 +8897,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.atlassian-failure-cache-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.809Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.812Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.atlassian-failure-cache-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.atlassian-failure-cache-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.809Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-trustedapps-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-trustedapps-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.809Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.applinks.applinks-trustedapps-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -8971,48 +8950,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.applinks.applinks-trustedapps-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.796Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.809Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-trustedapps-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-trustedapps-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.796Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-oauth-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-oauth-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.796Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.applinks.applinks-oauth-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9024,48 +9003,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.applinks.applinks-oauth-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.529Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.796Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-oauth-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-oauth-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.529Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.consumer.sal\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.consumer.sal\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.529Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.oauth.consumer.sal", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9077,48 +9056,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.oauth.consumer.sal" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.528Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.529Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.consumer.sal\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.consumer.sal\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.528Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-cors-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-cors-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.528Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.applinks.applinks-cors-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9130,48 +9109,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.applinks.applinks-cors-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.521Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.528Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-cors-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-cors-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.521Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-basicauth-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-basicauth-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.521Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.applinks.applinks-basicauth-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9183,48 +9162,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.applinks.applinks-basicauth-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.387Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.521Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-basicauth-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-basicauth-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.387Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.387Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.applinks.applinks-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9236,48 +9215,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.applinks.applinks-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.050Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.387Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.050Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.atlassian-oauth-service-provider-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.atlassian-oauth-service-provider-spi\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.050Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.oauth.atlassian-oauth-service-provider-spi", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9289,48 +9268,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.oauth.atlassian-oauth-service-provider-spi" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.049Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.050Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.atlassian-oauth-service-provider-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.atlassian-oauth-service-provider-spi\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.049Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bundles.json-20070829.0.0.1\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"20070829.0.0.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bundles.json-20070829.0.0.1\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.049Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.bundles.json-20070829.0.0.1", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9342,48 +9321,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.bundles.json-20070829.0.0.1" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.047Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.049Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bundles.json-20070829.0.0.1\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"20070829.0.0.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bundles.json-20070829.0.0.1\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.047Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.atlassian-oauth-consumer-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.atlassian-oauth-consumer-spi\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.047Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.oauth.atlassian-oauth-consumer-spi", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9395,48 +9374,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.oauth.atlassian-oauth-consumer-spi" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.047Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.047Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.atlassian-oauth-consumer-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.atlassian-oauth-consumer-spi\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.047Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.springsource.org.jdom-1.1.0\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.springsource.org.jdom-1.1.0\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.047Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.springsource.org.jdom-1.1.0", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9448,48 +9427,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.springsource.org.jdom-1.1.0" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.046Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.047Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.springsource.org.jdom-1.1.0\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.springsource.org.jdom-1.1.0\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.046Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.analytics.analytics-whitelist\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.84\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.analytics.analytics-whitelist\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.046Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.analytics.analytics-whitelist", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9501,48 +9480,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.analytics.analytics-whitelist" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:02.043Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.046Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.analytics.analytics-whitelist\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.84\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.analytics.analytics-whitelist\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:02.043Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.analytics.analytics-client\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.2.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.analytics.analytics-client\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:02.043Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.analytics.analytics-client", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9554,48 +9533,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.analytics.analytics-client" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:00.763Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:02.043Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.analytics.analytics-client\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.2.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.analytics.analytics-client\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:00.763Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.rest.atlassian-rest-module\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.0.7\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.rest.atlassian-rest-module\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:00.763Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.plugins.rest.atlassian-rest-module", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9607,48 +9586,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.plugins.rest.atlassian-rest-module" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:00.746Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:00.763Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.rest.atlassian-rest-module\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.0.7\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.rest.atlassian-rest-module\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:00.746Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.templaterenderer.atlassian-template-renderer-velocity1.6-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.1.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.templaterenderer.atlassian-template-renderer-velocity1.6-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:00.746Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.templaterenderer.atlassian-template-renderer-velocity1.6-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9660,48 +9639,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.templaterenderer.atlassian-template-renderer-velocity1.6-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:00.736Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:00.746Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.templaterenderer.atlassian-template-renderer-velocity1.6-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.1.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.templaterenderer.atlassian-template-renderer-velocity1.6-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:00.736Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.activeobjects.activeobjects-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.2.11\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.activeobjects.activeobjects-plugin\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:00.736Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.activeobjects.activeobjects-plugin", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9713,48 +9692,48 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.activeobjects.activeobjects-plugin" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:29:00.687Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:00.736Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.activeobjects.activeobjects-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.2.11\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.activeobjects.activeobjects-plugin\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "original": "{\"timestamp\":\"2021-11-27T17:29:00.687Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.templaterenderer.api\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.1.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.templaterenderer.api\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:29:00.687Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { "name": "com.atlassian.templaterenderer.api", "type": "MISC" } ], - "type": { - "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", - "action": "Plugin enabled", - "categoryI18nKey": "bitbucket.service.audit.category.apps", - "category": "Apps" - }, "extra_attributes": [ { "name": "Version", @@ -9766,42 +9745,49 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "com.atlassian.templaterenderer.api" } - ] + ], + "method": "System", + "type": { + "action": "Plugin enabled", + "actionI18nKey": "bitbucket.service.plugin.audit.action.pluginenabled", + "category": "Apps", + "categoryI18nKey": "bitbucket.service.audit.category.apps" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:26:26.205Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.plugin.audit.action.pluginenabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:29:00.687Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.templaterenderer.api\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.1.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.templaterenderer.api\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.applicationconfiguration.audit.action.displaynamechanged", - "original": "{\"timestamp\":\"2021-11-27T17:26:26.205Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.service.applicationconfiguration.audit.action.displaynamechanged\",\"action\":\"Server name changed\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"bitbucket.service.applicationconfiguration.audit.changedvalue.displaynamechanged.name\",\"to\":\"Bitbucket\"}],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"new\\\":\\\"Bitbucket\\\",\\\"old\\\":null}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"DISPLAY_NAME\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:26:26.205Z", "bitbucket": { "audit": { - "method": "System", - "type": { - "actionI18nKey": "bitbucket.service.applicationconfiguration.audit.action.displaynamechanged", - "action": "Server name changed", - "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", - "category": "Global administration" - }, + "changed_values": [ + { + "i18nKey": "bitbucket.service.applicationconfiguration.audit.changedvalue.displaynamechanged.name", + "key": "Name", + "to": "Bitbucket" + } + ], "extra_attributes": [ { "name": "details", @@ -9814,108 +9800,101 @@ "value": "DISPLAY_NAME" } ], - "changed_values": [ - { - "i18nKey": "bitbucket.service.applicationconfiguration.audit.changedvalue.displaynamechanged.name", - "key": "Name", - "to": "Bitbucket" - } - ] + "method": "System", + "type": { + "action": "Server name changed", + "actionI18nKey": "bitbucket.service.applicationconfiguration.audit.action.displaynamechanged", + "category": "Global administration", + "categoryI18nKey": "bitbucket.service.audit.category.globaladministration" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:26:25.141Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.applicationconfiguration.audit.action.displaynamechanged", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:26:26.205Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.service.applicationconfiguration.audit.action.displaynamechanged\",\"action\":\"Server name changed\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"bitbucket.service.applicationconfiguration.audit.changedvalue.displaynamechanged.name\",\"to\":\"Bitbucket\"}],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"new\\\":\\\"Bitbucket\\\",\\\"old\\\":null}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"DISPLAY_NAME\"}]}", + "type": "info" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.user.audit.action.groupcreated", - "original": "{\"timestamp\":\"2021-11-27T17:26:25.141Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupcreated\",\"action\":\"User group created\"},\"affectedObjects\":[{\"name\":\"stash-users\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=stash-users\",\"id\":\"stash-users\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"stash-users\"}]}", - "type": [ - "group", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:26:25.141Z", "bitbucket": { "audit": { - "method": "System", "affected_objects": [ { - "name": "stash-users", "id": "stash-users", + "name": "stash-users", "type": "GROUP", "uri": "http://bitbucket.internal:7990/admin/groups/view?name=stash-users" } ], - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.groupcreated", - "action": "User group created", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "stash-users" } - ] + ], + "method": "System", + "type": { + "action": "User group created", + "actionI18nKey": "bitbucket.service.user.audit.action.groupcreated", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, - "user": { - "name": "System", - "id": "-1" + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.user.audit.action.groupcreated", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:26:25.141Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupcreated\",\"action\":\"User group created\"},\"affectedObjects\":[{\"name\":\"stash-users\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=stash-users\",\"id\":\"stash-users\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"stash-users\"}]}", + "type": [ + "group", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "group": { - "name": "stash-users", - "id": "stash-users" - } - }, - { - "@timestamp": "2021-11-27T17:26:25.045Z", - "ecs": { - "version": "8.2.0" + "id": "stash-users", + "name": "stash-users" }, "related": { "user": [ "System" ] }, - "event": { - "action": "bitbucket.service.user.audit.action.directorycreated", - "original": "{\"timestamp\":\"2021-11-27T17:26:25.045Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.directorycreated\",\"action\":\"User directory created\"},\"affectedObjects\":[],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.directory.name\",\"name\":\"Directory name\",\"value\":\"Bitbucket Internal Directory\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"Bitbucket Internal Directory\"}]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:26:25.045Z", "bitbucket": { "audit": { - "method": "System", - "type": { - "actionI18nKey": "bitbucket.service.user.audit.action.directorycreated", - "action": "User directory created", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups" - }, "extra_attributes": [ { "name": "Directory name", @@ -9927,16 +9906,37 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "Bitbucket Internal Directory" } - ] + ], + "method": "System", + "type": { + "action": "User directory created", + "actionI18nKey": "bitbucket.service.user.audit.action.directorycreated", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups" + } } }, - "user": { - "name": "System", - "id": "-1" + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.service.user.audit.action.directorycreated", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-27T17:26:25.045Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.directorycreated\",\"action\":\"User directory created\"},\"affectedObjects\":[],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.directory.name\",\"name\":\"Directory name\",\"value\":\"Bitbucket Internal Directory\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"Bitbucket Internal Directory\"}]}", + "type": "info" + }, + "related": { + "user": [ + "System" + ] }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "id": "-1", + "name": "System" + } } ] } \ No newline at end of file diff --git a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index e3b59455ae0..37b871fd1af 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -2,51 +2,20 @@ "expected": [ { "@timestamp": "2021-11-27T17:34:25.313Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "Anonymous", - "admin" - ], - "hosts": [ - "bitbucket.internal" - ], - "ip": [ - "10.100.100.2" - ] - }, - "service": { - "address": "http://bitbucket.internal:7990" - }, - "source": { - "address": "10.100.100.2", - "ip": "10.100.100.2" - }, "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "stash-users", "name": "stash-users", - "type": "GROUP", - "id": "stash-users" + "type": "GROUP" }, { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User added to user group", - "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", @@ -63,51 +32,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"entities\":[\"admin\"],\"membership\":\"GROUP_USER\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "User added to user group", + "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"stash-users\",\"name\":\"stash-users\",\"type\":\"GROUP\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to user group\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"stash-users\"},{\"name\":\"Parent group\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"value\":\"stash-users\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"entities\\\":[\\\"admin\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034465,\"nano\":313000000},\"version\":\"1.0\"}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "admin", - "id": "2", - "group": { - "name": "stash-users", - "id": "stash-users" - } - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:34:26.190Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "Anonymous", + "admin" ] }, "service": { @@ -117,24 +78,33 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "group": { + "id": "stash-users", + "name": "stash-users" + }, + "id": "2", + "name": "admin" + } + } + }, + { + "@timestamp": "2021-11-27T17:34:26.190Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission requested", - "actionI18nKey": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "Permission", @@ -151,37 +121,36 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"permission\":\"SYS_ADMIN\",\"user\":\"admin\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission requested", + "actionI18nKey": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Global permission requested\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.globalpermissiongrantrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"SYS_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"Global\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"SYS_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034466,\"nano\":19000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:34:26.108Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -191,24 +160,25 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-27T17:34:26.108Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission granted", - "actionI18nKey": "bitbucket.service.user.audit.action.globalpermissiongranted", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "Permission", @@ -225,37 +195,36 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"permission\":\"SYS_ADMIN\",\"user\":\"admin\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission granted", + "actionI18nKey": "bitbucket.service.user.audit.action.globalpermissiongranted", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongranted", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Global permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.globalpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"SYS_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"Global\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"SYS_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034466,\"nano\":108000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:34:26.112Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -265,17 +234,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-27T17:34:26.112Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Instance setup completed", - "actionI18nKey": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", - "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", - "category": "Global administration", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", @@ -287,61 +257,69 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"new\":true,\"old\":false}" } - ] + ], + "method": "Browser", + "type": { + "action": "Instance setup completed", + "actionI18nKey": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "Global administration", + "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Instance setup completed\",\"actionI18nKey\":\"bitbucket.service.applicationconfiguration.audit.action.applicationsetup\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global administration\",\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"SERVER_IS_SETUP\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"new\\\":true,\\\"old\\\":false}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034466,\"nano\":112000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:35:11.898Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "System" - ], "hosts": [ "bitbucket.internal" + ], + "ip": [ + "10.100.100.2" + ], + "user": [ + "Anonymous" ] }, "service": { "address": "http://bitbucket.internal:7990" }, - "event": { - "action": "bitbucket.search.audit.action.elasticsearchconfigurationchange", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Elasticsearch settings changed\",\"actionI18nKey\":\"bitbucket.search.audit.action.elasticsearchconfigurationchange\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global administration\",\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"level\":\"BASE\"},\"author\":{\"id\":\"-1\",\"name\":\"System\",\"type\":\"system\"},\"changedValues\":[{\"i18nKey\":\"bitbucket.search.audit.changedvalue.elasticsearchconfigurationchange.username\",\"key\":\"Username\",\"to\":\"bitbucket\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"changed\\\":\\\",elasticsearchPasswordelasticsearchUsername\\\",\\\"username\\\":\\\"bitbucket\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"Elasticsearch\"}],\"method\":\"System\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034511,\"nano\":898000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "source": { + "address": "10.100.100.2", + "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-27T17:35:11.898Z", "bitbucket": { "audit": { - "method": "System", - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Elasticsearch settings changed", - "actionI18nKey": "bitbucket.search.audit.action.elasticsearchconfigurationchange", - "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", - "category": "Global administration", - "level": "BASE" - }, - "extra_attributes": [ + "changed_values": [ { - "name": "details", - "nameI18nKey": "bitbucket.audit.attribute.legacy.details", - "value": "{\"changed\":\",elasticsearchPasswordelasticsearchUsername\",\"username\":\"bitbucket\"}" + "i18nKey": "bitbucket.search.audit.changedvalue.elasticsearchconfigurationchange.username", + "key": "Username", + "to": "bitbucket" + } + ], + "extra_attributes": [ + { + "name": "details", + "nameI18nKey": "bitbucket.audit.attribute.legacy.details", + "value": "{\"changed\":\",elasticsearchPasswordelasticsearchUsername\",\"username\":\"bitbucket\"}" }, { "name": "target", @@ -349,57 +327,49 @@ "value": "Elasticsearch" } ], - "changed_values": [ - { - "i18nKey": "bitbucket.search.audit.changedvalue.elasticsearchconfigurationchange.username", - "key": "Username", - "to": "bitbucket" - } - ] + "method": "System", + "type": { + "action": "Elasticsearch settings changed", + "actionI18nKey": "bitbucket.search.audit.action.elasticsearchconfigurationchange", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "Global administration", + "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", + "level": "BASE" + } } }, - "user": { - "name": "System", - "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:35:31.362Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "bitbucket.search.audit.action.elasticsearchconfigurationchange", + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Elasticsearch settings changed\",\"actionI18nKey\":\"bitbucket.search.audit.action.elasticsearchconfigurationchange\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global administration\",\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"level\":\"BASE\"},\"author\":{\"id\":\"-1\",\"name\":\"System\",\"type\":\"system\"},\"changedValues\":[{\"i18nKey\":\"bitbucket.search.audit.changedvalue.elasticsearchconfigurationchange.username\",\"key\":\"Username\",\"to\":\"bitbucket\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"changed\\\":\\\",elasticsearchPasswordelasticsearchUsername\\\",\\\"username\\\":\\\"bitbucket\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"Elasticsearch\"}],\"method\":\"System\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034511,\"nano\":898000000},\"version\":\"1.0\"}", + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], - "ip": [ - "10.100.100.2" + "user": [ + "System" ] }, "service": { "address": "http://bitbucket.internal:7990" }, - "source": { - "address": "10.100.100.2", - "ip": "10.100.100.2" - }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-1", + "name": "System" + } + }, + { + "@timestamp": "2021-11-27T17:35:31.362Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -420,37 +390,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-27T17:29:11.242Z - 2021-11-27T17:35:11.898Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"55 - 154\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"100\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:11.242Z - 2021-11-27T17:35:11.898Z\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034531,\"nano\":362000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:35:33.930Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -460,17 +429,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:35:33.930Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -491,37 +461,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.id", "value": "1 - 54" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"54\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:11.102Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 54\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034533,\"nano\":93000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:35:45.810Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -531,17 +500,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:35:45.810Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -562,37 +532,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.id", "value": "57 - 156" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:12.364Z - 2021-11-27T17:35:33.093Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"100\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"57 - 156\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034545,\"nano\":810000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:35:46.331Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -602,17 +571,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:35:46.331Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -633,37 +603,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.id", "value": "1 - 56" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:12.363Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"56\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 56\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034546,\"nano\":331000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.991Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -673,61 +642,61 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.991Z", "bitbucket": { "audit": { + "changed_values": [ + { + "from": "global_config_and_administration : base", + "i18nKey": "atlassian.audit.event.change.coverage.level", + "key": "Coverage Level", + "to": "global_config_and_administration : full" + } + ], "method": "Browser", "type": { - "area": "AUDIT_LOG", "action": "Audit Log configuration updated", "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", + "area": "AUDIT_LOG", "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", "level": "BASE" - }, - "changed_values": [ - { - "from": "global_config_and_administration : base", - "to": "global_config_and_administration : full", - "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" - } - ] + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"global_config_and_administration : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"global_config_and_administration : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":991000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.993Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -737,61 +706,61 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.993Z", "bitbucket": { "audit": { + "changed_values": [ + { + "from": "end_user_activity : base", + "i18nKey": "atlassian.audit.event.change.coverage.level", + "key": "Coverage Level", + "to": "end_user_activity : full" + } + ], "method": "Browser", "type": { - "area": "AUDIT_LOG", "action": "Audit Log configuration updated", "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", + "area": "AUDIT_LOG", "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", "level": "BASE" - }, - "changed_values": [ - { - "from": "end_user_activity : base", - "to": "end_user_activity : full", - "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" - } - ] + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"end_user_activity : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"end_user_activity : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":993000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.994Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -801,61 +770,61 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.994Z", "bitbucket": { "audit": { + "changed_values": [ + { + "from": "user_management : base", + "i18nKey": "atlassian.audit.event.change.coverage.level", + "key": "Coverage Level", + "to": "user_management : full" + } + ], "method": "Browser", "type": { - "area": "AUDIT_LOG", "action": "Audit Log configuration updated", "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", + "area": "AUDIT_LOG", "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", "level": "BASE" - }, - "changed_values": [ - { - "from": "user_management : base", - "to": "user_management : full", - "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" - } - ] + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"user_management : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"user_management : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":994000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.994Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -865,61 +834,61 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.994Z", "bitbucket": { "audit": { + "changed_values": [ + { + "from": "local_config_and_administration : base", + "i18nKey": "atlassian.audit.event.change.coverage.level", + "key": "Coverage Level", + "to": "local_config_and_administration : full" + } + ], "method": "Browser", "type": { - "area": "AUDIT_LOG", "action": "Audit Log configuration updated", "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", + "area": "AUDIT_LOG", "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", "level": "BASE" - }, - "changed_values": [ - { - "from": "local_config_and_administration : base", - "to": "local_config_and_administration : full", - "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" - } - ] + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"local_config_and_administration : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"local_config_and_administration : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":994000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.994Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -929,61 +898,61 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.994Z", "bitbucket": { "audit": { + "changed_values": [ + { + "from": "ecosystem : base", + "i18nKey": "atlassian.audit.event.change.coverage.level", + "key": "Coverage Level", + "to": "ecosystem : full" + } + ], "method": "Browser", "type": { - "area": "AUDIT_LOG", "action": "Audit Log configuration updated", "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", + "area": "AUDIT_LOG", "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", "level": "BASE" - }, - "changed_values": [ - { - "from": "ecosystem : base", - "to": "ecosystem : full", - "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" - } - ] + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"ecosystem : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"ecosystem : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":994000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.994Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -993,61 +962,61 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.994Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log configuration updated", - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "changed_values": [ { "from": "permissions : base", - "to": "permissions : full", "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" + "key": "Coverage Level", + "to": "permissions : full" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"permissions : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"permissions : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":994000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:17.994Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -1057,61 +1026,61 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:17.994Z", "bitbucket": { "audit": { + "changed_values": [ + { + "from": "security : base", + "i18nKey": "atlassian.audit.event.change.coverage.level", + "key": "Coverage Level", + "to": "security : full" + } + ], "method": "Browser", "type": { - "area": "AUDIT_LOG", "action": "Audit Log configuration updated", "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", + "area": "AUDIT_LOG", "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", "level": "BASE" - }, - "changed_values": [ - { - "from": "security : base", - "to": "security : full", - "i18nKey": "atlassian.audit.event.change.coverage.level", - "key": "Coverage Level" - } - ] + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"security : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"security : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":994000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:18.370Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -1121,60 +1090,60 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:18.370Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log configuration updated", - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "atlassian.audit.event.change.retention", "key": "Retention", "to": "3 Years" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"i18nKey\":\"atlassian.audit.event.change.retention\",\"key\":\"Retention\",\"to\":\"3 Years\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034578,\"nano\":370000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:18.873Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -1184,17 +1153,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:18.873Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -1215,37 +1185,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.results", "value": "100" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"67 - 166\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:18.850Z - 2021-11-27T17:36:18.370Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"100\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034578,\"nano\":873000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:19.269Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -1255,17 +1224,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:19.269Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -1286,38 +1256,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.id", "value": "1 - 66" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"66\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:18.849Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 66\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034579,\"nano\":269000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:40.674Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin", - "test" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -1327,72 +1295,68 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:36:40.674Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "test", - "type": "USER", - "id": "3" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User created", - "actionI18nKey": "bitbucket.service.user.audit.action.usercreated", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "test" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "bitbucket.service.user.audit.action.usercreated", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercreated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"test\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034600,\"nano\":674000000},\"version\":\"1.0\"}", "type": [ "user", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test", - "id": "3" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:36:40.692Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin", - "test" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin", + "test" ] }, "service": { @@ -1402,29 +1366,34 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:36:40.692Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "stash-users", "name": "stash-users", - "type": "GROUP", - "id": "stash-users" + "type": "GROUP" }, { + "id": "3", "name": "test", - "type": "USER", - "id": "3" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User added to user group", - "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", @@ -1441,51 +1410,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"entities\":[\"test\"],\"membership\":\"GROUP_USER\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "User added to user group", + "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"stash-users\",\"name\":\"stash-users\",\"type\":\"GROUP\"},{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to user group\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"stash-users\"},{\"name\":\"Parent group\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"value\":\"stash-users\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"entities\\\":[\\\"test\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034600,\"nano\":692000000},\"version\":\"1.0\"}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test", - "id": "3", - "group": { - "name": "stash-users", - "id": "stash-users" - } - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:38:04.808Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin", + "test" ] }, "service": { @@ -1495,72 +1456,79 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "group": { + "id": "stash-users", + "name": "stash-users" + }, + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:38:04.808Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "asdf", "name": "asdf", - "type": "GROUP", - "id": "asdf" + "type": "GROUP" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User group created", - "actionI18nKey": "bitbucket.service.user.audit.action.groupcreated", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "asdf" } - ] + ], + "method": "Browser", + "type": { + "action": "User group created", + "actionI18nKey": "bitbucket.service.user.audit.action.groupcreated", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"asdf\",\"name\":\"asdf\",\"type\":\"GROUP\"}],\"auditType\":{\"action\":\"User group created\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupcreated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdf\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034684,\"nano\":808000000},\"version\":\"1.0\"}", "type": [ "group", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" + ] }, - "tags": [ - "preserve_original_event" - ], "group": { - "name": "asdf", - "id": "asdf" - } - }, - { - "@timestamp": "2021-11-27T17:38:16.687Z", - "ecs": { - "version": "8.2.0" + "id": "asdf", + "name": "asdf" }, "related": { - "user": [ - "admin", - "test" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -1570,29 +1538,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:38:16.687Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "asdf", "name": "asdf", - "type": "GROUP", - "id": "asdf" + "type": "GROUP" }, { + "id": "3", "name": "test", - "type": "USER", - "id": "3" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User added to user group", - "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", @@ -1609,52 +1578,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"entities\":[\"test\"],\"membership\":\"GROUP_USER\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "User added to user group", + "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"asdf\",\"name\":\"asdf\",\"type\":\"GROUP\"},{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to user group\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdf\"},{\"name\":\"Parent group\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"value\":\"asdf\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"entities\\\":[\\\"test\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034696,\"nano\":687000000},\"version\":\"1.0\"}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test", - "id": "3", - "group": { - "name": "asdf", - "id": "asdf" - } - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:38:23.209Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin", - "test" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin", + "test" ] }, "service": { @@ -1664,29 +1624,38 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "bitbucket": { - "audit": { - "method": "Browser", - "affected_objects": [ - { - "name": "asdf", - "type": "GROUP", - "id": "asdf" - }, - { - "name": "test", - "type": "USER", - "id": "3" - } - ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User deleted from user group", - "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipdeleted", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "group": { + "id": "asdf", + "name": "asdf" }, + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:38:23.209Z", + "bitbucket": { + "audit": { + "affected_objects": [ + { + "id": "asdf", + "name": "asdf", + "type": "GROUP" + }, + { + "id": "3", + "name": "test", + "type": "USER" + } + ], "extra_attributes": [ { "name": "target", @@ -1703,51 +1672,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"entities\":\"test\",\"membership\":\"GROUP_USER\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "User deleted from user group", + "actionI18nKey": "bitbucket.service.user.audit.action.groupmembershipdeleted", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipdeleted", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"asdf\",\"name\":\"asdf\",\"type\":\"GROUP\"},{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User deleted from user group\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipdeleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdf\"},{\"name\":\"Parent group\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"value\":\"asdf\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"entities\\\":\\\"test\\\",\\\"membership\\\":\\\"GROUP_USER\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034703,\"nano\":209000000},\"version\":\"1.0\"}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test", - "id": "3", - "group": { - "name": "asdf", - "id": "asdf" - } - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:38:29.423Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin", + "test" ] }, "service": { @@ -1757,72 +1718,79 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "group": { + "id": "asdf", + "name": "asdf" + }, + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:38:29.423Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "asdf", "name": "asdf", - "type": "GROUP", - "id": "asdf" + "type": "GROUP" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User group deleted", - "actionI18nKey": "bitbucket.service.user.audit.action.groupdeleted", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "asdf" } - ] + ], + "method": "Browser", + "type": { + "action": "User group deleted", + "actionI18nKey": "bitbucket.service.user.audit.action.groupdeleted", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.groupdeleted", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"asdf\",\"name\":\"asdf\",\"type\":\"GROUP\"}],\"auditType\":{\"action\":\"User group deleted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupdeleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdf\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034709,\"nano\":423000000},\"version\":\"1.0\"}", "type": [ "group", "deletion" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" + ] }, - "tags": [ - "preserve_original_event" - ], "group": { - "name": "asdf", - "id": "asdf" - } - }, - { - "@timestamp": "2021-11-27T17:38:42.151Z", - "ecs": { - "version": "8.2.0" + "id": "asdf", + "name": "asdf" }, "related": { - "user": [ - "admin", - "test" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -1832,74 +1800,69 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:38:42.151Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "test", - "type": "USER", - "id": "3" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User password changed", - "actionI18nKey": "bitbucket.service.user.audit.action.usercredentialupdated", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "test" } - ] + ], + "method": "Browser", + "type": { + "action": "User password changed", + "actionI18nKey": "bitbucket.service.user.audit.action.usercredentialupdated", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User password changed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercredentialupdated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"test\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034722,\"nano\":151000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.usercredentialupdated", - "type": [ - "user", - "change" - ], "category": [ "iam" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test", - "id": "3" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:38:53.360Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User password changed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercredentialupdated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"test\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034722,\"nano\":151000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "user", + "change" + ] }, "related": { - "user": [ - "admin", - "test", - "test.user" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin", + "test" ] }, "service": { @@ -1909,24 +1872,37 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:38:53.360Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "test.user", - "type": "USER", - "id": "3" + "type": "USER" + } + ], + "changed_values": [ + { + "from": "test", + "i18nKey": "bitbucket.service.user.audit.attribute.user.name", + "key": "Username", + "to": "test.user" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "Username changed", - "actionI18nKey": "bitbucket.service.user.audit.action.userrenamed", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", @@ -1939,58 +1915,43 @@ "value": "{\"oldUsername\":\"test\"}" } ], - "changed_values": [ - { - "from": "test", - "to": "test.user", - "i18nKey": "bitbucket.service.user.audit.attribute.user.name", - "key": "Username" - } - ] + "method": "Browser", + "type": { + "action": "Username changed", + "actionI18nKey": "bitbucket.service.user.audit.action.userrenamed", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.userrenamed", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Username changed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.userrenamed\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"test\",\"i18nKey\":\"bitbucket.service.user.audit.attribute.user.name\",\"key\":\"Username\",\"to\":\"test.user\"}],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"test.user\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"oldUsername\\\":\\\"test\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034733,\"nano\":360000000},\"version\":\"1.0\"}", "type": [ "user", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "changes": { - "name": "test.user" - }, - "id": "2", - "target": { - "name": "test", - "id": "3" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:38:58.870Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin", - "test.user" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin", + "test", + "test.user" ] }, "service": { @@ -2000,69 +1961,74 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "name": "test.user" + }, + "id": "2", + "name": "admin", + "target": { + "id": "3", + "name": "test" + } + } + }, + { + "@timestamp": "2021-11-27T17:38:58.870Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "test.user", "type": "USER" } - ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User deleted", - "actionI18nKey": "bitbucket.service.user.audit.action.userdeleted", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, + ], "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "test.user" } - ] + ], + "method": "Browser", + "type": { + "action": "User deleted", + "actionI18nKey": "bitbucket.service.user.audit.action.userdeleted", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.userdeleted", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User deleted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.userdeleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"test.user\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034738,\"nano\":87000000},\"version\":\"1.0\"}", "type": [ "user", "deletion" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "test.user" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:39:16.414Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin", + "test.user" ] }, "service": { @@ -2072,17 +2038,21 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-27T17:39:16.414Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User logged in", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "FULL" - }, "extra_attributes": [ { "name": "Authentication method", @@ -2094,43 +2064,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User logged in", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "FULL" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034756,\"nano\":414000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:39:16.499Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034756,\"nano\":414000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2140,17 +2109,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:39:16.499Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -2171,37 +2141,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.id", "value": "1 - 177" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"177\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:38:58.087Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 177\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034756,\"nano\":499000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:52:48.728Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2211,29 +2180,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:52:48.728Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "1", "name": "~ADMIN", - "type": "PROJECT", - "id": "1" + "type": "PROJECT" }, { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Project permission granted", - "actionI18nKey": "bitbucket.service.user.audit.action.projectpermissiongranted", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -2250,44 +2220,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "~ADMIN" } - ] + ], + "method": "Browser", + "type": { + "action": "Project permission granted", + "actionI18nKey": "bitbucket.service.user.audit.action.projectpermissiongranted", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", - "original": "{\"affectedObjects\":[{\"id\":\"1\",\"name\":\"~ADMIN\",\"type\":\"PROJECT\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.projectpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"PROJECT_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"PROJECT_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"~ADMIN\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035568,\"nano\":728000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:52:48.751Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"1\",\"name\":\"~ADMIN\",\"type\":\"PROJECT\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.projectpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"PROJECT_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"PROJECT_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"~ADMIN\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035568,\"nano\":728000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2297,66 +2266,66 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:52:48.751Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "1", "name": "~ADMIN", - "type": "PROJECT", - "id": "1" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project created", - "actionI18nKey": "bitbucket.service.project.audit.action.projectcreated", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "~ADMIN" } - ] - } - }, - "event": { - "action": "bitbucket.service.project.audit.action.projectcreated", - "original": "{\"affectedObjects\":[{\"id\":\"1\",\"name\":\"~ADMIN\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"~ADMIN\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035568,\"nano\":751000000},\"version\":\"1.0\"}", - "type": [ - "creation" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:53:38.996Z", + ], + "method": "Browser", + "type": { + "action": "Project created", + "actionI18nKey": "bitbucket.service.project.audit.action.projectcreated", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } + } + }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "bitbucket.service.project.audit.action.projectcreated", + "category": [ + "configuration" ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"1\",\"name\":\"~ADMIN\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"~ADMIN\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035568,\"nano\":751000000},\"version\":\"1.0\"}", + "type": [ + "creation" + ] + }, + "related": { "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2366,24 +2335,25 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:53:38.996Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "Personal access token created", - "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokencreated.personal", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -2410,43 +2380,42 @@ "nameI18nKey": "bitbucket.access.tokens.audit.attribute.accesstoken.permissions", "value": "PROJECT_READ, REPO_READ" } - ] + ], + "method": "Browser", + "type": { + "action": "Personal access token created", + "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokencreated.personal", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokencreated.personal", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Personal access token created\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokencreated.personal\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"957928486530\\\",\\\"tokenOwner\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"},\\\"name\\\":\\\"dddd\\\",\\\"permissions\\\":[\\\"PROJECT_READ\\\",\\\"REPO_READ\\\"]}\"},{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.id\",\"value\":\"957928486530\"},{\"name\":\"Name\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"value\":\"dddd\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"},{\"name\":\"Permissions\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"value\":\"PROJECT_READ, REPO_READ\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035618,\"nano\":996000000},\"version\":\"1.0\"}", "type": [ "admin", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:53:46.125Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2456,24 +2425,33 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:53:46.125Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" + } + ], + "changed_values": [ + { + "from": "dddd", + "i18nKey": "bitbucket.access.tokens.audit.attribute.accesstoken.name", + "key": "Name", + "to": "ddddcccc" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "Personal access token changed", - "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "ID", @@ -2491,50 +2469,41 @@ "value": "{\"id\":\"957928486530\",\"tokenOwner\":{\"id\":2,\"name\":\"admin\",\"slug\":\"admin\"},\"name\":\"ddddcccc\",\"permissions\":[\"PROJECT_READ\",\"REPO_READ\"]}" } ], - "changed_values": [ - { - "from": "dddd", - "to": "ddddcccc", - "i18nKey": "bitbucket.access.tokens.audit.attribute.accesstoken.name", - "key": "Name" - } - ] + "method": "Browser", + "type": { + "action": "Personal access token changed", + "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Personal access token changed\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokenmodified.personal\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"dddd\",\"i18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"key\":\"Name\",\"to\":\"ddddcccc\"}],\"extraAttributes\":[{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.id\",\"value\":\"957928486530\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"957928486530\\\",\\\"tokenOwner\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"},\\\"name\\\":\\\"ddddcccc\\\",\\\"permissions\\\":[\\\"PROJECT_READ\\\",\\\"REPO_READ\\\"]}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035626,\"nano\":125000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:53:52.180Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2544,24 +2513,33 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:53:52.180Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" + } + ], + "changed_values": [ + { + "from": "PROJECT_READ, REPO_READ", + "i18nKey": "bitbucket.access.tokens.audit.attribute.accesstoken.permissions", + "key": "Permissions", + "to": "PROJECT_ADMIN, REPO_ADMIN" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "Personal access token changed", - "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -2579,50 +2557,41 @@ "value": "GLOBAL" } ], - "changed_values": [ - { - "from": "PROJECT_READ, REPO_READ", - "to": "PROJECT_ADMIN, REPO_ADMIN", - "i18nKey": "bitbucket.access.tokens.audit.attribute.accesstoken.permissions", - "key": "Permissions" - } - ] + "method": "Browser", + "type": { + "action": "Personal access token changed", + "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Personal access token changed\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokenmodified.personal\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"PROJECT_READ, REPO_READ\",\"i18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"key\":\"Permissions\",\"to\":\"PROJECT_ADMIN, REPO_ADMIN\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"957928486530\\\",\\\"tokenOwner\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"},\\\"name\\\":\\\"ddddcccc\\\",\\\"permissions\\\":[\\\"PROJECT_ADMIN\\\",\\\"REPO_ADMIN\\\"]}\"},{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.id\",\"value\":\"957928486530\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035632,\"nano\":18000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:53:56.893Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2632,24 +2601,25 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:53:56.893Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "Personal access token deleted", - "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokendeleted.personal", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "Permissions", @@ -2676,43 +2646,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "GLOBAL" } - ] + ], + "method": "Browser", + "type": { + "action": "Personal access token deleted", + "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokendeleted.personal", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokendeleted.personal", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Personal access token deleted\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokendeleted.personal\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permissions\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"value\":\"PROJECT_ADMIN, REPO_ADMIN\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"957928486530\\\",\\\"tokenOwner\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"},\\\"name\\\":\\\"ddddcccc\\\",\\\"permissions\\\":[\\\"PROJECT_ADMIN\\\",\\\"REPO_ADMIN\\\"]}\"},{\"name\":\"Name\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"value\":\"ddddcccc\"},{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.id\",\"value\":\"957928486530\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035636,\"nano\":893000000},\"version\":\"1.0\"}", "type": [ "admin", "deletion" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:54:02.547Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2722,17 +2691,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:54:02.547Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User logged in", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "FULL" - }, "extra_attributes": [ { "name": "Authentication method", @@ -2744,43 +2714,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User logged in", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "FULL" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035642,\"nano\":547000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:54:02.652Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035642,\"nano\":547000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2790,17 +2759,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:54:02.652Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -2821,37 +2791,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.id", "value": "1 - 186" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"186\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:54:02.547Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 186\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035642,\"nano\":652000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:54:33.144Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2861,52 +2830,52 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:54:33.144Z", "bitbucket": { "audit": { "method": "Browser", "type": { - "area": "SECURITY", "action": "User logged out", "actionI18nKey": "bitbucket.web.audit.action.logoutsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "area": "SECURITY", "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", "level": "ADVANCED" } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.web.audit.action.logoutsuccess", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged out\",\"actionI18nKey\":\"bitbucket.web.audit.action.logoutsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035673,\"nano\":144000000},\"version\":\"1.0\"}", - "type": [ - "end" - ], "category": [ "authentication" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:54:38.580Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged out\",\"actionI18nKey\":\"bitbucket.web.audit.action.logoutsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035673,\"nano\":144000000},\"version\":\"1.0\"}", + "type": [ + "end" + ] }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -2916,17 +2885,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:54:38.580Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User login failed", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationfailure", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "ADVANCED" - }, "extra_attributes": [ { "name": "Error", @@ -2943,43 +2913,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "asdfasdf" } - ] + ], + "method": "Browser", + "type": { + "action": "User login failed", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationfailure", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "ADVANCED" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationfailure\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Error\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authenticationfailure.error\",\"value\":\"Authentication failed because the user does not exist, the account is inactive, or the provided credentials are incorrect\"},{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"form\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdfasdf\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035678,\"nano\":580000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationfailure", - "type": [ - "info" - ], "category": [ "authentication" ], - "outcome": "failure" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:54:43.620Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationfailure\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Error\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authenticationfailure.error\",\"value\":\"Authentication failed because the user does not exist, the account is inactive, or the provided credentials are incorrect\"},{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"form\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdfasdf\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035678,\"nano\":580000000},\"version\":\"1.0\"}", + "outcome": "failure", + "type": [ + "info" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2989,17 +2958,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-27T17:54:43.620Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User logged in", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "FULL" - }, "extra_attributes": [ { "name": "Authentication method", @@ -3011,43 +2981,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User logged in", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "FULL" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"form\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035683,\"nano\":620000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:54:51.210Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"form\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035683,\"nano\":620000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3057,17 +3026,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:54:51.210Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User logged in", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "FULL" - }, "extra_attributes": [ { "name": "Authentication method", @@ -3079,43 +3049,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User logged in", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "FULL" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035691,\"nano\":210000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:54:51.275Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035691,\"nano\":210000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3125,17 +3094,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:54:51.275Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -3156,37 +3126,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.results", "value": "191" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 191\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:54:51.210Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"191\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035691,\"nano\":275000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:57:37.606Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3196,72 +3165,68 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:57:37.606Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User password changed", - "actionI18nKey": "bitbucket.service.user.audit.action.usercredentialupdated", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User password changed", + "actionI18nKey": "bitbucket.service.user.audit.action.usercredentialupdated", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User password changed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercredentialupdated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035857,\"nano\":606000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.usercredentialupdated", - "type": [ - "user", - "change" - ], "category": [ "iam" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2", - "target": { - "name": "admin", - "id": "2" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:58:11.800Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User password changed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercredentialupdated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035857,\"nano\":606000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "user", + "change" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3271,24 +3236,29 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin", + "target": { + "id": "2", + "name": "admin" + } + } + }, + { + "@timestamp": "2021-11-27T17:58:11.800Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User added SSH access key to profile", - "actionI18nKey": "bitbucket.ssh.audit.action.sshkeycreated", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "Key ID", @@ -3315,43 +3285,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User added SSH access key to profile", + "actionI18nKey": "bitbucket.ssh.audit.action.sshkeycreated", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.ssh.audit.action.sshkeycreated", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added SSH access key to profile\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshkeycreated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"1\"},{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":1,\\\"public-key\\\":\\\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\\\r\\\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\\\r\\\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\\\r\\\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\\\r\\\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\\\r\\\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\\\",\\\"label\\\":\\\"schacon@mylaptop.local\\\",\\\"user\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"}}\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035891,\"nano\":80000000},\"version\":\"1.0\"}", "type": [ "admin", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:59:08.272Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3361,24 +3330,25 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:59:08.272Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "GPG key created", - "actionI18nKey": "bitbucket.plugins.gpg.audit.action.gpgevent.created", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "Subkeys", @@ -3415,43 +3385,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "GPG key created", + "actionI18nKey": "bitbucket.plugins.gpg.audit.action.gpgevent.created", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.plugins.gpg.audit.action.gpgevent.created", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"GPG key created\",\"actionI18nKey\":\"bitbucket.plugins.gpg.audit.action.gpgevent.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Subkeys\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.subkeys\",\"value\":\"{\\\"id\\\":\\\"11c2e18c5314e70b\\\",\\\"fingerprint\\\":\\\"dbcf265ce5178b92adeaaa7111c2e18c5314e70b\\\"}\"},{\"name\":\"Key text\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.text\",\"value\":\"-----BEGIN PGP PUBLIC KEY BLOCK-----\\r\\nVersion: GnuPG v1\\r\\nComment: See Alan's GPG guide at https://futureboy.us/pgp.html\\r\\n\\r\\nmQINBFPOzTUBEADT1kIEMY1Ix+9DyNfGHE9HPjLSI/Ybnsn/bbx8cWmeAktoYjBS\\r\\nq29mJ0tchjyG8KP38vlkvfNYKn80985a/p7ZKupxOm1dDyAn5TZguDG2fEgCYxcB...\"},{\"name\":\"Email\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.email\",\"value\":\"eliasen@mindspring.com\"},{\"name\":\"Fingerprint\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.fingerprint\",\"value\":\"ec2392f2ede74488680da3cf5f2b4756ed873d23\"},{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.id\",\"value\":\"5f2b4756ed873d23\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"5f2b4756ed873d23\\\",\\\"fingerprint\\\":\\\"ec2392f2ede74488680da3cf5f2b4756ed873d23\\\",\\\"key-text\\\":\\\"-----BEGIN PGP PUBLIC KEY BLOCK-----\\\\r\\\\nVersion: GnuPG v1\\\\r\\\\nComment: See Alan's GPG guide at https://futureboy.us/pgp.html\\\\r\\\\n\\\\r\\\\nmQINBFPOzTUBEADT1kIEMY1Ix+9DyNfGHE9HPjLSI/Ybnsn/bbx8cWmeAktoYjBS\\\\r\\\\nq29mJ0tchjyG8KP38vlkvfNYKn80985a/p7ZKupxOm1dDyAn5TZguDG2fEgCYxcB...\\\",\\\"sub-keys\\\":[{\\\"id\\\":\\\"11c2e18c5314e70b\\\",\\\"fingerprint\\\":\\\"dbcf265ce5178b92adeaaa7111c2e18c5314e70b\\\"}],\\\"user\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"}}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035948,\"nano\":272000000},\"version\":\"1.0\"}", "type": [ "admin", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:59:15.721Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3461,24 +3430,25 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:59:15.721Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "GPG key deleted", - "actionI18nKey": "bitbucket.plugins.gpg.audit.action.gpgevent.deleted", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "Subkeys", @@ -3515,43 +3485,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "GPG key deleted", + "actionI18nKey": "bitbucket.plugins.gpg.audit.action.gpgevent.deleted", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.plugins.gpg.audit.action.gpgevent.deleted", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"GPG key deleted\",\"actionI18nKey\":\"bitbucket.plugins.gpg.audit.action.gpgevent.deleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Subkeys\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.subkeys\",\"value\":\"{\\\"id\\\":\\\"11c2e18c5314e70b\\\",\\\"fingerprint\\\":\\\"dbcf265ce5178b92adeaaa7111c2e18c5314e70b\\\"}\"},{\"name\":\"Key text\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.text\",\"value\":\"-----BEGIN PGP PUBLIC KEY BLOCK-----\\r\\nVersion: GnuPG v1\\r\\nComment: See Alan's GPG guide at https://futureboy.us/pgp.html\\r\\n\\r\\nmQINBFPOzTUBEADT1kIEMY1Ix+9DyNfGHE9HPjLSI/Ybnsn/bbx8cWmeAktoYjBS\\r\\nq29mJ0tchjyG8KP38vlkvfNYKn80985a/p7ZKupxOm1dDyAn5TZguDG2fEgCYxcB...\"},{\"name\":\"Email\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.email\",\"value\":\"eliasen@mindspring.com\"},{\"name\":\"Fingerprint\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.fingerprint\",\"value\":\"ec2392f2ede74488680da3cf5f2b4756ed873d23\"},{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.id\",\"value\":\"5f2b4756ed873d23\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"5f2b4756ed873d23\\\",\\\"fingerprint\\\":\\\"ec2392f2ede74488680da3cf5f2b4756ed873d23\\\",\\\"key-text\\\":\\\"-----BEGIN PGP PUBLIC KEY BLOCK-----\\\\r\\\\nVersion: GnuPG v1\\\\r\\\\nComment: See Alan's GPG guide at https://futureboy.us/pgp.html\\\\r\\\\n\\\\r\\\\nmQINBFPOzTUBEADT1kIEMY1Ix+9DyNfGHE9HPjLSI/Ybnsn/bbx8cWmeAktoYjBS\\\\r\\\\nq29mJ0tchjyG8KP38vlkvfNYKn80985a/p7ZKupxOm1dDyAn5TZguDG2fEgCYxcB...\\\",\\\"sub-keys\\\":[{\\\"id\\\":\\\"11c2e18c5314e70b\\\",\\\"fingerprint\\\":\\\"dbcf265ce5178b92adeaaa7111c2e18c5314e70b\\\"}],\\\"user\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"}}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035955,\"nano\":721000000},\"version\":\"1.0\"}", "type": [ "admin", "deletion" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:59:19.377Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3561,24 +3530,25 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:59:19.377Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User deleted SSH access key from profile", - "actionI18nKey": "bitbucket.ssh.audit.action.sshkeydeleted", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "Key ID", @@ -3605,43 +3575,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User deleted SSH access key from profile", + "actionI18nKey": "bitbucket.ssh.audit.action.sshkeydeleted", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.ssh.audit.action.sshkeydeleted", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User deleted SSH access key from profile\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshkeydeleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"1\"},{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":1,\\\"public-key\\\":\\\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\\\r\\\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\\\r\\\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\\\r\\\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\\\r\\\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\\\r\\\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\\\",\\\"label\\\":\\\"schacon@mylaptop.local\\\",\\\"user\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"}}\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035959,\"nano\":377000000},\"version\":\"1.0\"}", "type": [ "admin", "deletion" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:59:26.116Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3651,17 +3620,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:59:26.116Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User login failed", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationfailure", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "ADVANCED" - }, "extra_attributes": [ { "name": "Error", @@ -3678,43 +3648,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User login failed", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationfailure", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "ADVANCED" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationfailure\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Error\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authenticationfailure.error\",\"value\":\"Invalid username or password.\"},{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035966,\"nano\":116000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationfailure", - "type": [ - "info" - ], "category": [ "authentication" ], - "outcome": "failure" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:59:30.135Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationfailure\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Error\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authenticationfailure.error\",\"value\":\"Invalid username or password.\"},{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035966,\"nano\":116000000},\"version\":\"1.0\"}", + "outcome": "failure", + "type": [ + "info" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -3724,17 +3693,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-27T17:59:30.135Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User logged in", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "FULL" - }, "extra_attributes": [ { "name": "Authentication method", @@ -3746,43 +3716,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User logged in", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "FULL" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035970,\"nano\":135000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T17:59:30.204Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035970,\"nano\":135000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3792,17 +3761,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T17:59:30.204Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -3823,37 +3793,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.id", "value": "1 - 199" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"199\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:59:30.135Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 199\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035970,\"nano\":204000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:00:37.416Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3863,47 +3832,47 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:00:37.416Z", "bitbucket": { "audit": { "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "LFS feature enabled", "actionI18nKey": "bitbucket.scm.git.lfs.audit.action.gitlfsfeatureenabled", - "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "Global administration", + "categoryI18nKey": "bitbucket.service.audit.category.globaladministration", "level": "ADVANCED" } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.scm.git.lfs.audit.action.gitlfsfeatureenabled", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"LFS feature enabled\",\"actionI18nKey\":\"bitbucket.scm.git.lfs.audit.action.gitlfsfeatureenabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global administration\",\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036037,\"nano\":416000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:01:17.660Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3913,61 +3882,61 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:01:17.660Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "TEST", - "type": "PROJECT", - "id": "0" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project creation requested", - "actionI18nKey": "bitbucket.service.project.audit.action.projectcreationrequested", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST" } - ] + ], + "method": "Browser", + "type": { + "action": "Project creation requested", + "actionI18nKey": "bitbucket.service.project.audit.action.projectcreationrequested", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.project.audit.action.projectcreationrequested", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project creation requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036077,\"nano\":660000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:01:17.828Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -3977,29 +3946,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:01:17.828Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Project permission granted", - "actionI18nKey": "bitbucket.service.user.audit.action.projectpermissiongranted", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -4016,44 +3986,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST" } - ] + ], + "method": "Browser", + "type": { + "action": "Project permission granted", + "actionI18nKey": "bitbucket.service.user.audit.action.projectpermissiongranted", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.projectpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"PROJECT_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"PROJECT_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036077,\"nano\":828000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:01:17.832Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.projectpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"PROJECT_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"PROJECT_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036077,\"nano\":828000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4063,66 +4032,66 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:01:17.832Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project created", - "actionI18nKey": "bitbucket.service.project.audit.action.projectcreated", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST" } - ] + ], + "method": "Browser", + "type": { + "action": "Project created", + "actionI18nKey": "bitbucket.service.project.audit.action.projectcreated", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036077,\"nano\":832000000},\"version\":\"1.0\"}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:01:18.549Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036077,\"nano\":832000000},\"version\":\"1.0\"}", + "type": [ + "creation" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4132,24 +4101,25 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:01:18.549Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project branch model created", - "actionI18nKey": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "Feature prefix", @@ -4181,37 +4151,36 @@ "nameI18nKey": "bitbucket.branch.audit.attribute.branchmodel.releaseprefix", "value": "release/" } - ] + ], + "method": "Browser", + "type": { + "action": "Project branch model created", + "actionI18nKey": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project branch model created\",\"actionI18nKey\":\"bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Feature prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.featureprefix\",\"value\":\"feature/\"},{\"name\":\"Development branch\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.developmentbranch\",\"value\":\"(default branch)\"},{\"name\":\"Hotfix prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.hotfixprefix\",\"value\":\"hotfix/\"},{\"name\":\"Bugfix prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.bugfixprefix\",\"value\":\"bugfix/\"},{\"name\":\"Production branch\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.productionbranch\",\"value\":\"(none)\"},{\"name\":\"Release prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.releaseprefix\",\"value\":\"release/\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036078,\"nano\":549000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:01:35.988Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4221,66 +4190,66 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:01:35.988Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "0", "name": "test2", - "type": "REPOSITORY", - "id": "0" + "type": "REPOSITORY" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Repository creation requested", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositorycreationrequested", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository creation requested", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositorycreationrequested", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositorycreationrequested", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"0\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository creation requested\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorycreationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036095,\"nano\":988000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:01:41.630Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4290,29 +4259,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:01:41.630Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Repository created", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositorycreated", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -4324,37 +4294,36 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository created", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositorycreated", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositorycreated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository created\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorycreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"project\\\":\\\"TEST\\\",\\\"repository\\\":\\\"test2\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036101,\"nano\":63000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:01:41.495Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4364,71 +4333,71 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:01:41.495Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "END_USER_ACTIVITY", - "action": "Repository accessed by user", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository accessed by user", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", + "area": "END_USER_ACTIVITY", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036101,\"nano\":495000000},\"version\":\"1.0\"}", - "type": [ - "access" - ], "category": [ "web" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:03:20.954Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036101,\"nano\":495000000},\"version\":\"1.0\"}", + "type": [ + "access" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4438,71 +4407,71 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:03:20.954Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "END_USER_ACTIVITY", - "action": "Repository accessed by user", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository accessed by user", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", + "area": "END_USER_ACTIVITY", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036200,\"nano\":954000000},\"version\":\"1.0\"}", - "type": [ - "access" - ], "category": [ "web" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:03:41.114Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036200,\"nano\":954000000},\"version\":\"1.0\"}", + "type": [ + "access" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4512,71 +4481,71 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:03:41.114Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "END_USER_ACTIVITY", - "action": "Repository accessed by user", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository accessed by user", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", + "area": "END_USER_ACTIVITY", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036221,\"nano\":114000000},\"version\":\"1.0\"}", - "type": [ - "access" - ], "category": [ "web" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:03:41.684Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036221,\"nano\":114000000},\"version\":\"1.0\"}", + "type": [ + "access" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4586,29 +4555,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:03:41.684Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Repository change requested", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositorymodificationrequested", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -4620,42 +4590,41 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository change requested", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositorymodificationrequested", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodificationrequested", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository change requested\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodificationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036221,\"nano\":684000000},\"version\":\"1.0\"}", - "type": [ - "change" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:03:41.710Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository change requested\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodificationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036221,\"nano\":684000000},\"version\":\"1.0\"}", + "type": [ + "change" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4665,29 +4634,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:03:41.710Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Repository settings changed", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositorymodified", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -4699,42 +4669,41 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository settings changed", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositorymodified", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodified", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository settings changed\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodified\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036221,\"nano\":710000000},\"version\":\"1.0\"}", - "type": [ - "change" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:03:42.444Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository settings changed\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodified\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036221,\"nano\":710000000},\"version\":\"1.0\"}", + "type": [ + "change" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4744,71 +4713,71 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:03:42.444Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "END_USER_ACTIVITY", - "action": "Repository accessed by user", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository accessed by user", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", + "area": "END_USER_ACTIVITY", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036222,\"nano\":444000000},\"version\":\"1.0\"}", - "type": [ - "access" - ], "category": [ "web" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:07.861Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036222,\"nano\":444000000},\"version\":\"1.0\"}", + "type": [ + "access" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4818,34 +4787,35 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:07.861Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" }, { + "id": "4", "name": "09e096ea84245cc5", - "type": "USER", - "id": "4" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Repository permission requested", - "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "Permission", @@ -4862,44 +4832,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"permission\":\"REPO_WRITE\",\"user\":\"09e096ea84245cc5\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository permission requested", + "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission requested\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongrantrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036247,\"nano\":861000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:08.132Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission requested\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongrantrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036247,\"nano\":861000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -4909,34 +4878,35 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:08.132Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" }, { + "id": "4", "name": "09e096ea84245cc5", - "type": "USER", - "id": "4" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Repository permission granted", - "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissiongranted", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "Permission", @@ -4953,44 +4923,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"permission\":\"REPO_WRITE\",\"user\":\"09e096ea84245cc5\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository permission granted", + "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissiongranted", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongranted", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036248,\"nano\":132000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:08.133Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036248,\"nano\":132000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5000,24 +4969,25 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:08.133Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "4", "name": "09e096ea84245cc5", - "type": "USER", - "id": "4" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User added SSH access key to profile", - "actionI18nKey": "bitbucket.ssh.audit.action.sshkeycreated", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "Label", @@ -5044,43 +5014,42 @@ "nameI18nKey": "bitbucket.ssh.audit.attr.sshkey.id", "value": "2" } - ] + ], + "method": "Browser", + "type": { + "action": "User added SSH access key to profile", + "actionI18nKey": "bitbucket.ssh.audit.action.sshkeycreated", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.ssh.audit.action.sshkeycreated", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added SSH access key to profile\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshkeycreated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":2,\\\"public-key\\\":\\\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\\\r\\\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\\\r\\\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\\\r\\\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\\\r\\\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\\\r\\\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\\\",\\\"label\\\":\\\"schacon@mylaptop.local\\\",\\\"user\\\":{\\\"id\\\":4,\\\"name\\\":\\\"09e096ea84245cc5\\\",\\\"slug\\\":\\\"09e096ea84245cc5\\\"}}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"09e096ea84245cc5\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036248,\"nano\":133000000},\"version\":\"1.0\"}", "type": [ "admin", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:08.141Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5090,34 +5059,35 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:08.141Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" }, { + "id": "4", "name": "09e096ea84245cc5", - "type": "USER", - "id": "4" + "type": "USER" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "SSH access key added to repository", - "actionI18nKey": "bitbucket.ssh.audit.action.sshaccesskeygranted.repository", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "Label", @@ -5149,43 +5119,42 @@ "nameI18nKey": "bitbucket.ssh.audit.attr.sshkey.id", "value": "2" } - ] + ], + "method": "Browser", + "type": { + "action": "SSH access key added to repository", + "actionI18nKey": "bitbucket.ssh.audit.action.sshaccesskeygranted.repository", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.ssh.audit.action.sshaccesskeygranted.repository", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"SSH access key added to repository\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshaccesskeygranted.repository\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"{\\\"id\\\":2,\\\"label\\\":\\\"schacon@mylaptop.local\\\"}\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"key\\\":{\\\"id\\\":2,\\\"label\\\":\\\"schacon@mylaptop.local\\\"},\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"repository\\\":{\\\"id\\\":1,\\\"slug\\\":\\\"test2\\\",\\\"project\\\":{\\\"id\\\":2,\\\"key\\\":\\\"TEST\\\"}}}\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshaccesskey.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036248,\"nano\":141000000},\"version\":\"1.0\"}", "type": [ "admin", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:23.970Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5195,34 +5164,35 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:23.970Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" }, { + "id": "5", "name": "access-token-user/2/1", - "type": "USER", - "id": "5" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Repository permission requested", - "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "Permission", @@ -5239,44 +5209,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"permission\":\"REPO_ADMIN\",\"user\":\"access-token-user/2/1\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository permission requested", + "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"5\",\"name\":\"access-token-user/2/1\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission requested\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongrantrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_ADMIN\\\",\\\"user\\\":\\\"access-token-user/2/1\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036263,\"nano\":970000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:23.975Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"5\",\"name\":\"access-token-user/2/1\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission requested\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongrantrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_ADMIN\\\",\\\"user\\\":\\\"access-token-user/2/1\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036263,\"nano\":970000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5286,34 +5255,35 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:23.975Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" }, { + "id": "5", "name": "access-token-user/2/1", - "type": "USER", - "id": "5" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Repository permission granted", - "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissiongranted", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "Permission", @@ -5330,44 +5300,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"permission\":\"REPO_ADMIN\",\"user\":\"access-token-user/2/1\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository permission granted", + "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissiongranted", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongranted", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"5\",\"name\":\"access-token-user/2/1\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_ADMIN\\\",\\\"user\\\":\\\"access-token-user/2/1\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036263,\"nano\":975000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:24.600Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"5\",\"name\":\"access-token-user/2/1\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_ADMIN\\\",\\\"user\\\":\\\"access-token-user/2/1\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036263,\"nano\":975000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5377,29 +5346,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:24.600Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "SECURITY", - "action": "Repository access token created", - "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokencreated.repository", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "Permissions", @@ -5421,43 +5391,42 @@ "nameI18nKey": "bitbucket.access.tokens.audit.attribute.accesstoken.name", "value": "ddddd" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository access token created", + "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokencreated.repository", + "area": "SECURITY", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokencreated.repository", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository access token created\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokencreated.repository\",\"area\":\"SECURITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permissions\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"value\":\"REPO_READ\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"254498386527\\\",\\\"tokenOwner\\\":{\\\"id\\\":5,\\\"name\\\":\\\"access-token-user/2/1\\\",\\\"slug\\\":\\\"access-token-user_2_1\\\"},\\\"name\\\":\\\"ddddd\\\",\\\"permissions\\\":[\\\"REPO_READ\\\"]}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"},{\"name\":\"Name\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"value\":\"ddddd\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036264,\"nano\":6000000},\"version\":\"1.0\"}", "type": [ "admin", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:32.296Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5467,29 +5436,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:32.296Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "Repository access token changed", - "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokenmodified.repository", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "Name", @@ -5511,43 +5481,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"id\":\"254498386527\",\"tokenOwner\":{\"id\":5,\"name\":\"access-token-user/2/1\",\"slug\":\"access-token-user_2_1\"},\"name\":\"dddddasdf\",\"permissions\":[\"REPO_ADMIN\"]}" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository access token changed", + "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokenmodified.repository", + "area": "USER_MANAGEMENT", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.repository", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository access token changed\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokenmodified.repository\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Name\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"value\":\"dddddasdf\"},{\"name\":\"Permissions\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"value\":\"REPO_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"254498386527\\\",\\\"tokenOwner\\\":{\\\"id\\\":5,\\\"name\\\":\\\"access-token-user/2/1\\\",\\\"slug\\\":\\\"access-token-user_2_1\\\"},\\\"name\\\":\\\"dddddasdf\\\",\\\"permissions\\\":[\\\"REPO_ADMIN\\\"]}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036272,\"nano\":296000000},\"version\":\"1.0\"}", "type": [ "admin", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:35.945Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5557,29 +5526,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:35.945Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "SECURITY", - "action": "Repository access token deleted", - "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokendeleted.repository", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "Name", @@ -5601,43 +5571,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"id\":\"254498386527\",\"tokenOwner\":{\"id\":5,\"name\":\"access-token-user/2/1\",\"slug\":\"access-token-user_2_1\"},\"name\":\"dddddasdf\",\"permissions\":[\"REPO_ADMIN\"]}" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository access token deleted", + "actionI18nKey": "bitbucket.access.tokens.audit.action.accesstokendeleted.repository", + "area": "SECURITY", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokendeleted.repository", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository access token deleted\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokendeleted.repository\",\"area\":\"SECURITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Name\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"value\":\"dddddasdf\"},{\"name\":\"Permissions\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"value\":\"REPO_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"254498386527\\\",\\\"tokenOwner\\\":{\\\"id\\\":5,\\\"name\\\":\\\"access-token-user/2/1\\\",\\\"slug\\\":\\\"access-token-user_2_1\\\"},\\\"name\\\":\\\"dddddasdf\\\",\\\"permissions\\\":[\\\"REPO_ADMIN\\\"]}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036275,\"nano\":945000000},\"version\":\"1.0\"}", "type": [ "admin", "deletion" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:47.255Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5647,34 +5616,35 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:47.255Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" }, { + "id": "4", "name": "09e096ea84245cc5", - "type": "USER", - "id": "4" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Repository permission remove request", - "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissionrevocationrequested", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "Permission", @@ -5691,44 +5661,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"permission\":\"REPO_WRITE\",\"user\":\"09e096ea84245cc5\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository permission remove request", + "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissionrevocationrequested", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissionrevocationrequested", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission remove request\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissionrevocationrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036287,\"nano\":255000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "deletion" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:47.288Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission remove request\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissionrevocationrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036287,\"nano\":255000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "deletion" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5738,34 +5707,35 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:47.288Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" }, { + "id": "4", "name": "09e096ea84245cc5", - "type": "USER", - "id": "4" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Repository permission removed", - "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissionrevoked", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "Permission", @@ -5782,44 +5752,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.details", "value": "{\"permission\":\"REPO_WRITE\",\"user\":\"09e096ea84245cc5\"}" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository permission removed", + "actionI18nKey": "bitbucket.service.user.audit.action.repositorypermissionrevoked", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissionrevoked", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission removed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissionrevoked\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036287,\"nano\":288000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "deletion" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:47.298Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission removed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissionrevoked\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036287,\"nano\":288000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "deletion" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5829,24 +5798,25 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:47.298Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "4", "name": "09e096ea84245cc5", - "type": "USER", - "id": "4" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User deleted SSH access key from profile", - "actionI18nKey": "bitbucket.ssh.audit.action.sshkeydeleted", - "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", - "category": "Users and groups", - "level": "BASE" - }, "extra_attributes": [ { "name": "Label", @@ -5873,43 +5843,42 @@ "nameI18nKey": "bitbucket.ssh.audit.attr.sshkey.id", "value": "2" } - ] + ], + "method": "Browser", + "type": { + "action": "User deleted SSH access key from profile", + "actionI18nKey": "bitbucket.ssh.audit.action.sshkeydeleted", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "bitbucket.service.audit.category.usersandgroups", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.ssh.audit.action.sshkeydeleted", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User deleted SSH access key from profile\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshkeydeleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":2,\\\"public-key\\\":\\\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\\\r\\\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\\\r\\\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\\\r\\\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\\\r\\\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\\\r\\\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\\\",\\\"label\\\":\\\"schacon@mylaptop.local\\\",\\\"user\\\":{\\\"id\\\":4,\\\"name\\\":\\\"09e096ea84245cc5\\\",\\\"slug\\\":\\\"09e096ea84245cc5\\\"}}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"09e096ea84245cc5\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036287,\"nano\":298000000},\"version\":\"1.0\"}", "type": [ "admin", "deletion" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:47.298Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -5919,34 +5888,35 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:47.298Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" }, { + "id": "4", "name": "09e096ea84245cc5", - "type": "USER", - "id": "4" + "type": "USER" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "SSH access key deleted from repository", - "actionI18nKey": "bitbucket.ssh.audit.action.sshaccesskeyrevoked.repository", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "Label", @@ -5978,43 +5948,42 @@ "nameI18nKey": "bitbucket.ssh.audit.attr.sshkey.id", "value": "2" } - ] + ], + "method": "Browser", + "type": { + "action": "SSH access key deleted from repository", + "actionI18nKey": "bitbucket.ssh.audit.action.sshaccesskeyrevoked.repository", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.ssh.audit.action.sshaccesskeyrevoked.repository", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"SSH access key deleted from repository\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshaccesskeyrevoked.repository\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"{\\\"id\\\":2,\\\"label\\\":\\\"schacon@mylaptop.local\\\"}\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"key\\\":{\\\"id\\\":2,\\\"label\\\":\\\"schacon@mylaptop.local\\\"},\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"repository\\\":{\\\"id\\\":1,\\\"slug\\\":\\\"test2\\\",\\\"project\\\":{\\\"id\\\":2,\\\"key\\\":\\\"TEST\\\"}}}\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshaccesskey.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036287,\"nano\":298000000},\"version\":\"1.0\"}", "type": [ "admin", "deletion" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:04:55.112Z", - "ecs": { - "version": "8.2.0" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6024,71 +5993,71 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:04:55.112Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "END_USER_ACTIVITY", - "action": "Repository accessed by user", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository accessed by user", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", + "area": "END_USER_ACTIVITY", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036295,\"nano\":112000000},\"version\":\"1.0\"}", - "type": [ - "access" - ], "category": [ "web" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:05:10.261Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036295,\"nano\":112000000},\"version\":\"1.0\"}", + "type": [ + "access" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6098,17 +6067,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:05:10.261Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User logged in", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "FULL" - }, "extra_attributes": [ { "name": "Authentication method", @@ -6120,43 +6090,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User logged in", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "FULL" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036310,\"nano\":261000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:05:10.321Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036310,\"nano\":261000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6166,17 +6135,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:05:10.321Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -6197,37 +6167,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.id", "value": "29 - 228" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:07.312Z - 2021-11-27T18:05:10.261Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"29 - 228\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036310,\"nano\":321000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:10:57.308Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6237,61 +6206,61 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:10:57.308Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "AT", - "type": "PROJECT", - "id": "0" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project creation requested", - "actionI18nKey": "bitbucket.service.project.audit.action.projectcreationrequested", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "AT" } - ] + ], + "method": "Browser", + "type": { + "action": "Project creation requested", + "actionI18nKey": "bitbucket.service.project.audit.action.projectcreationrequested", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.project.audit.action.projectcreationrequested", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project creation requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036657,\"nano\":308000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:10:57.315Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6301,29 +6270,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:10:57.315Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "AT", - "type": "PROJECT", - "id": "3" + "type": "PROJECT" }, { + "id": "2", "name": "admin", - "type": "USER", - "id": "2" + "type": "USER" } ], - "type": { - "area": "PERMISSIONS", - "action": "Project permission granted", - "actionI18nKey": "bitbucket.service.user.audit.action.projectpermissiongranted", - "categoryI18nKey": "bitbucket.service.audit.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -6340,44 +6310,43 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "AT" } - ] + ], + "method": "Browser", + "type": { + "action": "Project permission granted", + "actionI18nKey": "bitbucket.service.user.audit.action.projectpermissiongranted", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "bitbucket.service.audit.category.permissions", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", - "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.projectpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"PROJECT_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"PROJECT_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036657,\"nano\":315000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:10:57.316Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.projectpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"PROJECT_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"PROJECT_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036657,\"nano\":315000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6387,66 +6356,66 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:10:57.316Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "AT", - "type": "PROJECT", - "id": "3" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project created", - "actionI18nKey": "bitbucket.service.project.audit.action.projectcreated", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "AT" } - ] + ], + "method": "Browser", + "type": { + "action": "Project created", + "actionI18nKey": "bitbucket.service.project.audit.action.projectcreated", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", - "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036657,\"nano\":316000000},\"version\":\"1.0\"}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:10:57.333Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036657,\"nano\":316000000},\"version\":\"1.0\"}", + "type": [ + "creation" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6456,24 +6425,25 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:10:57.333Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "AT", - "type": "PROJECT", - "id": "3" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project branch model created", - "actionI18nKey": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "Feature prefix", @@ -6505,37 +6475,36 @@ "nameI18nKey": "bitbucket.branch.audit.attribute.branchmodel.releaseprefix", "value": "release/" } - ] + ], + "method": "Browser", + "type": { + "action": "Project branch model created", + "actionI18nKey": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project branch model created\",\"actionI18nKey\":\"bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Feature prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.featureprefix\",\"value\":\"feature/\"},{\"name\":\"Development branch\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.developmentbranch\",\"value\":\"(default branch)\"},{\"name\":\"Hotfix prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.hotfixprefix\",\"value\":\"hotfix/\"},{\"name\":\"Bugfix prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.bugfixprefix\",\"value\":\"bugfix/\"},{\"name\":\"Production branch\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.productionbranch\",\"value\":\"(none)\"},{\"name\":\"Release prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.releaseprefix\",\"value\":\"release/\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036657,\"nano\":333000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:11:04.913Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6545,71 +6514,71 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:11:04.913Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "END_USER_ACTIVITY", - "action": "Repository accessed by user", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository accessed by user", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", + "area": "END_USER_ACTIVITY", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036664,\"nano\":913000000},\"version\":\"1.0\"}", - "type": [ - "access" - ], "category": [ "web" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:11:09.514Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036664,\"nano\":913000000},\"version\":\"1.0\"}", + "type": [ + "access" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6619,29 +6588,38 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:11:09.514Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" + } + ], + "changed_values": [ + { + "from": "TEST", + "i18nKey": "bitbucket.service.repository.audit.changedvalue.repositorymodification.project", + "key": "Project", + "to": "AT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Repository change requested", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositorymodificationrequested", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -6654,49 +6632,40 @@ "value": "TEST/test2" } ], - "changed_values": [ - { - "from": "TEST", - "to": "AT", - "i18nKey": "bitbucket.service.repository.audit.changedvalue.repositorymodification.project", - "key": "Project" - } - ] + "method": "Browser", + "type": { + "action": "Repository change requested", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositorymodificationrequested", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodificationrequested", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository change requested\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodificationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"TEST\",\"i18nKey\":\"bitbucket.service.repository.audit.changedvalue.repositorymodification.project\",\"key\":\"Project\",\"to\":\"AT\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"old.project\\\":\\\"TEST\\\",\\\"new.project\\\":\\\"AT\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036669,\"nano\":514000000},\"version\":\"1.0\"}", - "type": [ - "change" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:11:09.527Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository change requested\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodificationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"TEST\",\"i18nKey\":\"bitbucket.service.repository.audit.changedvalue.repositorymodification.project\",\"key\":\"Project\",\"to\":\"AT\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"old.project\\\":\\\"TEST\\\",\\\"new.project\\\":\\\"AT\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036669,\"nano\":514000000},\"version\":\"1.0\"}", + "type": [ + "change" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6706,29 +6675,38 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:11:09.527Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "AT", - "type": "PROJECT", - "id": "3" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" + } + ], + "changed_values": [ + { + "from": "TEST", + "i18nKey": "bitbucket.service.repository.audit.changedvalue.repositorymodification.project", + "key": "Project", + "to": "AT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Repository settings changed", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositorymodified", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -6741,49 +6719,40 @@ "value": "AT/test2" } ], - "changed_values": [ - { - "from": "TEST", - "to": "AT", - "i18nKey": "bitbucket.service.repository.audit.changedvalue.repositorymodification.project", - "key": "Project" - } - ] + "method": "Browser", + "type": { + "action": "Repository settings changed", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositorymodified", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodified", - "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository settings changed\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodified\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"TEST\",\"i18nKey\":\"bitbucket.service.repository.audit.changedvalue.repositorymodification.project\",\"key\":\"Project\",\"to\":\"AT\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"old.project\\\":\\\"TEST\\\",\\\"new.project\\\":\\\"AT\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036669,\"nano\":527000000},\"version\":\"1.0\"}", - "type": [ - "change" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:11:09.632Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository settings changed\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodified\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"TEST\",\"i18nKey\":\"bitbucket.service.repository.audit.changedvalue.repositorymodification.project\",\"key\":\"Project\",\"to\":\"AT\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"old.project\\\":\\\"TEST\\\",\\\"new.project\\\":\\\"AT\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036669,\"nano\":527000000},\"version\":\"1.0\"}", + "type": [ + "change" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6793,71 +6762,71 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:11:09.632Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "AT", - "type": "PROJECT", - "id": "3" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "END_USER_ACTIVITY", - "action": "Repository accessed by user", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "AT/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository accessed by user", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositoryaccessed", + "area": "END_USER_ACTIVITY", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036669,\"nano\":632000000},\"version\":\"1.0\"}", - "type": [ - "access" - ], "category": [ "web" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:11:17.550Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036669,\"nano\":632000000},\"version\":\"1.0\"}", + "type": [ + "access" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6867,17 +6836,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:11:17.550Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User logged in", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "FULL" - }, "extra_attributes": [ { "name": "Authentication method", @@ -6889,43 +6859,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User logged in", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "FULL" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036677,\"nano\":550000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:11:17.629Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036677,\"nano\":550000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -6935,17 +6904,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:11:17.629Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Timestamp Range", @@ -6966,37 +6936,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.results", "value": "200" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:09.732Z - 2021-11-27T18:11:17.550Z\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"39 - 238\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036677,\"nano\":629000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:12:40.133Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7006,66 +6975,66 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:12:40.133Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "AT", - "type": "PROJECT", - "id": "3" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Repository deletion requested", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositorydeletionrequested", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "AT/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository deletion requested", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositorydeletionrequested", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositorydeletionrequested", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository deletion requested\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorydeletionrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036760,\"nano\":133000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:12:40.466Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7075,29 +7044,30 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:12:40.466Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "AT", - "type": "PROJECT", - "id": "3" + "type": "PROJECT" }, { + "id": "1", "name": "test2", - "type": "REPOSITORY", - "id": "1" + "type": "REPOSITORY" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Repository deleted", - "actionI18nKey": "bitbucket.service.repository.audit.action.repositorydeleted", - "categoryI18nKey": "bitbucket.service.audit.category.repositories", - "category": "Repositories", - "level": "BASE" - }, "extra_attributes": [ { "name": "details", @@ -7109,42 +7079,41 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "AT/test2" } - ] + ], + "method": "Browser", + "type": { + "action": "Repository deleted", + "actionI18nKey": "bitbucket.service.repository.audit.action.repositorydeleted", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Repositories", + "categoryI18nKey": "bitbucket.service.audit.category.repositories", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.repository.audit.action.repositorydeleted", - "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository deleted\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorydeleted\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"project\\\":\\\"AT\\\",\\\"repository\\\":\\\"test2\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036760,\"nano\":466000000},\"version\":\"1.0\"}", - "type": [ - "deletion" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:12:44.207Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository deleted\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorydeleted\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"project\\\":\\\"AT\\\",\\\"repository\\\":\\\"test2\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036760,\"nano\":466000000},\"version\":\"1.0\"}", + "type": [ + "deletion" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7154,17 +7123,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:12:44.207Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User logged in", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "FULL" - }, "extra_attributes": [ { "name": "Authentication method", @@ -7176,43 +7146,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User logged in", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "FULL" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036764,\"nano\":207000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:12:44.262Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036764,\"nano\":207000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7222,17 +7191,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:12:44.262Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -7253,37 +7223,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-27T17:29:09.967Z - 2021-11-27T18:12:44.207Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"43 - 242\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:09.967Z - 2021-11-27T18:12:44.207Z\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036764,\"nano\":262000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:13:19.888Z", - "ecs": { - "version": "8.2.0" + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7293,66 +7262,66 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:13:19.888Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "AT", - "type": "PROJECT", - "id": "3" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project deletion requested", - "actionI18nKey": "bitbucket.service.project.audit.action.projectdeletionrequested", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "AT" } - ] + ], + "method": "Browser", + "type": { + "action": "Project deletion requested", + "actionI18nKey": "bitbucket.service.project.audit.action.projectdeletionrequested", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.project.audit.action.projectdeletionrequested", - "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project deletion requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectdeletionrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036799,\"nano\":888000000},\"version\":\"1.0\"}", - "type": [ - "deletion" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:13:19.960Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project deletion requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectdeletionrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036799,\"nano\":888000000},\"version\":\"1.0\"}", + "type": [ + "deletion" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7362,66 +7331,66 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:13:19.960Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "3", "name": "AT", - "type": "PROJECT", - "id": "3" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project deleted", - "actionI18nKey": "bitbucket.service.project.audit.action.projectdeleted", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "AT" } - ] + ], + "method": "Browser", + "type": { + "action": "Project deleted", + "actionI18nKey": "bitbucket.service.project.audit.action.projectdeleted", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.project.audit.action.projectdeleted", - "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project deleted\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectdeleted\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036799,\"nano\":960000000},\"version\":\"1.0\"}", - "type": [ - "deletion" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:13:24.368Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project deleted\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectdeleted\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036799,\"nano\":960000000},\"version\":\"1.0\"}", + "type": [ + "deletion" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7431,17 +7400,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:13:24.368Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User logged in", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "FULL" - }, "extra_attributes": [ { "name": "Authentication method", @@ -7453,43 +7423,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User logged in", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "FULL" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036804,\"nano\":368000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:13:24.428Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036804,\"nano\":368000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7499,17 +7468,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:13:24.428Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -7530,37 +7500,36 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-27T17:29:10.643Z - 2021-11-27T18:13:24.368Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"47 - 246\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:10.643Z - 2021-11-27T18:13:24.368Z\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036804,\"nano\":428000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:14:14.900Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"47 - 246\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:10.643Z - 2021-11-27T18:13:24.368Z\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036804,\"nano\":428000000},\"version\":\"1.0\"}", + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7570,66 +7539,66 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:14:14.900Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project settings change requested", - "actionI18nKey": "bitbucket.service.project.audit.action.projectmodificationrequested", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "TEST" } - ] + ], + "method": "Browser", + "type": { + "action": "Project settings change requested", + "actionI18nKey": "bitbucket.service.project.audit.action.projectmodificationrequested", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.project.audit.action.projectmodificationrequested", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project settings change requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectmodificationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036854,\"nano\":900000000},\"version\":\"1.0\"}", - "type": [ - "change" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:14:14.978Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project settings change requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectmodificationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036854,\"nano\":900000000},\"version\":\"1.0\"}", + "type": [ + "change" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7639,24 +7608,38 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:14:14.978Z", "bitbucket": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2", "name": "TEST", - "type": "PROJECT", - "id": "2" + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "Test", + "i18nKey": "bitbucket.service.project.audit.changedvalue.projectmodified.name", + "key": "Name", + "to": "Test1" + }, + { + "i18nKey": "bitbucket.service.project.audit.changedvalue.projectmodified.description", + "key": "Description", + "to": "sdasdfasdf" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project settings changed", - "actionI18nKey": "bitbucket.service.project.audit.action.projectmodified", - "categoryI18nKey": "bitbucket.service.audit.category.projects", - "category": "Projects", - "level": "BASE" - }, "extra_attributes": [ { "name": "target", @@ -7669,54 +7652,40 @@ "value": "{\"old.name\":\"Test\",\"new.name\":\"Test1\",\"old.description\":null,\"new.description\":\"sdasdfasdf\"}" } ], - "changed_values": [ - { - "from": "Test", - "to": "Test1", - "i18nKey": "bitbucket.service.project.audit.changedvalue.projectmodified.name", - "key": "Name" - }, - { - "i18nKey": "bitbucket.service.project.audit.changedvalue.projectmodified.description", - "key": "Description", - "to": "sdasdfasdf" - } - ] + "method": "Browser", + "type": { + "action": "Project settings changed", + "actionI18nKey": "bitbucket.service.project.audit.action.projectmodified", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "Projects", + "categoryI18nKey": "bitbucket.service.audit.category.projects", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "bitbucket.service.project.audit.action.projectmodified", - "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project settings changed\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectmodified\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"Test\",\"i18nKey\":\"bitbucket.service.project.audit.changedvalue.projectmodified.name\",\"key\":\"Name\",\"to\":\"Test1\"},{\"i18nKey\":\"bitbucket.service.project.audit.changedvalue.projectmodified.description\",\"key\":\"Description\",\"to\":\"sdasdfasdf\"}],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"old.name\\\":\\\"Test\\\",\\\"new.name\\\":\\\"Test1\\\",\\\"old.description\\\":null,\\\"new.description\\\":\\\"sdasdfasdf\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036854,\"nano\":978000000},\"version\":\"1.0\"}", - "type": [ - "change" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:14:18.395Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project settings changed\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectmodified\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"Test\",\"i18nKey\":\"bitbucket.service.project.audit.changedvalue.projectmodified.name\",\"key\":\"Name\",\"to\":\"Test1\"},{\"i18nKey\":\"bitbucket.service.project.audit.changedvalue.projectmodified.description\",\"key\":\"Description\",\"to\":\"sdasdfasdf\"}],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"old.name\\\":\\\"Test\\\",\\\"new.name\\\":\\\"Test1\\\",\\\"old.description\\\":null,\\\"new.description\\\":\\\"sdasdfasdf\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036854,\"nano\":978000000},\"version\":\"1.0\"}", + "type": [ + "change" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7726,17 +7695,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:14:18.395Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "SECURITY", - "action": "User logged in", - "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", - "categoryI18nKey": "bitbucket.service.audit.category.authentication", - "category": "Authentication", - "level": "FULL" - }, "extra_attributes": [ { "name": "Authentication method", @@ -7748,43 +7718,42 @@ "nameI18nKey": "bitbucket.audit.attribute.legacy.target", "value": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User logged in", + "actionI18nKey": "bitbucket.service.user.audit.action.authenticationsuccess", + "area": "SECURITY", + "category": "Authentication", + "categoryI18nKey": "bitbucket.service.audit.category.authentication", + "level": "FULL" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036858,\"nano\":395000000},\"version\":\"1.0\"}", - "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin", - "id": "2" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-11-27T18:14:18.451Z", - "ecs": { - "version": "8.2.0" + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036858,\"nano\":395000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, "related": { - "user": [ - "admin" - ], "hosts": [ "bitbucket.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin" ] }, "service": { @@ -7794,17 +7763,18 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "2", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-27T18:14:18.451Z", "bitbucket": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -7825,22 +7795,52 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-27T17:29:10.661Z - 2021-11-27T18:14:18.395Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"51 - 250\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:10.661Z - 2021-11-27T18:14:18.395Z\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036858,\"nano\":451000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "admin", - "id": "2" + "related": { + "hosts": [ + "bitbucket.internal" + ], + "ip": [ + "10.100.100.2" + ], + "user": [ + "admin" + ] + }, + "service": { + "address": "http://bitbucket.internal:7990" + }, + "source": { + "address": "10.100.100.2", + "ip": "10.100.100.2" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "id": "2", + "name": "admin" + } } ] } \ No newline at end of file diff --git a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 685ebbd62df..701fc65fc9a 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing sample logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_bitbucket/data_stream/audit/sample_event.json b/packages/atlassian_bitbucket/data_stream/audit/sample_event.json index e8163536d90..26cbb75ae7e 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/sample_event.json +++ b/packages/atlassian_bitbucket/data_stream/audit/sample_event.json @@ -38,7 +38,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_bitbucket/docs/README.md b/packages/atlassian_bitbucket/docs/README.md index 374e23b4c2f..429e905e18a 100644 --- a/packages/atlassian_bitbucket/docs/README.md +++ b/packages/atlassian_bitbucket/docs/README.md @@ -149,7 +149,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_bitbucket/manifest.yml b/packages/atlassian_bitbucket/manifest.yml index 41936ae849a..d4de97b5879 100644 --- a/packages/atlassian_bitbucket/manifest.yml +++ b/packages/atlassian_bitbucket/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_bitbucket title: Atlassian Bitbucket -version: 1.2.2 +version: "1.3.0" license: basic description: Collect logs from Atlassian Bitbucket with Elastic Agent. type: integration diff --git a/packages/atlassian_confluence/_dev/build/build.yml b/packages/atlassian_confluence/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/atlassian_confluence/_dev/build/build.yml +++ b/packages/atlassian_confluence/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml index ba233dd023d..571183307d1 100644 --- a/packages/atlassian_confluence/changelog.yml +++ b/packages/atlassian_confluence/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.0" changes: - description: Add support for Atlassian Confluence Cloud diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 74a2bf84356..79b334e4784 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -117,7 +117,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -199,7 +199,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -281,7 +281,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -363,7 +363,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -445,7 +445,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -527,7 +527,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -609,7 +609,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -691,7 +691,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -783,7 +783,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -882,7 +882,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -981,7 +981,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1073,7 +1073,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1172,7 +1172,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1271,7 +1271,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1370,7 +1370,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1462,7 +1462,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1561,7 +1561,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1660,7 +1660,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1759,7 +1759,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1851,7 +1851,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1950,7 +1950,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2049,7 +2049,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2148,7 +2148,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2240,7 +2240,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2339,7 +2339,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2438,7 +2438,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2537,7 +2537,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2629,7 +2629,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2728,7 +2728,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2827,7 +2827,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2926,7 +2926,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3018,7 +3018,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3117,7 +3117,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3216,7 +3216,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3315,7 +3315,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3407,7 +3407,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3506,7 +3506,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3605,7 +3605,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3704,7 +3704,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3796,7 +3796,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3895,7 +3895,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3994,7 +3994,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4093,7 +4093,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4192,7 +4192,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4291,7 +4291,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4383,7 +4383,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4482,7 +4482,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4581,7 +4581,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4680,7 +4680,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4772,7 +4772,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4871,7 +4871,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4970,7 +4970,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5069,7 +5069,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5161,7 +5161,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5260,7 +5260,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5359,7 +5359,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5458,7 +5458,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5550,7 +5550,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5649,7 +5649,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5748,7 +5748,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5847,7 +5847,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5941,7 +5941,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6028,7 +6028,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6115,7 +6115,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6202,7 +6202,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6289,7 +6289,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6376,7 +6376,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6463,7 +6463,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6543,7 +6543,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6630,7 +6630,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6717,7 +6717,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6804,7 +6804,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6891,7 +6891,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6978,7 +6978,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7058,7 +7058,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7145,7 +7145,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7232,7 +7232,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7319,7 +7319,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7399,7 +7399,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7486,7 +7486,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7573,7 +7573,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7660,7 +7660,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7740,7 +7740,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7827,7 +7827,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7914,7 +7914,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8001,7 +8001,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8081,7 +8081,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8168,7 +8168,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8255,7 +8255,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8342,7 +8342,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8422,7 +8422,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8509,7 +8509,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8596,7 +8596,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8683,7 +8683,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8763,7 +8763,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8850,7 +8850,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8937,7 +8937,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9024,7 +9024,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9104,7 +9104,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9184,7 +9184,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9271,7 +9271,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9358,7 +9358,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9445,7 +9445,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9525,7 +9525,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9612,7 +9612,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9699,7 +9699,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9786,7 +9786,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9873,7 +9873,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9960,7 +9960,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10040,7 +10040,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10127,7 +10127,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10214,7 +10214,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10301,7 +10301,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10381,7 +10381,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10481,7 +10481,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.config.updated", @@ -10555,7 +10555,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.import", @@ -10638,7 +10638,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10721,7 +10721,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10804,7 +10804,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10887,7 +10887,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10970,7 +10970,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -11038,7 +11038,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -11113,7 +11113,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11208,7 +11208,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11296,7 +11296,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11391,7 +11391,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11486,7 +11486,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11574,7 +11574,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11669,7 +11669,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11764,7 +11764,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11852,7 +11852,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11947,7 +11947,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12042,7 +12042,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12130,7 +12130,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12225,7 +12225,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12320,7 +12320,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12408,7 +12408,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12503,7 +12503,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12598,7 +12598,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12686,7 +12686,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12781,7 +12781,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12876,7 +12876,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12964,7 +12964,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13059,7 +13059,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13154,7 +13154,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13242,7 +13242,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13337,7 +13337,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13432,7 +13432,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13527,7 +13527,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13615,7 +13615,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13710,7 +13710,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13805,7 +13805,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13893,7 +13893,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13988,7 +13988,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14083,7 +14083,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14171,7 +14171,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14266,7 +14266,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14361,7 +14361,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14449,7 +14449,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14544,7 +14544,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14639,7 +14639,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14717,7 +14717,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -14805,7 +14805,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -14909,7 +14909,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.user.created", @@ -15006,7 +15006,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15090,7 +15090,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15174,7 +15174,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15258,7 +15258,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15342,7 +15342,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15426,7 +15426,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15510,7 +15510,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15594,7 +15594,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15666,7 +15666,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -15741,7 +15741,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -15906,7 +15906,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.directory.added", @@ -15971,7 +15971,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.import", @@ -16034,7 +16034,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -16097,7 +16097,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -16170,7 +16170,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.user.renamed", @@ -16241,7 +16241,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.user.updated", @@ -16318,7 +16318,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.user.updated", diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index 42471b4aa91..926405ae2bd 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Space logo uploaded", @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Space logo uploaded", @@ -128,7 +128,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Space logo uploaded", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Space configuration updated", @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Space created", @@ -364,7 +364,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Space configuration updated", @@ -446,7 +446,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Space created", @@ -505,7 +505,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -579,7 +579,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -666,7 +666,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User created", @@ -734,7 +734,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -820,7 +820,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User created", @@ -887,7 +887,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -961,7 +961,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1035,7 +1035,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1109,7 +1109,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1179,7 +1179,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Group created", @@ -1247,7 +1247,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1321,7 +1321,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1395,7 +1395,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1465,7 +1465,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Group created", @@ -1533,7 +1533,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1607,7 +1607,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1681,7 +1681,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1755,7 +1755,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1825,7 +1825,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Group created", @@ -1911,7 +1911,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Space configuration updated", @@ -1988,7 +1988,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Space created", @@ -2047,7 +2047,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -2121,7 +2121,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -2208,7 +2208,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User created", @@ -2276,7 +2276,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -2354,7 +2354,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User details updated", @@ -2411,7 +2411,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User deactivated", @@ -2477,7 +2477,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Page archived", @@ -2540,7 +2540,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User details updated", @@ -2597,7 +2597,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User deactivated", diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 8b3150d65d1..9fbb2362fd9 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -22,7 +22,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.import", @@ -310,7 +310,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.directory.added", @@ -376,7 +376,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -452,7 +452,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -540,7 +540,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -625,7 +625,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -710,7 +710,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -795,7 +795,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -880,7 +880,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -965,7 +965,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -1050,7 +1050,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -1135,7 +1135,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -1230,7 +1230,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.user.created", @@ -1321,7 +1321,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -1409,7 +1409,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -1514,7 +1514,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1609,7 +1609,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1698,7 +1698,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1793,7 +1793,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1888,7 +1888,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1977,7 +1977,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2072,7 +2072,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2256,7 +2256,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2351,7 +2351,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2446,7 +2446,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2535,7 +2535,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2630,7 +2630,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2725,7 +2725,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2820,7 +2820,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2909,7 +2909,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3004,7 +3004,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3099,7 +3099,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3188,7 +3188,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3283,7 +3283,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3378,7 +3378,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3467,7 +3467,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3562,7 +3562,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3657,7 +3657,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3746,7 +3746,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3841,7 +3841,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3936,7 +3936,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4025,7 +4025,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4120,7 +4120,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4215,7 +4215,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4304,7 +4304,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4399,7 +4399,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4494,7 +4494,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4583,7 +4583,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4678,7 +4678,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4773,7 +4773,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4862,7 +4862,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4957,7 +4957,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5052,7 +5052,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5125,7 +5125,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -5192,7 +5192,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -5273,7 +5273,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -5345,7 +5345,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.global.settings.edited", @@ -5439,7 +5439,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.user.created", @@ -5530,7 +5530,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -5618,7 +5618,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -5715,7 +5715,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 7f4e052ebcc..8c11f4cf67c 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Atlassian Confluence audit logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_confluence/data_stream/audit/sample_event.json b/packages/atlassian_confluence/data_stream/audit/sample_event.json index 9ebea4db129..bac79773838 100644 --- a/packages/atlassian_confluence/data_stream/audit/sample_event.json +++ b/packages/atlassian_confluence/data_stream/audit/sample_event.json @@ -45,7 +45,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_confluence/docs/README.md b/packages/atlassian_confluence/docs/README.md index 76f79e3e1e1..3bc67819c1c 100644 --- a/packages/atlassian_confluence/docs/README.md +++ b/packages/atlassian_confluence/docs/README.md @@ -162,7 +162,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_confluence/manifest.yml b/packages/atlassian_confluence/manifest.yml index 376a218f08e..6464e65fbee 100644 --- a/packages/atlassian_confluence/manifest.yml +++ b/packages/atlassian_confluence/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_confluence title: Atlassian Confluence -version: 1.3.0 +version: "1.4.0" license: basic description: Collect logs from Atlassian Confluence with Elastic Agent. type: integration diff --git a/packages/atlassian_jira/_dev/build/build.yml b/packages/atlassian_jira/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/atlassian_jira/_dev/build/build.yml +++ b/packages/atlassian_jira/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml index 395bf8bd937..295cb6fcaa8 100644 --- a/packages/atlassian_jira/changelog.yml +++ b/packages/atlassian_jira/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.0" changes: - description: Add support for Atlassian JIRA Cloud diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index ce2c181c9d2..c6b05d3f6ab 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-22T00:34:47.536Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -84,7 +84,7 @@ { "@timestamp": "2021-11-22T00:34:40.008Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -165,7 +165,7 @@ { "@timestamp": "2021-11-22T00:34:23.154Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "personal.access.tokens.audit.log.summary.token.created", @@ -234,7 +234,7 @@ { "@timestamp": "2021-11-22T00:32:20.234Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -303,7 +303,7 @@ { "@timestamp": "2021-11-22T00:31:52.991Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -372,7 +372,7 @@ { "@timestamp": "2021-11-22T00:31:37.412Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -441,7 +441,7 @@ { "@timestamp": "2021-11-22T00:31:26.455Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -510,7 +510,7 @@ { "@timestamp": "2021-11-22T00:30:59.449Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -579,7 +579,7 @@ { "@timestamp": "2021-11-22T00:26:03.206Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -648,7 +648,7 @@ { "@timestamp": "2021-11-22T00:12:02.856Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -717,7 +717,7 @@ { "@timestamp": "2021-11-22T00:08:34.545Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.version.created", @@ -786,7 +786,7 @@ { "@timestamp": "2021-11-22T00:08:34.543Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.version.created", @@ -860,7 +860,7 @@ { "@timestamp": "2021-11-22T00:08:34.535Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.version.released", @@ -922,7 +922,7 @@ { "@timestamp": "2021-11-22T00:08:34.521Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.version.created", @@ -996,7 +996,7 @@ { "@timestamp": "2021-11-22T00:08:34.506Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.project.roles.changed", @@ -1064,7 +1064,7 @@ { "@timestamp": "2021-11-22T00:08:34.297Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.project.created", @@ -1157,7 +1157,7 @@ { "@timestamp": "2021-11-22T00:08:34.266Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", @@ -1219,7 +1219,7 @@ { "@timestamp": "2021-11-22T00:08:34.249Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", @@ -1287,7 +1287,7 @@ { "@timestamp": "2021-11-22T00:08:34.243Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1355,7 +1355,7 @@ { "@timestamp": "2021-11-22T00:08:34.241Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1423,7 +1423,7 @@ { "@timestamp": "2021-11-22T00:08:34.239Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1491,7 +1491,7 @@ { "@timestamp": "2021-11-22T00:08:34.236Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1559,7 +1559,7 @@ { "@timestamp": "2021-11-22T00:08:34.235Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1627,7 +1627,7 @@ { "@timestamp": "2021-11-22T00:08:34.233Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1695,7 +1695,7 @@ { "@timestamp": "2021-11-22T00:08:34.231Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1768,7 +1768,7 @@ { "@timestamp": "2021-11-22T00:08:34.229Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1836,7 +1836,7 @@ { "@timestamp": "2021-11-22T00:08:34.227Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1909,7 +1909,7 @@ { "@timestamp": "2021-11-22T00:08:34.225Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1977,7 +1977,7 @@ { "@timestamp": "2021-11-22T00:08:34.223Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2045,7 +2045,7 @@ { "@timestamp": "2021-11-22T00:08:34.221Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2118,7 +2118,7 @@ { "@timestamp": "2021-11-22T00:08:34.219Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2186,7 +2186,7 @@ { "@timestamp": "2021-11-22T00:08:34.217Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2259,7 +2259,7 @@ { "@timestamp": "2021-11-22T00:08:34.215Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2327,7 +2327,7 @@ { "@timestamp": "2021-11-22T00:08:34.212Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2400,7 +2400,7 @@ { "@timestamp": "2021-11-22T00:08:34.210Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2473,7 +2473,7 @@ { "@timestamp": "2021-11-22T00:08:34.208Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2541,7 +2541,7 @@ { "@timestamp": "2021-11-22T00:08:34.204Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2614,7 +2614,7 @@ { "@timestamp": "2021-11-22T00:08:34.190Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2682,7 +2682,7 @@ { "@timestamp": "2021-11-22T00:08:34.187Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2750,7 +2750,7 @@ { "@timestamp": "2021-11-22T00:08:34.184Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2823,7 +2823,7 @@ { "@timestamp": "2021-11-22T00:08:34.182Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2891,7 +2891,7 @@ { "@timestamp": "2021-11-22T00:08:34.180Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2959,7 +2959,7 @@ { "@timestamp": "2021-11-22T00:08:34.178Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3027,7 +3027,7 @@ { "@timestamp": "2021-11-22T00:08:34.176Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3095,7 +3095,7 @@ { "@timestamp": "2021-11-22T00:08:34.174Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3163,7 +3163,7 @@ { "@timestamp": "2021-11-22T00:08:34.173Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3236,7 +3236,7 @@ { "@timestamp": "2021-11-22T00:08:34.171Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3304,7 +3304,7 @@ { "@timestamp": "2021-11-22T00:08:34.168Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3372,7 +3372,7 @@ { "@timestamp": "2021-11-22T00:08:34.166Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3440,7 +3440,7 @@ { "@timestamp": "2021-11-22T00:08:34.165Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3508,7 +3508,7 @@ { "@timestamp": "2021-11-22T00:08:34.163Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3576,7 +3576,7 @@ { "@timestamp": "2021-11-22T00:08:34.151Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3644,7 +3644,7 @@ { "@timestamp": "2021-11-22T00:08:34.142Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.created", @@ -3712,7 +3712,7 @@ { "@timestamp": "2021-11-22T00:08:34.072Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Board created", @@ -3774,7 +3774,7 @@ { "@timestamp": "2021-11-22T00:08:33.887Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.filter.created", @@ -3869,7 +3869,7 @@ { "@timestamp": "2021-11-22T00:08:33.746Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", @@ -3931,7 +3931,7 @@ { "@timestamp": "2021-11-22T00:08:33.732Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.workflow.scheme.created", @@ -3999,7 +3999,7 @@ { "@timestamp": "2021-11-22T00:08:33.710Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.workflow.created", @@ -4077,7 +4077,7 @@ { "@timestamp": "2021-11-22T00:08:33.537Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4140,7 +4140,7 @@ { "@timestamp": "2021-11-22T00:08:33.536Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4203,7 +4203,7 @@ { "@timestamp": "2021-11-22T00:08:33.535Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4266,7 +4266,7 @@ { "@timestamp": "2021-11-22T00:08:33.534Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4329,7 +4329,7 @@ { "@timestamp": "2021-11-22T00:07:09.088Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4402,7 +4402,7 @@ { "@timestamp": "2021-11-22T00:07:09.037Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -4462,7 +4462,7 @@ { "@timestamp": "2021-11-22T00:07:02.794Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4535,7 +4535,7 @@ { "@timestamp": "2021-11-22T00:07:02.725Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4608,7 +4608,7 @@ { "@timestamp": "2021-11-22T00:07:02.694Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4681,7 +4681,7 @@ { "@timestamp": "2021-11-22T00:07:01.669Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4754,7 +4754,7 @@ { "@timestamp": "2021-11-22T00:07:01.644Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4827,7 +4827,7 @@ { "@timestamp": "2021-11-22T00:06:59.522Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4900,7 +4900,7 @@ { "@timestamp": "2021-11-22T00:06:59.485Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -4960,7 +4960,7 @@ { "@timestamp": "2021-11-22T00:06:59.340Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5016,7 +5016,7 @@ { "@timestamp": "2021-11-22T00:06:59.332Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5072,7 +5072,7 @@ { "@timestamp": "2021-11-22T00:06:59.313Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5140,7 +5140,7 @@ { "@timestamp": "2021-11-22T00:06:59.266Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5213,7 +5213,7 @@ { "@timestamp": "2021-11-22T00:06:59.224Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5286,7 +5286,7 @@ { "@timestamp": "2021-11-22T00:06:58.990Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5342,7 +5342,7 @@ { "@timestamp": "2021-11-22T00:06:58.974Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5410,7 +5410,7 @@ { "@timestamp": "2021-11-22T00:06:58.318Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5478,7 +5478,7 @@ { "@timestamp": "2021-11-22T00:06:57.162Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5551,7 +5551,7 @@ { "@timestamp": "2021-11-22T00:06:57.158Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5624,7 +5624,7 @@ { "@timestamp": "2021-11-22T00:06:57.138Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5697,7 +5697,7 @@ { "@timestamp": "2021-11-22T00:06:49.756Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -5772,7 +5772,7 @@ { "@timestamp": "2021-11-22T00:06:49.754Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5845,7 +5845,7 @@ { "@timestamp": "2021-11-22T00:06:49.752Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5918,7 +5918,7 @@ { "@timestamp": "2021-11-22T00:06:49.751Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5991,7 +5991,7 @@ { "@timestamp": "2021-11-22T00:06:49.750Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6064,7 +6064,7 @@ { "@timestamp": "2021-11-22T00:06:49.734Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -6139,7 +6139,7 @@ { "@timestamp": "2021-11-22T00:06:49.600Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.created", @@ -6233,7 +6233,7 @@ { "@timestamp": "2021-11-22T00:05:08.596Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.system.license.added", @@ -6325,7 +6325,7 @@ { "@timestamp": "2021-11-22T00:05:08.584Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6398,7 +6398,7 @@ { "@timestamp": "2021-11-22T00:05:08.583Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6471,7 +6471,7 @@ { "@timestamp": "2021-11-22T00:05:08.581Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6544,7 +6544,7 @@ { "@timestamp": "2021-11-22T00:05:08.579Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6617,7 +6617,7 @@ { "@timestamp": "2021-11-22T00:05:08.514Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.group.created", @@ -6681,7 +6681,7 @@ { "@timestamp": "2021-11-28T18:18:26.076Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.renamed", @@ -6752,7 +6752,7 @@ { "@timestamp": "2021-11-28T18:23:20.278Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.updated", @@ -6830,7 +6830,7 @@ { "@timestamp": "2021-11-28T18:23:13.741Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.updated", diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index 4ad5d9433ca..07770adf83e 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-01-24T08:48:05.645Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project deleted", @@ -34,7 +34,7 @@ { "@timestamp": "2022-01-24T08:48:05.316Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme deleted", @@ -65,7 +65,7 @@ { "@timestamp": "2022-01-24T08:48:05.097Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme updated", @@ -108,7 +108,7 @@ { "@timestamp": "2022-01-24T08:48:04.939Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme updated", @@ -151,7 +151,7 @@ { "@timestamp": "2022-01-24T08:48:04.716Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme updated", @@ -194,7 +194,7 @@ { "@timestamp": "2022-01-24T08:48:04.530Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme updated", @@ -237,7 +237,7 @@ { "@timestamp": "2022-01-24T08:48:04.167Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme updated", @@ -280,7 +280,7 @@ { "@timestamp": "2022-01-24T08:48:04.020Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow scheme deleted", @@ -311,7 +311,7 @@ { "@timestamp": "2022-01-24T08:48:03.965Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow deleted", @@ -342,7 +342,7 @@ { "@timestamp": "2022-01-24T08:48:03.371Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Notification scheme deleted", @@ -373,7 +373,7 @@ { "@timestamp": "2022-01-24T08:48:03.355Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project role deleted", @@ -404,7 +404,7 @@ { "@timestamp": "2022-01-24T08:48:03.339Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project role deleted", @@ -435,7 +435,7 @@ { "@timestamp": "2022-01-24T08:48:03.322Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project role deleted", @@ -466,7 +466,7 @@ { "@timestamp": "2022-01-24T08:48:03.305Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project role deleted", @@ -497,7 +497,7 @@ { "@timestamp": "2022-01-24T08:48:03.259Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Issue Security scheme deleted", @@ -528,7 +528,7 @@ { "@timestamp": "2022-01-24T08:48:03.223Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Permission scheme deleted", @@ -559,7 +559,7 @@ { "@timestamp": "2022-01-18T08:43:02.838Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -618,7 +618,7 @@ { "@timestamp": "2022-01-18T08:43:02.768Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -677,7 +677,7 @@ { "@timestamp": "2022-01-18T08:43:02.602Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User created", @@ -734,7 +734,7 @@ { "@timestamp": "2022-01-14T16:37:07.126Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -793,7 +793,7 @@ { "@timestamp": "2022-01-14T16:37:07.019Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User created", @@ -850,7 +850,7 @@ { "@timestamp": "2022-01-10T12:44:41.065Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User's password changed", @@ -904,7 +904,7 @@ { "@timestamp": "2022-01-06T09:49:07.418Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow updated", @@ -947,7 +947,7 @@ { "@timestamp": "2022-01-05T07:23:49.369Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow updated", @@ -981,7 +981,7 @@ { "@timestamp": "2022-01-05T07:23:49.162Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow updated", @@ -1024,7 +1024,7 @@ { "@timestamp": "2021-12-13T14:10:35.436Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow updated", @@ -1067,7 +1067,7 @@ { "@timestamp": "2021-12-10T11:57:29.971Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User's password changed", @@ -1121,7 +1121,7 @@ { "@timestamp": "2021-12-10T11:53:37.982Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User created", @@ -1198,7 +1198,7 @@ { "@timestamp": "2021-12-10T11:52:39.940Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Customer invited notification changed", @@ -1261,7 +1261,7 @@ { "@timestamp": "2021-12-07T17:15:05.069Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User created", @@ -1338,7 +1338,7 @@ { "@timestamp": "2021-12-07T17:03:54.188Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Customer permissions changed", @@ -1401,7 +1401,7 @@ { "@timestamp": "2021-12-07T16:56:48.122Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Request type deleted", @@ -1483,7 +1483,7 @@ { "@timestamp": "2021-12-07T16:56:24.940Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Request type deleted", @@ -1565,7 +1565,7 @@ { "@timestamp": "2021-12-07T16:56:07.861Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Request type deleted", @@ -1647,7 +1647,7 @@ { "@timestamp": "2021-12-07T16:54:03.906Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Request type deleted", @@ -1729,7 +1729,7 @@ { "@timestamp": "2021-12-07T16:46:02.950Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1788,7 +1788,7 @@ { "@timestamp": "2021-12-07T16:46:02.944Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1847,7 +1847,7 @@ { "@timestamp": "2021-12-07T16:46:02.939Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1906,7 +1906,7 @@ { "@timestamp": "2021-12-07T16:46:02.932Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User added to group", @@ -1965,7 +1965,7 @@ { "@timestamp": "2021-12-07T16:45:24.007Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Group created", @@ -2006,7 +2006,7 @@ { "@timestamp": "2021-12-07T16:29:41.490Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project created", @@ -2099,7 +2099,7 @@ { "@timestamp": "2021-12-07T16:29:38.789Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Custom email channel turned on", @@ -2165,7 +2165,7 @@ { "@timestamp": "2021-12-07T16:29:38.773Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud Email settings created", @@ -2221,7 +2221,7 @@ { "@timestamp": "2021-12-07T16:29:38.426Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud email channel turned on", @@ -2287,7 +2287,7 @@ { "@timestamp": "2021-12-07T16:29:36.956Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -2376,7 +2376,7 @@ { "@timestamp": "2021-12-07T16:29:36.930Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -2465,7 +2465,7 @@ { "@timestamp": "2021-12-07T16:29:36.903Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -2554,7 +2554,7 @@ { "@timestamp": "2021-12-07T16:29:36.877Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -2643,7 +2643,7 @@ { "@timestamp": "2021-12-07T16:29:36.849Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -2732,7 +2732,7 @@ { "@timestamp": "2021-12-07T16:29:36.823Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -2821,7 +2821,7 @@ { "@timestamp": "2021-12-07T16:29:36.797Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -2910,7 +2910,7 @@ { "@timestamp": "2021-12-07T16:29:36.770Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -2999,7 +2999,7 @@ { "@timestamp": "2021-12-07T16:29:36.743Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -3088,7 +3088,7 @@ { "@timestamp": "2021-12-07T16:29:36.717Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -3177,7 +3177,7 @@ { "@timestamp": "2021-12-07T16:29:36.691Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -3266,7 +3266,7 @@ { "@timestamp": "2021-12-07T16:29:36.664Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -3355,7 +3355,7 @@ { "@timestamp": "2021-12-07T16:29:36.637Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -3444,7 +3444,7 @@ { "@timestamp": "2021-12-07T16:29:36.609Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -3533,7 +3533,7 @@ { "@timestamp": "2021-12-07T16:29:36.561Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -3622,7 +3622,7 @@ { "@timestamp": "2021-12-07T16:29:36.529Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Project component created", @@ -3711,7 +3711,7 @@ { "@timestamp": "2021-12-07T16:29:36.499Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow scheme added to project", @@ -3771,7 +3771,7 @@ { "@timestamp": "2021-12-07T16:29:36.468Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow updated", @@ -3833,7 +3833,7 @@ { "@timestamp": "2021-12-07T16:29:36.448Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow updated", @@ -3888,7 +3888,7 @@ { "@timestamp": "2021-12-07T16:29:36.421Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow created", @@ -3954,7 +3954,7 @@ { "@timestamp": "2021-12-07T16:29:36.329Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow updated", @@ -4016,7 +4016,7 @@ { "@timestamp": "2021-12-07T16:29:36.310Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow updated", @@ -4071,7 +4071,7 @@ { "@timestamp": "2021-12-07T16:29:36.283Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow created", @@ -4137,7 +4137,7 @@ { "@timestamp": "2021-12-07T16:29:36.186Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow updated", @@ -4199,7 +4199,7 @@ { "@timestamp": "2021-11-18T10:58:11.410Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4266,7 +4266,7 @@ { "@timestamp": "2021-11-18T10:58:11.132Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4333,7 +4333,7 @@ { "@timestamp": "2021-11-18T10:58:10.771Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow scheme added to project", @@ -4393,7 +4393,7 @@ { "@timestamp": "2021-11-18T10:58:10.754Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow scheme created", @@ -4459,7 +4459,7 @@ { "@timestamp": "2021-11-18T10:58:10.744Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Workflow created", @@ -4521,7 +4521,7 @@ { "@timestamp": "2021-11-18T10:58:10.473Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4588,7 +4588,7 @@ { "@timestamp": "2021-11-18T10:58:10.265Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4657,7 +4657,7 @@ { "@timestamp": "2021-11-18T10:58:10.174Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme added to project", @@ -4717,7 +4717,7 @@ { "@timestamp": "2021-11-18T10:58:10.146Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Field Configuration scheme created", @@ -4784,7 +4784,7 @@ { "@timestamp": "2021-11-18T10:58:10.114Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Issue Security scheme added to project", @@ -4844,7 +4844,7 @@ { "@timestamp": "2021-11-18T10:58:10.062Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Permission scheme added to project", @@ -4904,7 +4904,7 @@ { "@timestamp": "2021-11-17T16:00:37.374Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User updated", @@ -4951,7 +4951,7 @@ { "@timestamp": "2021-11-16T09:25:56.725Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "User updated", @@ -4998,7 +4998,7 @@ { "@timestamp": "2021-11-16T08:48:05.867Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Custom field created", diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 35f6a66d5c8..7f79d3d97d3 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-22T00:05:08.514Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.group.created", @@ -68,7 +68,7 @@ { "@timestamp": "2021-11-22T00:05:08.579Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -143,7 +143,7 @@ { "@timestamp": "2021-11-22T00:05:08.581Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -218,7 +218,7 @@ { "@timestamp": "2021-11-22T00:05:08.583Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -293,7 +293,7 @@ { "@timestamp": "2021-11-22T00:05:08.584Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -368,7 +368,7 @@ { "@timestamp": "2021-11-22T00:05:08.596Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.system.license.added", @@ -462,7 +462,7 @@ { "@timestamp": "2021-11-22T00:06:49.600Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.created", @@ -557,7 +557,7 @@ { "@timestamp": "2021-11-22T00:06:49.734Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -632,7 +632,7 @@ { "@timestamp": "2021-11-22T00:06:49.750Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -707,7 +707,7 @@ { "@timestamp": "2021-11-22T00:06:49.751Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -782,7 +782,7 @@ { "@timestamp": "2021-11-22T00:06:49.752Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -857,7 +857,7 @@ { "@timestamp": "2021-11-22T00:06:49.754Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -932,7 +932,7 @@ { "@timestamp": "2021-11-22T00:06:49.756Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -1007,7 +1007,7 @@ { "@timestamp": "2021-11-22T00:06:57.138Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1081,7 +1081,7 @@ { "@timestamp": "2021-11-22T00:06:57.158Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1155,7 +1155,7 @@ { "@timestamp": "2021-11-22T00:06:57.162Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1229,7 +1229,7 @@ { "@timestamp": "2021-11-22T00:06:58.318Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1298,7 +1298,7 @@ { "@timestamp": "2021-11-22T00:06:58.974Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1367,7 +1367,7 @@ { "@timestamp": "2021-11-22T00:06:58.990Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1424,7 +1424,7 @@ { "@timestamp": "2021-11-22T00:06:59.224Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1498,7 +1498,7 @@ { "@timestamp": "2021-11-22T00:06:59.266Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1572,7 +1572,7 @@ { "@timestamp": "2021-11-22T00:06:59.313Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1641,7 +1641,7 @@ { "@timestamp": "2021-11-22T00:06:59.332Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1698,7 +1698,7 @@ { "@timestamp": "2021-11-22T00:06:59.340Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1755,7 +1755,7 @@ { "@timestamp": "2021-11-22T00:06:59.485Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -1817,7 +1817,7 @@ { "@timestamp": "2021-11-22T00:06:59.522Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1891,7 +1891,7 @@ { "@timestamp": "2021-11-22T00:07:01.644Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1965,7 +1965,7 @@ { "@timestamp": "2021-11-22T00:07:01.669Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2039,7 +2039,7 @@ { "@timestamp": "2021-11-22T00:07:02.694Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2113,7 +2113,7 @@ { "@timestamp": "2021-11-22T00:07:02.725Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2187,7 +2187,7 @@ { "@timestamp": "2021-11-22T00:07:02.794Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2261,7 +2261,7 @@ { "@timestamp": "2021-11-22T00:07:09.370Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -2323,7 +2323,7 @@ { "@timestamp": "2021-11-22T00:07:09.880Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2397,7 +2397,7 @@ { "@timestamp": "2021-11-22T00:08:33.534Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2461,7 +2461,7 @@ { "@timestamp": "2021-11-22T00:08:33.535Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2525,7 +2525,7 @@ { "@timestamp": "2021-11-22T00:08:33.536Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2589,7 +2589,7 @@ { "@timestamp": "2021-11-22T00:08:33.537Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2653,7 +2653,7 @@ { "@timestamp": "2021-11-22T00:08:33.710Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.workflow.created", @@ -2732,7 +2732,7 @@ { "@timestamp": "2021-11-22T00:08:33.732Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.workflow.scheme.created", @@ -2801,7 +2801,7 @@ { "@timestamp": "2021-11-22T00:08:33.746Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", @@ -2863,7 +2863,7 @@ { "@timestamp": "2021-11-22T00:08:33.887Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.filter.created", @@ -2957,7 +2957,7 @@ { "@timestamp": "2021-11-22T00:08:34.720Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Board created", @@ -3019,7 +3019,7 @@ { "@timestamp": "2021-11-22T00:08:34.142Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.created", @@ -3088,7 +3088,7 @@ { "@timestamp": "2021-11-22T00:08:34.151Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3157,7 +3157,7 @@ { "@timestamp": "2021-11-22T00:08:34.163Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3226,7 +3226,7 @@ { "@timestamp": "2021-11-22T00:08:34.165Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3295,7 +3295,7 @@ { "@timestamp": "2021-11-22T00:08:34.166Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3364,7 +3364,7 @@ { "@timestamp": "2021-11-22T00:08:34.168Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3433,7 +3433,7 @@ { "@timestamp": "2021-11-22T00:08:34.171Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3502,7 +3502,7 @@ { "@timestamp": "2021-11-22T00:08:34.173Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3576,7 +3576,7 @@ { "@timestamp": "2021-11-22T00:08:34.174Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3645,7 +3645,7 @@ { "@timestamp": "2021-11-22T00:08:34.176Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3714,7 +3714,7 @@ { "@timestamp": "2021-11-22T00:08:34.178Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3783,7 +3783,7 @@ { "@timestamp": "2021-11-22T00:08:34.180Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3852,7 +3852,7 @@ { "@timestamp": "2021-11-22T00:08:34.182Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3921,7 +3921,7 @@ { "@timestamp": "2021-11-22T00:08:34.184Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3995,7 +3995,7 @@ { "@timestamp": "2021-11-22T00:08:34.187Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4064,7 +4064,7 @@ { "@timestamp": "2021-11-22T00:08:34.190Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4133,7 +4133,7 @@ { "@timestamp": "2021-11-22T00:08:34.204Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4207,7 +4207,7 @@ { "@timestamp": "2021-11-22T00:08:34.208Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4276,7 +4276,7 @@ { "@timestamp": "2021-11-22T00:08:34.210Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4350,7 +4350,7 @@ { "@timestamp": "2021-11-22T00:08:34.212Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4424,7 +4424,7 @@ { "@timestamp": "2021-11-22T00:08:34.215Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4493,7 +4493,7 @@ { "@timestamp": "2021-11-22T00:08:34.217Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4567,7 +4567,7 @@ { "@timestamp": "2021-11-22T00:08:34.219Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4636,7 +4636,7 @@ { "@timestamp": "2021-11-22T00:08:34.221Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4710,7 +4710,7 @@ { "@timestamp": "2021-11-22T00:08:34.223Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4779,7 +4779,7 @@ { "@timestamp": "2021-11-22T00:08:34.225Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4848,7 +4848,7 @@ { "@timestamp": "2021-11-22T00:08:34.227Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4922,7 +4922,7 @@ { "@timestamp": "2021-11-22T00:08:34.229Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4991,7 +4991,7 @@ { "@timestamp": "2021-11-22T00:08:34.231Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5065,7 +5065,7 @@ { "@timestamp": "2021-11-22T00:08:34.233Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5134,7 +5134,7 @@ { "@timestamp": "2021-11-22T00:08:34.235Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5203,7 +5203,7 @@ { "@timestamp": "2021-11-22T00:08:34.236Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5272,7 +5272,7 @@ { "@timestamp": "2021-11-22T00:08:34.239Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5341,7 +5341,7 @@ { "@timestamp": "2021-11-22T00:08:34.241Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5410,7 +5410,7 @@ { "@timestamp": "2021-11-22T00:08:34.243Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5479,7 +5479,7 @@ { "@timestamp": "2021-11-22T00:08:34.249Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", @@ -5559,7 +5559,7 @@ { "@timestamp": "2021-11-22T00:08:34.266Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", @@ -5621,7 +5621,7 @@ { "@timestamp": "2021-11-22T00:08:34.297Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.project.created", @@ -5714,7 +5714,7 @@ { "@timestamp": "2021-11-22T00:08:34.506Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.project.roles.changed", @@ -5783,7 +5783,7 @@ { "@timestamp": "2021-11-22T00:08:34.521Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.version.created", @@ -5857,7 +5857,7 @@ { "@timestamp": "2021-11-22T00:08:34.535Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.version.released", @@ -5931,7 +5931,7 @@ { "@timestamp": "2021-11-22T00:08:34.543Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.version.created", @@ -6005,7 +6005,7 @@ { "@timestamp": "2021-11-22T00:08:34.545Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.version.created", @@ -6074,7 +6074,7 @@ { "@timestamp": "2021-11-22T00:12:02.856Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -6145,7 +6145,7 @@ { "@timestamp": "2021-11-26T19:35:10.718Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.login.failed", @@ -6220,7 +6220,7 @@ { "@timestamp": "2021-11-26T19:33:29.363Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "jira.auditing.user.logged.in", diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 5d49a0899a2..0d70c3f1ca5 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Atlassian Jira audit logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_jira/data_stream/audit/sample_event.json b/packages/atlassian_jira/data_stream/audit/sample_event.json index 3019d2e1cdf..a05ea51773c 100644 --- a/packages/atlassian_jira/data_stream/audit/sample_event.json +++ b/packages/atlassian_jira/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_jira/docs/README.md b/packages/atlassian_jira/docs/README.md index f2fcea5b50c..5d559ad1262 100644 --- a/packages/atlassian_jira/docs/README.md +++ b/packages/atlassian_jira/docs/README.md @@ -129,7 +129,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_jira/manifest.yml b/packages/atlassian_jira/manifest.yml index af448c32b26..0e5afa80042 100644 --- a/packages/atlassian_jira/manifest.yml +++ b/packages/atlassian_jira/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_jira title: Atlassian Jira -version: 1.3.0 +version: "1.4.0" license: basic description: Collect logs from Atlassian Jira with Elastic Agent. type: integration diff --git a/packages/auditd/_dev/build/build.yml b/packages/auditd/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/auditd/_dev/build/build.yml +++ b/packages/auditd/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index 56a6b527ef1..49c8a0c0729 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "3.1.0" changes: - description: Change title to Auditd Logs diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json index d85b6663e2d..ab98e881b6b 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json @@ -15,7 +15,7 @@ "address": "192.168.0.0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "mac_ipsec_event", @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "syscall", @@ -119,7 +119,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -175,7 +175,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -243,7 +243,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -275,7 +275,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "proctitle", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "proctitle", @@ -322,7 +322,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -364,7 +364,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -402,7 +402,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -437,7 +437,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "execve", @@ -465,7 +465,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -497,7 +497,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -545,7 +545,7 @@ "runtime": "kvm" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -587,7 +587,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -630,7 +630,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -669,7 +669,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -712,7 +712,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -751,7 +751,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -797,7 +797,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -843,7 +843,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -889,7 +889,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -937,7 +937,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -982,7 +982,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1049,7 +1049,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1118,7 +1118,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1165,7 +1165,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1208,7 +1208,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1251,7 +1251,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1284,7 +1284,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1335,7 +1335,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1386,7 +1386,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1436,7 +1436,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1481,7 +1481,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1529,7 +1529,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1573,7 +1573,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1635,7 +1635,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1705,7 +1705,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1752,7 +1752,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -1786,7 +1786,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cwd", @@ -1816,7 +1816,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "path", @@ -1840,7 +1840,7 @@ "log": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown[1329]", @@ -1870,7 +1870,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "bprm_fcaps", @@ -1890,7 +1890,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sockaddr", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ckaddr", @@ -1930,7 +1930,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json index 45c95251dd6..bde7c6030df 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json @@ -14,7 +14,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -125,7 +125,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -343,7 +343,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -395,7 +395,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json index b61f7b166a7..c3c33fb5964 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "execve", @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "execve", @@ -131,7 +131,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "execve", @@ -226,7 +226,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "execve", diff --git a/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 36116791ce0..e24255d6552 100644 --- a/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Linux auditd logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/auditd/data_stream/log/sample_event.json b/packages/auditd/data_stream/log/sample_event.json index 7b84a0d9d18..ca16d5db805 100644 --- a/packages/auditd/data_stream/log/sample_event.json +++ b/packages/auditd/data_stream/log/sample_event.json @@ -20,7 +20,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f386c08a-1dcf-444a-a259-9c33fa001606", diff --git a/packages/auditd/docs/README.md b/packages/auditd/docs/README.md index 85f343c361c..f180434c615 100644 --- a/packages/auditd/docs/README.md +++ b/packages/auditd/docs/README.md @@ -35,7 +35,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f386c08a-1dcf-444a-a259-9c33fa001606", diff --git a/packages/auditd/manifest.yml b/packages/auditd/manifest.yml index d0978865445..6cc55b69d65 100644 --- a/packages/auditd/manifest.yml +++ b/packages/auditd/manifest.yml @@ -1,6 +1,6 @@ name: auditd title: Auditd Logs -version: 3.1.0 +version: "3.2.0" release: ga description: Collect logs from Linux audit daemon with Elastic Agent. type: integration diff --git a/packages/auditd_manager/_dev/build/build.yml b/packages/auditd_manager/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/auditd_manager/_dev/build/build.yml +++ b/packages/auditd_manager/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/auditd_manager/changelog.yml b/packages/auditd_manager/changelog.yml index 5b21722f731..9e14cbf385b 100644 --- a/packages/auditd_manager/changelog.yml +++ b/packages/auditd_manager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.0" changes: - description: Initial release diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/auditlogin-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/auditlogin-events.json-expected.json index 773dfa829ce..1b9dbbcf1a8 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/auditlogin-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/auditlogin-events.json-expected.json @@ -30,7 +30,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-login-id-to", @@ -100,7 +100,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-login-id-to", @@ -171,7 +171,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-login-id-to", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/centos7-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/centos7-events.json-expected.json index 431fa027d92..80620ff3695 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/centos7-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/centos7-events.json-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "started-session", @@ -124,7 +124,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "added-group-account-to", @@ -209,7 +209,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "added-user-account", @@ -296,7 +296,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified-user-account", @@ -383,7 +383,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified-user-account", @@ -470,7 +470,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified-user-account", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified-user-account", @@ -644,7 +644,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified-user-account", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/chown-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/chown-events.json-expected.json index 0bcd8e7332b..816cb642c64 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/chown-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/chown-events.json-expected.json @@ -92,7 +92,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-file-ownership-of", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/passwd-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/passwd-events.json-expected.json index b95ee3cd793..cc270205063 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/passwd-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/passwd-events.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-password", @@ -115,7 +115,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-password", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-password", @@ -276,7 +276,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "was-authorized", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/setuid-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/setuid-events.json-expected.json index d55cd9a5477..58eaf687971 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/setuid-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/setuid-events.json-expected.json @@ -60,7 +60,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-identity-of", @@ -167,7 +167,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-identity-of", @@ -266,7 +266,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-identity-of", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/sudo-asuser-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/sudo-asuser-events.json-expected.json index 25909ee8964..29a07f3efe3 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/sudo-asuser-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/sudo-asuser-events.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authenticated", @@ -110,7 +110,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "was-authorized", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ran-command", @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "refreshed-credentials", @@ -319,7 +319,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "started-session", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/sudo-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/sudo-events.json-expected.json index 87f793a3521..1fa1e9adab6 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/sudo-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/sudo-events.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authenticated", @@ -110,7 +110,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "was-authorized", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ran-command", @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "refreshed-credentials", @@ -319,7 +319,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "started-session", @@ -400,7 +400,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authenticated", @@ -475,7 +475,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "acquired-credentials", @@ -550,7 +550,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "was-authorized", @@ -625,7 +625,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authenticated", @@ -699,7 +699,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "started-session", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "refreshed-credentials", @@ -850,7 +850,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ran-command", @@ -915,7 +915,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "was-authorized", @@ -990,7 +990,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authenticated", @@ -1066,7 +1066,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-role-to", @@ -1125,7 +1125,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "started-session", @@ -1206,7 +1206,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "disposed-credentials", @@ -1281,7 +1281,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ended-session", @@ -1356,7 +1356,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "disposed-credentials", @@ -1431,7 +1431,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ended-session", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/useradd-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/useradd-events.json-expected.json index 5ab3d546003..a1982f037a1 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/useradd-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/useradd-events.json-expected.json @@ -33,7 +33,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "added-group-account-to", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "added-group-account-to", @@ -190,7 +190,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "added-group-account-to", @@ -269,7 +269,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "added-user-account", @@ -350,7 +350,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "was-authorized", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "changed-password", @@ -506,7 +506,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authenticated", @@ -581,7 +581,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "was-authorized", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/userlogin-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/userlogin-events.json-expected.json index c0c03c7f483..288debc5179 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/userlogin-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/userlogin-events.json-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logged-in", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logged-in", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authenticated", @@ -247,7 +247,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "acquired-credentials", diff --git a/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml b/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml index 1235e982bf2..997d541bcd7 100644 --- a/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Linux auditd logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: event.original target_field: auditd.messages diff --git a/packages/auditd_manager/data_stream/auditd/sample_event.json b/packages/auditd_manager/data_stream/auditd/sample_event.json index e999a53bf9c..4e346717387 100644 --- a/packages/auditd_manager/data_stream/auditd/sample_event.json +++ b/packages/auditd_manager/data_stream/auditd/sample_event.json @@ -72,7 +72,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "753ce520-4f32-45b1-9212-c4dcc9d575a1", diff --git a/packages/auditd_manager/docs/README.md b/packages/auditd_manager/docs/README.md index 918d3f96a2a..7a85c9c40be 100644 --- a/packages/auditd_manager/docs/README.md +++ b/packages/auditd_manager/docs/README.md @@ -184,7 +184,7 @@ An example event for `auditd` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "753ce520-4f32-45b1-9212-c4dcc9d575a1", diff --git a/packages/auditd_manager/manifest.yml b/packages/auditd_manager/manifest.yml index 54cdec9e08e..b3f006e9337 100644 --- a/packages/auditd_manager/manifest.yml +++ b/packages/auditd_manager/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auditd_manager title: "Auditd Manager" -version: 1.0.0 +version: "1.1.0" release: ga license: basic description: "The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel." diff --git a/packages/auth0/_dev/build/build.yml b/packages/auth0/_dev/build/build.yml index 08d85edcf9a..5661d603a89 100644 --- a/packages/auth0/_dev/build/build.yml +++ b/packages/auth0/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@v8.3.0 diff --git a/packages/auth0/changelog.yml b/packages/auth0/changelog.yml index efcc0a7517e..2ae93e7b292 100644 --- a/packages/auth0/changelog.yml +++ b/packages/auth0/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json index 23e29b63054..6c1908c7a0a 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "failed-login", @@ -124,7 +124,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "failed-login", @@ -211,7 +211,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "failed-login", @@ -284,7 +284,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "invalid-username-or-email", @@ -360,7 +360,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "incorrect-password", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json index 456eff04c5e..40aefc1de28 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json @@ -61,7 +61,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -189,7 +189,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -264,7 +264,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -390,7 +390,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -516,7 +516,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -630,7 +630,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -935,7 +935,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -1051,7 +1051,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -1179,7 +1179,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -1295,7 +1295,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -1411,7 +1411,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -1527,7 +1527,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -1643,7 +1643,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -1759,7 +1759,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -1875,7 +1875,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -1991,7 +1991,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -2107,7 +2107,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -2223,7 +2223,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -2351,7 +2351,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", @@ -2479,7 +2479,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "successful-login", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json index ff6c1664c62..2b379493b8b 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json @@ -24,7 +24,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "user-logout-successful", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "user-logout-successful", @@ -178,7 +178,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "user-logout-successful", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json index ac3897c258e..b5cf3b78711 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -169,7 +169,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -309,7 +309,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -680,7 +680,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -939,7 +939,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -1178,7 +1178,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -1280,7 +1280,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -1519,7 +1519,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -1623,7 +1623,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -1733,7 +1733,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -1972,7 +1972,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -2211,7 +2211,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -2320,7 +2320,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -2435,7 +2435,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -2544,7 +2544,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -2646,7 +2646,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -2761,7 +2761,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -2870,7 +2870,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -2972,7 +2972,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -3065,7 +3065,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -3175,7 +3175,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -3284,7 +3284,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -3377,7 +3377,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -3487,7 +3487,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -3690,7 +3690,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -3805,7 +3805,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -3907,7 +3907,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -4006,7 +4006,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -4122,7 +4122,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -4361,7 +4361,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -4459,7 +4459,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -4688,7 +4688,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -4913,7 +4913,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -5013,7 +5013,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -5115,7 +5115,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -5223,7 +5223,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -5331,7 +5331,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -5433,7 +5433,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op", @@ -5538,7 +5538,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op-secrets-returned", @@ -5639,7 +5639,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-mgmt-api-op-secrets-returned", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json index bea19c7404f..397ca7148ce 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json @@ -72,7 +72,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "user-signup-failed", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json index 92036a17aa6..ba953aca6f3 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-signup", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-signup", @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-signup", @@ -255,7 +255,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-signup", @@ -329,7 +329,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-signup", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json index dd707f10205..e7ae1445054 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -88,7 +88,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -158,7 +158,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -228,7 +228,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -298,7 +298,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -368,7 +368,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -438,7 +438,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -508,7 +508,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -578,7 +578,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -718,7 +718,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -788,7 +788,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -928,7 +928,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -998,7 +998,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1068,7 +1068,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1138,7 +1138,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1208,7 +1208,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1278,7 +1278,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1348,7 +1348,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1418,7 +1418,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json index 30ff83d59c4..dc17885eb16 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json @@ -20,7 +20,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "failed-to-send-email-notification", @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "failed-to-send-email-notification", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json index 12e5a4c3a6a..76bd8e07cec 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "sent-verification-email", diff --git a/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml b/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml index af1e5a307ad..e36a9beaf2f 100644 --- a/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Auth0 log stream events processors: - set: field: ecs.version - value: '1.12.0' + value: '8.3.0' - set: field: auth0.logs.data copy_from: json.data diff --git a/packages/auth0/data_stream/logs/sample_event.json b/packages/auth0/data_stream/logs/sample_event.json index 02d4e4c0232..f1f4ada2467 100644 --- a/packages/auth0/data_stream/logs/sample_event.json +++ b/packages/auth0/data_stream/logs/sample_event.json @@ -84,7 +84,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "elastic_agent": { "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", diff --git a/packages/auth0/docs/README.md b/packages/auth0/docs/README.md index a40c20f6acb..ed206a52ae3 100644 --- a/packages/auth0/docs/README.md +++ b/packages/auth0/docs/README.md @@ -114,7 +114,7 @@ The Auth0 logs dataset provides events from Auth0 log stream. All Auth0 log even | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | input.type | Input type. | keyword | | log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | -| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | +| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. | keyword | | process.args | Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. | keyword | | process.args_count | Length of the process.args array. This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. | long | | process.command_line | Full command line that started the process, including the absolute path to the executable, and all arguments. Some arguments may be filtered to protect sensitive information. | wildcard | @@ -257,7 +257,7 @@ An example event for `logs` looks as following: "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "elastic_agent": { "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", diff --git a/packages/auth0/manifest.yml b/packages/auth0/manifest.yml index c92f640b6c5..06f84def2dc 100644 --- a/packages/auth0/manifest.yml +++ b/packages/auth0/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auth0 title: "Auth0 Log Streams Integration" -version: 1.0.0 +version: "1.1.0" license: basic description: Collect logs from Auth0 with Elastic Agent. type: integration diff --git a/packages/barracuda/_dev/build/build.yml b/packages/barracuda/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/barracuda/_dev/build/build.yml +++ b/packages/barracuda/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/barracuda/changelog.yml b/packages/barracuda/changelog.yml index 108d12d02cd..3ef107550e0 100644 --- a/packages/barracuda/changelog.yml +++ b/packages/barracuda/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.10.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.9.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json b/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json index 8902961fc79..d418d0c3e4f 100644 --- a/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[avolupt]: 10.224.15.48 nto sse accept tur 3 illumqui 1090 1.2364 ivelitse ritin", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: etdo[10.173.228.223] ntsunti 1455282753 1455282753 SCAN nseq itinvol psa umq 0 31 psaq SZ:cer SUBJ:reveri", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "outbound/smtp: 10.104.162.169 eosquir orsi nulapari allow vol 4 uidolor nibus mipsumq \u003c\u003cgnaali\u003e: enatus", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[iatu]: 10.57.70.73 dolo meumfug deny roinBCS 2 com 1060 1.2548 byC tinculp", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "outbound/smtp: 10.236.42.236 tconsec nsequat taev block untutl 1 llu uptassi tamremap tur", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (enatuse.exe) queued as magn", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1[sit]: avol[10.162.151.94] laboreet 1461457525 1461457525 RECV aquaeabi giatq quid", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: tempor[10.138.137.28] eip 1462692479 1462692479 SCAN lupta iusmodt doloreeu pori 7 8 ect SZ:reetdolo SUBJ:nrepreh", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan: ari[10.108.180.105] nsequat 1463927433 1463927433 block llam llamcorp ari eataevit 4 38 uovol dmi", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: [10.206.159.177] ididu 1465162388 1465162388 RECV ciunt turQuisa 10 74 lit", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1[umdo]: sed[10.206.224.241] reetdolo 1466397342 1466397342 RECV olupta turveli 4 40 tatno", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: aveniam[10.82.201.113] essequ 1467632296 1467632296 SCAN taevi ender snulapar aedic 5 13 iumto SZ:aboreetd SUBJ:sun", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (tem.exe) queued as ons", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "outbound/smtp: 10.110.109.5 ittenbyC aperi lor accept ipi 4 paqu eseru remeum #to#10.18.165.35", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan: dolore[10.195.109.134] eddoei 1471337159 1471337159 deny etM nimadmin ditautfu piscing 6 74 ostr rudexerc", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan[colabor]: iusmodt[10.21.92.218] lorumw 1472572113 1472572113 accept llitani inima tlabo suntexp 4 45 stiae SZ:nofdeF SUBJ:sunt", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (tat.exe) queued as tion", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (emp.exe) queued as aperia", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: Ret Policy Summary (Del:eritquii Kept:dexeac)", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: [10.45.25.68] LOGOUT (rehender)", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: Ret Policy Summary (Del:hil Kept:atquovo)", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[tatn]: 10.18.109.121 ents pida allow idolor 1 emoeni 269 1.2857 utlabore ecillu", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: [10.19.194.101] global CHANGE orinrepr (conse)", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (lumqui.exe) queued as itinvo", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (usmodt.exe) queued as siar", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[sci]: 10.116.193.182 snostrud nama allow data 1 ationul 2530 1.5361 commod adol", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: hitect[10.198.6.166] modocon 1486156610 1486156610 SCAN que atevel nsecte itame 0 38 lit5929.test quamnih", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "outbound/smtp: 10.198.19.111 aquaeabi lita adeseru accept amc 4 amest corp modtemp \u003c\u003crehender\u003e: iae", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: equat[10.77.137.72] ione 1488626519 1488626519 SCAN ihilmole eriamea amre rsita 8 56 uptat3156.www5.test tmo", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: vitaedi[10.128.114.77] temqu 1489861473 1489861473 SCAN edol colab ommodico quatD 4 59 neav6028.internal.domain agnid", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "outbound/smtp: 10.181.80.139 hitecto ents liquide allow tenatu 1 boN eprehend aevit aboN", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1[ris]: uamqu[10.138.252.123] quioffi 1492331381 1492331381 RECV uptate ncidid quaturve", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (aera.exe) queued as ate", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: [10.153.108.27] uir 1494801290 1494801290 RECV dol essecil citation", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "outbound/smtp: 10.120.167.239 gnido ratvolu olup deny nsecte 3 eveli eroi dtemp aliquide", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1[ris]: nisi[10.105.88.20] ecte 1497271198 1497271198 RECV tinvolu iurer iciadese", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan: olupta[10.98.92.244] idolor 1498506153 1498506153 deny uta llumdolo nre ercitat 7 38 riosamn SZ:ept SUBJ:iumtotam", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan[sperna]: sintocc[10.185.107.75] tDuisaut 1499741107 1499741107 allow tate imvenia spi stquido 8 62 ptas SZ:pta SUBJ:tetu", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (nevo.exe) queued as ide", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[etcons]: 10.80.214.206 ate uiac accept officiad 4 quinesc 6218 1.5651 tur roi", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[nof]: 10.48.34.226 ccaec ten allow isc 2 ntN 6179 1.2364 tateve itinvol", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (etconsec.exe) queued as ios", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: tquov[10.211.93.62] mod 1505915878 1505915878 SCAN hilm ataevi com tnulapa 5 57 tiumt SZ:reetdolo SUBJ:norum", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (uidol.exe) queued as mporin", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan: qui[10.199.182.123] entor 1508385787 1508385787 accept Sedutp utp ema rsitv 0 69 ntiumt iquipe", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (tvolupt.exe) queued as eufugi", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan[pid]: illoin[10.130.38.118] uamni 1510855695 1510855695 block gnamal metMalo ntexplic archite 1 56 untu asi", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: [10.153.152.219] eumiu 1512090649 1512090649 RECV orumSe boree intoc", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: Retention violating accounts: rnatur total", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (isisten.exe) queued as cusant", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (naal.exe) queued as borios", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "outbound/smtp: 10.167.227.44 tali lillum cusant deny ender 2 oles edic seq tutlab", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[atevelit]: 10.56.136.27 aperia ccaeca deny ttenby 1 amc 5163 1.375 orumSe ratv", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: [10.194.90.130] FAILED_LOGIN (siut)", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: [10.103.69.44] velitess 1520735329 1520735329 RECV naali uunturm temUte", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: aveni[10.29.155.171] uptatema 1521970284 1521970284 SCAN oeni tdol sit tiaec 6 23 oremagna3521.mail.home asiar", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: [10.145.193.93] nonp 1523205238 1523205238 RECV labo ulapar aboreetd", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1[ama]: uatur[10.143.79.226] exeacom 1524440192 1524440192 RECV roidents tem dol", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: [10.30.25.84] FAILED_LOGIN (utlab)", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: [10.141.225.182] bor 1526910101 1526910101 RECV rauto ationev 8 57 uaUten", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (dun.exe) queued as reprehe", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: [10.90.9.88] global CHANGE umexerc (oremipsu)", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (amco.exe) queued as ssecillu", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (olo.exe) queued as psumqu", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[rationev]: 10.226.20.199 tatem untutlab allow eveli 2 lillum 7809 1.2000 uisaute imide", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: [10.134.140.191] global CHANGE nte (mvel)", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "outbound/smtp[conse]: 10.252.40.172 nimadmin isiu licabo cancel etdolor 3 dic cola amcor", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan[xea]: ites[10.126.26.131] nisiut 1536789735 1536789735 accept teturad perspici itation sequatD 5 24 isciv rroqu", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan[rExc]: iusmo[10.187.210.173] reetd 1538024689 1538024689 accept ulpa sitam rad loi 2 15 Nequepor SZ:eirure SUBJ:deserun", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (orroq.exe) queued as vitaedic", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (orem.exe) queued as rcit", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan[untincul]: ssecil[10.180.147.129] atise 1541729552 1541729552 allow umetMalo oluptas emvele isnost 2 5 ido emqu", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[exeaco]: 10.99.17.210 olorsit tore cancel illu 4 turadip 688 1.7484 boreetdo undeom", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[uov]: 10.230.46.162 sBono loremqu accept quunt 3 siuta 1107 1.2607 dquia temporin", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan[nimveni]: idi[10.96.135.47] rum 1545434414 1545434414 accept eporroq ulla iqu oin 1 55 cingel modocon", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (atv.exe) queued as onu", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan: obeataev[10.139.127.232] nsec 1547904323 1547904323 cancel maperi agnaaliq tlaboree norumet 7 48 tin SZ:fugitse SUBJ:imad", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: inv[10.163.209.70] atu 1549139277 1549139277 SCAN lloin remipsum tempor citatio 0 57 mveniamq SZ:taedict SUBJ:edquian", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (mipsamvo.exe) queued as eiusmod", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan[avolu]: Except[10.191.7.121] umetMal 1551609186 1551609186 accept sciun metcons itasper uae 2 21 uia iciad", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: [10.157.196.101] gnaa 1552844140 1552844140 RECV mod doei cipitl", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: [10.171.72.5] global CHANGE eprehend (asnu)", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan: eritatis[10.209.184.60] mquisn 1555314049 1555314049 cancel uto emUte molestia quir 4 18 emip SZ:ver SUBJ:erc", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1[dolorsit]: archite[10.143.228.97] isqua 1556549003 1556549003 RECV uta emo itq", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (ntexpl.exe) queued as dunt", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan: plic[10.17.87.79] tetur 1559018911 1559018911 block amali ate idolor ratvolu 7 64 onse olorem", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: [10.163.18.29] FAILED_LOGIN (nim)", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "web: Retention violating accounts: erspi total", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (billoi.exe) queued as moles", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan: taedi[10.17.98.243] etconsec 1563958728 1563958728 cancel ill mporinc onsectet idolo 8 55 docon SZ:mdolore SUBJ:eosquira", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (apariatu.exe) queued as lorsita", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (ever.exe) queued as tali", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1[mipsumqu]: tatio[10.181.247.224] onnu 1567663591 1567663591 RECV olorema aquiof ende", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan[ugitse]: quiineav[10.235.116.121] ventore 1568898545 1568898545 deny obea emp agnaaliq est 0 73 aev SZ:inrepr SUBJ:mol", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "outbound/smtp: 10.178.30.158 llit tenimad sitametc allow onproide 2 cillumd riosa Ok: queued as tNe #to#10.1.6.115", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "notify/smtp[rautod]: 10.124.32.120 lapar ritati accept qui 3 mullam 4965 1.4254 meaque uid", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (ataevita.exe) queued as oremqu", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reports: REPORTS (velitsed.exe) queued as magnaali", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inbound/pass1: der[10.77.182.191] enbyCi 1575073317 1575073317 SCAN quameiu diduntu eiusmod itation 8 79 piciatis2460.api.host iusmodt", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scan: iame[10.193.110.71] tiumd 1576308271 1576308271 accept loinve tanimid isnostru nofdeFi 3 5 saqu remips", "tags": [ diff --git a/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml index 383b8d85377..fec34f6ea1f 100644 --- a/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Barracuda Spam Firewall processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/barracuda/data_stream/spamfirewall/sample_event.json b/packages/barracuda/data_stream/spamfirewall/sample_event.json index af43a5d2b9e..a5a7e45902b 100644 --- a/packages/barracuda/data_stream/spamfirewall/sample_event.json +++ b/packages/barracuda/data_stream/spamfirewall/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json index 57b36556b23..dae51040817 100644 --- a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: Started monitoring", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "BYPASS: Mode set to BYPASS (nbyCic).", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "UPDATE: [ALERT:tvolup] New attack definition version 1.1000 is available", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Initializing STM.", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eventmgr: Forwarding log messages to syslog host #imadm, address=10.16.222.151", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: [ALERT:eritqui] One of the RAID arrays is degrading.", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "BYPASS: Mode change: ccusant,epteurs", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "UPDATE: [ALERT:modoco] New attack definition version 1.3971 is available", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: LB-doloreeu elillumq CreateServer =loremeum", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: WebLog-radi ula itsed: SapCtx=rad,SapId=olupta, ididu", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "UPDATE: [ALERT:xcepte] New attack definition version 1.4012 is available", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: Monitoring links: lo4933", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: [ALERT:doconse] One of the RAID arrays is degrading.", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: odite atn It is recommended to configure cookie_encryption_key_expiry atleast 7 days ahead of current time., sectet", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: LB-tet voluptas ActiveServerOutOfBandMonitorAttr =inv", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: [ALERT:obeata] Configuration size is pexeaco which exceeds the ercitati safe limit. Please check your configuration.", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "BYPASS: Mode change: urEx,labo", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eventmgr: Event manager startup succeeded.", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: LB-Maloru lapariat SetServerdmin=oinBCSed", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Successfully stopped STM.", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: luptate Initiating config_agent database commit phase.", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: LB-isistena Malorum SetSapquelauda=enderit", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eventmgr: Forwarding log messages to syslog host #equun, address=10.4.65.246", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "UPDATE: [ALERT:exer] New attack definition version 1.481 is available", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eventmgr: Event manager startup succeeded.", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: isnisiu aspernat Update succeeded", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Loading the snapshot for mquel release.", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Migrating configuration from ueporr to ptate", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: [ALERT:onsequ] enp0s7094: link is up", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: iquip tDuisau It is recommended to configure cookie_encryption_key_expiry atleast 7 days ahead of current time., amali", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eventmgr: Event manager startup succeeded.", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: Started monitoring", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: LB-mveniam rvelill EnableServer =iame", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: number of stm worker threads iseuf", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: WebLog-ipiscin idolore turExce: SapCtx=modoc,SapId=mdolors, borios", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Successfully stopped STM.", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eventmgr: Forwarding log messages to syslog host #ccusa, address=10.58.33.30", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: [ALERT:uiadolo] eth321: link is up", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: rsi ciduntut Update succeeded", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: radipis RPC Name =isa, RPC Result: aal", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Loading the snapshot for ris release.", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: aliqui rcitat Update succeeded", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: aeconse Initiating config_agent database commit phase.", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: Started monitoring", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: iaecon ipexea Update succeeded", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Migrating configuration from nulapa to cillu", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: [ALERT:ectetura] Firmware storage exceeds didun", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: rcit nul Received put-tree command", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "UPDATE: [ALERT:aliquaU] New attack definition version 1.1278 is available", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "UPDATE: [ALERT:amei] New attack definition version 1.7778 is available", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "UPDATE: [ALERT:gelitse] New attack definition version 1.3018 is available", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Migrating configuration from iceroin to qui", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Migrating configuration from pariatu to issusc", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: FAILOVE-roinBCSe oreet Stateful Failover Module initialized.", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Committing UI configuration.", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Migrating configuration from ernat to Ute", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: RespPage-rinrepr rvelill CreateRP: Response Page mve created successfully", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: [ALERT:ineav] Configuration size is onp which exceeds the gnaaliqu safe limit. Please check your configuration.", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "BYPASS: Mode set to never bypass.", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: quaea RPC Name =eetd, RPC Result: fdeFin", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: number of stm worker threads isrro", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: tutlabo Initiating config_agent database commit phase.", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Loading the snapshot for pli release.", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: erit Initiating config_agent database commit phase.", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Loading the snapshot for mod release.", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Loading the snapshot for lamcolab release.", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Migrating configuration from estlab to tis", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: [ALERT:uamqua] Firmware storage exceeds labo", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Migrating configuration from tfugit to taspern", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eventmgr: Forwarding log messages to syslog host #meiusm, address=10.48.248.158", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: number of stm worker threads isonula", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: FTPSVC-nimi ilmoles Ftp proxy initialized labor", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: [ALERT:atev] One of the RAID arrays is degrading.", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: amaliq ept Received put-tree command", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "BYPASS: Mode set to BYPASS (ectetura).", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: COOKIE-icab quiado scipit = quiavolu", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "BYPASS: Mode set to never bypass.", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: CACHE-oconseq tsedd untin SapCtx susc, SapId amr, Return Code success", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM: aps-ddoeius tautfugi ParamProtectionClonePatterns: Old:cin, New:fugia, PatternsNode:olors", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Loading the snapshot for admi release.", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "CONFIG_AGENT: aecons Initiating config_agent database commit phase.", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: Monitoring links: eth801", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: Started monitoring", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "UPDATE: [ALERT:ntoc] New attack definition version 1.7781 is available", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "INSTALL: Loading the snapshot for stru release.", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: Monitoring links: enp0s6182", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: number of stm worker threads isumwri", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "BYPASS: Mode set to never bypass.", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "BYPASS: Mode set to BYPASS (eniamqu).", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "UPDATE: [ALERT:tco] New attack definition version 1.6840 is available", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Initializing STM.", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "PROCMON: Started monitoring", "tags": [ diff --git a/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml index ce09e43f41a..12e0c87c024 100644 --- a/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Barracuda Web Application Firewall processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/barracuda/data_stream/waf/sample_event.json b/packages/barracuda/data_stream/waf/sample_event.json index f4cbf73f8f6..47237138775 100644 --- a/packages/barracuda/data_stream/waf/sample_event.json +++ b/packages/barracuda/data_stream/waf/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/barracuda/manifest.yml b/packages/barracuda/manifest.yml index cd02944de3d..2d35dcec7de 100644 --- a/packages/barracuda/manifest.yml +++ b/packages/barracuda/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: barracuda title: Barracuda Logs -version: 0.9.0 +version: "0.10.0" description: Collect spam and web application firewall logs from Barracuda devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/bluecoat/_dev/build/build.yml b/packages/bluecoat/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/bluecoat/_dev/build/build.yml +++ b/packages/bluecoat/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/bluecoat/changelog.yml b/packages/bluecoat/changelog.yml index 5cffd4686b9..fe2ab3926d2 100644 --- a/packages/bluecoat/changelog.yml +++ b/packages/bluecoat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json b/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json index 153fbec3830..829b75dcb4f 100644 --- a/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntpd[1001]: kernel time sync enabled utl", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "restorecond: : Reset file context quasiarc: liqua", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "auditd[5699]: Audit daemon rotating log files", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "anacron[5066]: Normal exit ehend", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "restorecond: : Reset file context vol: luptat", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "heartbeat: : \u003c\u003ceumiu.medium\u003e Processing command: accept", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "restorecond: : Reset file context nci: ofdeFin", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "auditd[6668]: Audit daemon rotating log files", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "anacron[1613]: Normal exit mvolu", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntpd[2959]: ntpd gelit-r tatno", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "anacron[654]: Updated timestamp for job rmagni to sit", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dmd: : \u003c\u003ctenima.very-high\u003e Health state for metric\"seq3874.mail.domain\" \"quid\" changed to \"fug\", reason: \"success\"", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "auditd[2067]: Audit daemon rotating log files", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "pm[5969]: \u003c\u003ctquovol.very-high\u003e check_license_validity(), tae", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logrotate: : ALERT exited abnormally with temUten", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "sshd: : \u003c\u003cdun.medium\u003e error: Bind to port Duisau on psum failed: failure", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "configd: : \u003c\u003cend.medium\u003e itaut@rveli: command: accept", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "authd: : \u003c\u003cluptat.low\u003e authd_signal_handler(), quam", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "xinetd[6547]: Started working: onproide available services", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logrotate: : ALERT exited abnormally with tfug", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "heartbeat: : \u003c\u003curE.medium\u003e Processing command: deny", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "rsyslogd: : Warning: rehe", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "sshd: : \u003c\u003cstiae.medium\u003e error: Bind to port erc on amqu failed: unknown", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntpd[4515]: ntpd emp-r aperia", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "restorecond: : Reset file context run: vol", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logrotate: : ALERT exited abnormally with mporain", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "heartbeat: : \u003c\u003cmpori.very-high\u003e connect: atu", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cmd: : \u003c\u003ctexp.medium\u003e cmd starting adeseru", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cli[7108]: \u003c\u003c-uam.low\u003e tmo@::fficiade:10.2.53.125 : CLI launched", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "pm[7061]: \u003c\u003cihilmo.very-high\u003e ntpd will start in tlabo", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "poller[795]: \u003c\u003coluptate.low\u003e Querying content system for job results.", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "runner[6134]: \u003c\u003cedo.very-high\u003e Processing command: allow", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "epmd: : epmd: epmd running orpor", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "runner[602]: \u003c\u003cemvel.very-high\u003e Failed to exec olup", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "shutdown[2807]: shutting down non", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "configd: : \u003c\u003cugiatnu.high\u003e sperna@sintocc: command: cancel", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "auditd[2986]: Audit daemon rotating log files", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "configd: : \u003c\u003cccaecat.medium\u003e CREATE onsequ", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "auditd[1243]: Audit daemon rotating log files", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "xinetd[6599]: Started working: naal available services", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "xinetd[5850]: Started working: rQu available services", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "heartbeat: : \u003c\u003cboree.low\u003e queips: undefined symbol: ncidi", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "authd: : \u003c\u003color.very-high\u003e authd_close(): npr", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "anacron[6373]: Anacron 1.3962 started on epre", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cli[3979]: \u003c\u003c-iduntu.medium\u003e temUt@avol752.www5.test : Processing command accept", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cmd: : \u003c\u003camc.medium\u003e cmd starting isiuta", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "sshd[5227]: dutp(psaquaea:taevita): pam_putenv: ameiusm", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ccd: : \u003c\u003colab.low\u003e Device elitse6672.internal.localdomain: mquisno", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "runner[1859]: \u003c\u003ctasnulap.high\u003e Failed to exec umSe", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "shutdown[6110]: shutting down itau", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "sshd[2415]: PAM lorsita more authentication failure; dolore", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "rsyslogd: : Warning: tio", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cli[802]: \u003c\u003c-gnaaliqu.very-high\u003e velillu@::cteturad:10.18.204.87 : Processing a secure command...", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "heartbeat: : \u003c\u003creprehe.high\u003e connect: inimveni", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "authd: : \u003c\u003clitani.low\u003e authd_close(): psumqu", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "runner[2558]: \u003c\u003cicabo.high\u003e Failed to exec edquiac", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "anacron[4538]: Updated timestamp for job remips to uisaute", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "auditd[6837]: Audit daemon rotating log files", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "pm[1493]: \u003c\u003cetdolor.high\u003e print_msg(), dic", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "configd: : \u003c\u003cavolupt.low\u003e Device \"itation4168.api.domain\" completed command(s) accept ;; CPL generated by Visual Policy Manager: isciv ;rroqu ; nofd ; dipisci", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "epmd: : epmd: invalid packet size (mquae)", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "runner[429]: \u003c\u003ccorpori.very-high\u003e File reading failed", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "shutdown[7595]: shutting down emqu", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "heartbeat: : \u003c\u003cleumiur.low\u003e The HB command is accept", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "authd: : \u003c\u003cest.very-high\u003e authd_signal_handler(), isetquas", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "authd: : \u003c\u003cpsaqua.medium\u003e authd_signal_handler(), gnaal", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logrotate: : ALERT exited abnormally with voluptas", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntpd[627]: ntpd exiting on signal orin", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "restorecond: : Reset file context ecillu: mmodoc", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cli[1140]: \u003c\u003c-abore.high\u003e modocon@ipsu3680.mail.test : Processing command: deny", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "sshd: : bad username mquisn", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntpd[1313]: ntpd derit-r orese", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ccd: : \u003c\u003cleumiur.medium\u003e Device Communication Daemon online", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "rsyslogd: : Warning: moles", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "restorecond: : Reset file context olup: aco", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "shutdown[609]: shutting down ser", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntpd[2991]: ntpd orinrep-r quiavol", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dmd: : \u003c\u003cquin.medium\u003e inserted device id = sBonor2001.www5.example and serial number = amc into DB", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ccd: : \u003c\u003came.very-high\u003e ccd_handle_read_failure(), uid", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cmd: : \u003c\u003cscivel.high\u003e cmd starting lmolesti", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dmd: : \u003c\u003cemaperia.high\u003e inserted device id = ersp6625.internal.domain and serial number = seq into DB", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cmd: : \u003c\u003ctanimid.medium\u003e cmd starting uipexe", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "heartbeat: : \u003c\u003core.low\u003e The HB command is cancel", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "anacron[7360]: Normal exit tperspic", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dmd: : \u003c\u003cict.very-high\u003e Filter on (tetura) things. riosamni", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ccd: : \u003c\u003cumetMa.low\u003e Device eleumiu2454.api.local: tat", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "schedulerd: : \u003c\u003clumqu.very-high\u003e System time changed, recomputing job run times.", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "xinetd[3450]: Started working: aconsequ available services", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "authd: : \u003c\u003csequat.high\u003e handle_authd unknown message =utemvel", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "rsyslogd: : Warning: iusm", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntpd[16]: time reset stquido", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ccd: : \u003c\u003caaliq.high\u003e Device olu5333.www.domain: orumSe", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "anacron[80]: Normal exit ici", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntpd[7612]: kernel time sync enabled nturmag", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cli[7128]: eseruntm(lpaquiof:oloreeu): pam_putenv: olor", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "schedulerd: : \u003c\u003cici.very-high\u003e Executing Job \"tquo\" execution iatnu", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logrotate: : ALERT exited abnormally with ntut", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "poller[7151]: \u003c\u003cess.high\u003e Querying content system for job results.", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntpd[2314]: ntpd litanim-r rQuisaut", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "heartbeat: : \u003c\u003cmetco.high\u003e Processing command: block", "tags": [ diff --git a/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml b/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml index fcf40dc1b13..55a2279e439 100644 --- a/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml +++ b/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Blue Coat Director processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/bluecoat/data_stream/director/sample_event.json b/packages/bluecoat/data_stream/director/sample_event.json index 81ada87244c..125171d28a7 100644 --- a/packages/bluecoat/data_stream/director/sample_event.json +++ b/packages/bluecoat/data_stream/director/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/bluecoat/manifest.yml b/packages/bluecoat/manifest.yml index 0b4d290b782..9cc8a529c85 100644 --- a/packages/bluecoat/manifest.yml +++ b/packages/bluecoat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: bluecoat title: Blue Coat Director Logs -version: 0.8.0 +version: "0.9.0" description: Collect director logs from Blue Coat devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/carbon_black_cloud/_dev/build/build.yml b/packages/carbon_black_cloud/_dev/build/build.yml index 47cbed9fed8..5661d603a89 100644 --- a/packages/carbon_black_cloud/_dev/build/build.yml +++ b/packages/carbon_black_cloud/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: git@v8.3.0 diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 83c0fdd168f..a54162989b5 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.3" changes: - description: Add correct field mapping for event.created diff --git a/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json b/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json index 64a9fffba9a..9f909602052 100644 --- a/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json @@ -63,7 +63,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "end": "2021-01-04T23:25:58Z", @@ -158,7 +158,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "end": "2020-11-17T22:02:16Z", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "end": "2021-01-04T22:22:42Z", diff --git a/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index f6f5fc171e2..4692b0a9b01 100644 --- a/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud alerts. processors: - set: field: ecs.version - value: "8.0.0" + value: "8.3.0" - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/alert/sample_event.json b/packages/carbon_black_cloud/data_stream/alert/sample_event.json index 67e2c63a323..72df39c8b24 100644 --- a/packages/carbon_black_cloud/data_stream/alert/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/alert/sample_event.json @@ -54,7 +54,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4f53bc01-9d14-4e27-b716-9b41958e11e0", diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json index 2ea3a053288..075579c742b 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":1,\"highest_risk_score\":5.3,\"host_name\":\"DESKTOP-001\",\"last_sync_ts\":\"2022-02-14T08:32:37.105065Z\",\"name\":\"DESKTOP-001KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows Server 2019 Datacenter\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"MODERATE\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":137}" @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":2,\"highest_risk_score\":8.4,\"host_name\":\"DESKTOP-002\",\"last_sync_ts\":\"2021-12-31T22:16:06.970164Z\",\"name\":\"DESKTOP-002KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.19044\"},\"severity\":\"IMPORTANT\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"WORKLOAD\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":342}" @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":3,\"highest_risk_score\":8.4,\"host_name\":\"DESKTOP-003\",\"last_sync_ts\":\"2022-02-03T15:27:28.681106Z\",\"name\":\"DESKTOP-003KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Enterprise\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18363\"},\"severity\":\"IMPORTANT\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"WORKLOAD\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":499}" @@ -162,7 +162,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":4,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-004\",\"last_sync_ts\":\"2022-01-06T03:51:45.460029Z\",\"name\":\"DESKTOP-004KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18362\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":885}" @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":5,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-005\",\"last_sync_ts\":\"2022-01-10T02:46:08.236117Z\",\"name\":\"DESKTOP-005KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Education\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18362\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":893}" @@ -258,7 +258,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":6,\"highest_risk_score\":6,\"host_name\":\"DESKTOP-006\",\"last_sync_ts\":\"2022-01-10T03:11:44.097219Z\",\"name\":\"DESKTOP-006KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"MODERATE\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":276}" @@ -306,7 +306,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":7,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-007\",\"last_sync_ts\":\"2022-01-11T08:41:31.573863Z\",\"name\":\"DESKTOP-007KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.19043\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":542}" @@ -354,7 +354,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":8,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-008\",\"last_sync_ts\":\"2022-01-17T08:33:37.384932Z\",\"name\":\"DESKTOP-008KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Education\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":1770}" diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml index 94f7482f379..56e9330ce12 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.0.0' + value: '8.3.0' - json: field: event.original target_field: json diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json index c31987aefea..beca68ac216 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json @@ -30,7 +30,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4f53bc01-9d14-4e27-b716-9b41958e11e0", diff --git a/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 709d9335d03..5169f5fe617 100644 --- a/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "16xxxxxxxxxx8ac7bd", @@ -51,7 +51,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "21xxxxxxxxxx93ff7c", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "28xxxxxxxxxx8ac7bd", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "34xxxxxxxxxxd9ccf9", @@ -159,7 +159,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "3axxxxxxxxxx2e5035", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "32xxxxxxxxxx189c6d", @@ -231,7 +231,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "a9xxxxxxxxxx4b3d2c", diff --git a/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 55cc7106f92..95ae448bef1 100644 --- a/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud audit logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/audit/sample_event.json b/packages/carbon_black_cloud/data_stream/audit/sample_event.json index 4ecd8ed4543..3aa36a999b1 100644 --- a/packages/carbon_black_cloud/data_stream/audit/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/audit/sample_event.json @@ -26,7 +26,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4f53bc01-9d14-4e27-b716-9b41958e11e0", diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json index 66fa211dad7..18f5ee6919d 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_CREATE_KEY", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_WRITE_VALUE", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_OPEN_PROCESS_HANDLE", @@ -385,7 +385,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_OPEN_PROCESS_HANDLE", @@ -504,7 +504,7 @@ "path": "c:\\windows\\system32\\fltlib.dll" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_LOAD_MODULE", @@ -625,7 +625,7 @@ "path": "c:\\windows\\system32\\dnsapi.dll" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_LOAD_MODULE", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_CREATE_PROCESS", @@ -867,7 +867,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_CREATE_PROCESS", @@ -968,7 +968,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_PROCESS_TERMINATE", @@ -1067,7 +1067,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_PROCESS_TERMINATE", @@ -1162,7 +1162,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_DELETE", @@ -1260,7 +1260,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_READ | ACTION_FILE_OPEN_WRITE", @@ -1362,7 +1362,7 @@ "port": 62909 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_CONNECTION_CREATE", @@ -1470,7 +1470,7 @@ "port": 9716 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_CONNECTION_LISTEN", @@ -1587,7 +1587,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ACTION_LOAD_SCRIPT", diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml index 3a6c8fc6df4..0b3eb810370 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud Endpoint Events. processors: - set: field: ecs.version - value: '8.0.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json b/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json index 958377158a0..f025682463b 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json @@ -20,7 +20,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "carbon_black_cloud": { "endpoint_event": { diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json b/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json index 9ce55015c27..4c750bb15d9 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -333,7 +333,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -455,7 +455,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -576,7 +576,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -683,7 +683,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml index 1699bc69c16..cb8a55f4636 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud watchlist hit. processors: - set: field: ecs.version - value: '8.0.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json b/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json index 0a5e6c32fb2..ec2206a46eb 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json @@ -18,7 +18,7 @@ "version": "8.0.0" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "process": { "parent": { diff --git a/packages/carbon_black_cloud/docs/README.md b/packages/carbon_black_cloud/docs/README.md index 62c93e153bf..03539a47b41 100644 --- a/packages/carbon_black_cloud/docs/README.md +++ b/packages/carbon_black_cloud/docs/README.md @@ -75,7 +75,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4f53bc01-9d14-4e27-b716-9b41958e11e0", @@ -235,7 +235,7 @@ An example event for `alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4f53bc01-9d14-4e27-b716-9b41958e11e0", @@ -451,7 +451,7 @@ An example event for `endpoint_event` looks as following: } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "carbon_black_cloud": { "endpoint_event": { @@ -698,7 +698,7 @@ An example event for `watchlist_hit` looks as following: "version": "8.0.0" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "process": { "parent": { @@ -941,7 +941,7 @@ An example event for `asset_vulnerability_summary` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4f53bc01-9d14-4e27-b716-9b41958e11e0", diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index d37f10abcf3..ba305c46347 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: carbon_black_cloud title: VMware Carbon Black Cloud -version: 1.0.3 +version: "1.1.0" license: basic description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration diff --git a/packages/carbonblack_edr/_dev/build/build.yml b/packages/carbonblack_edr/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/carbonblack_edr/_dev/build/build.yml +++ b/packages/carbonblack_edr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index 8372f08f37a..1cb7fc25d92 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.0" changes: - description: Add JA3/JA3S parsing diff --git a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json index b2254ac9c93..fb49692bedb 100644 --- a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -89,7 +89,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -127,7 +127,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -315,7 +315,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -361,7 +361,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -428,7 +428,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -470,7 +470,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -530,7 +530,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -590,7 +590,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -633,7 +633,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -665,7 +665,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -702,7 +702,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -748,7 +748,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -791,7 +791,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -823,7 +823,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -872,7 +872,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.netconn", @@ -913,7 +913,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -957,7 +957,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -1000,7 +1000,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -1032,7 +1032,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1082,7 +1082,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.netconn", @@ -1136,7 +1136,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -1220,7 +1220,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.regmod", @@ -1257,7 +1257,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -1300,7 +1300,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -1334,7 +1334,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1384,7 +1384,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.netconn", @@ -1452,7 +1452,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -1528,7 +1528,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.regmod", @@ -1565,7 +1565,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -1601,7 +1601,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.tamper", @@ -1645,7 +1645,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -1679,7 +1679,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1731,7 +1731,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.netconn", @@ -1808,7 +1808,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -1879,7 +1879,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.regmod", @@ -1916,7 +1916,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -1952,7 +1952,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.tamper", @@ -1993,7 +1993,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2039,7 +2039,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -2073,7 +2073,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2123,7 +2123,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.netconn", @@ -2194,7 +2194,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -2255,7 +2255,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.regmod", @@ -2292,7 +2292,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -2328,7 +2328,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.tamper", @@ -2369,7 +2369,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2415,7 +2415,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -2457,7 +2457,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.module", @@ -2501,7 +2501,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2551,7 +2551,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.netconn", @@ -2590,7 +2590,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -2630,7 +2630,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.regmod", @@ -2667,7 +2667,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -2703,7 +2703,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.tamper", @@ -2744,7 +2744,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2790,7 +2790,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -2832,7 +2832,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.module", @@ -2876,7 +2876,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2925,7 +2925,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.netconn", @@ -2969,7 +2969,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -3016,7 +3016,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.remotethread", @@ -3063,7 +3063,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.regmod", @@ -3100,7 +3100,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -3136,7 +3136,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.tamper", @@ -3177,7 +3177,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3223,7 +3223,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -3265,7 +3265,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.module", @@ -3309,7 +3309,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3359,7 +3359,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.netconn", @@ -3396,7 +3396,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unknown", @@ -3444,7 +3444,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.remotethread", @@ -3491,7 +3491,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.regmod", @@ -3542,7 +3542,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.childproc", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -3616,7 +3616,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.tamper", @@ -3661,7 +3661,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3707,7 +3707,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -3749,7 +3749,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.module", @@ -3793,7 +3793,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3842,7 +3842,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.netconn", @@ -3888,7 +3888,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.regmod", @@ -3942,7 +3942,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.remotethread", @@ -3989,7 +3989,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.regmod", @@ -4040,7 +4040,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.childproc", @@ -4078,7 +4078,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.observed", @@ -4127,7 +4127,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.filemod", @@ -4167,7 +4167,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.host.observed", @@ -4213,7 +4213,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.moduleload", @@ -4255,7 +4255,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.module", @@ -4299,7 +4299,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "binaryinfo.group.observed", @@ -4348,7 +4348,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.netconn", @@ -4396,7 +4396,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.filemod", @@ -4447,7 +4447,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ingress.event.remotethread", diff --git a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a415c18f141..6b8cdb2e7c9 100644 --- a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing CarbonBlack EDR logs processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 # Validate that the input document conforms to the expected format # to avoid repetitive checks. diff --git a/packages/carbonblack_edr/data_stream/log/sample_event.json b/packages/carbonblack_edr/data_stream/log/sample_event.json index 5afdcc33ab1..433b51f8383 100644 --- a/packages/carbonblack_edr/data_stream/log/sample_event.json +++ b/packages/carbonblack_edr/data_stream/log/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/carbonblack_edr/docs/README.md b/packages/carbonblack_edr/docs/README.md index ede9799204f..6ca362b2e87 100644 --- a/packages/carbonblack_edr/docs/README.md +++ b/packages/carbonblack_edr/docs/README.md @@ -58,7 +58,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/carbonblack_edr/manifest.yml b/packages/carbonblack_edr/manifest.yml index 44f0d8a86eb..7f9f0eedd90 100644 --- a/packages/carbonblack_edr/manifest.yml +++ b/packages/carbonblack_edr/manifest.yml @@ -1,6 +1,6 @@ name: carbonblack_edr title: VMware Carbon Black EDR -version: 1.3.0 +version: "1.4.0" release: ga description: Collect logs from VMware Carbon Black EDR with Elastic Agent. type: integration diff --git a/packages/cef/_dev/build/build.yml b/packages/cef/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cef/_dev/build/build.yml +++ b/packages/cef/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml index 832135f9ca0..06cbe310faa 100644 --- a/packages/cef/changelog.yml +++ b/packages/cef/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.0.3" changes: - description: Format source.mac and destination.mac as per ECS. diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json index 6e4b57c4406..77f2dd25ca4 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json @@ -50,7 +50,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "agent:016", @@ -129,7 +129,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "agent:030", @@ -200,7 +200,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "agent:044", @@ -279,7 +279,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "agent:031", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json index 7855d195972..7a80996e520 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json @@ -31,7 +31,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18", @@ -146,7 +146,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18", @@ -227,7 +227,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18", @@ -272,7 +272,7 @@ "ip": "192.168.1.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json index 1d7a601603a..a49ee1778a5 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json @@ -77,7 +77,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -166,7 +166,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Bypass", @@ -235,7 +235,7 @@ "ip": "::1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Drop", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json index 931534cf6ae..8bc36f75b92 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json @@ -88,7 +88,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "305012", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json index 0aceda9f07a..fc22abc9dd9 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json @@ -21,7 +21,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0", @@ -66,7 +66,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "9005", @@ -122,7 +122,7 @@ "ip": "10.1.1.40" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Allow", @@ -213,7 +213,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "70019", @@ -284,7 +284,7 @@ "ip": "192.168.1.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Refuse", @@ -357,7 +357,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "70021", @@ -416,7 +416,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "72714", @@ -474,7 +474,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "72715", @@ -532,7 +532,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "72716", @@ -589,7 +589,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "78002", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json index 1383626956a..ff52dd0538d 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json @@ -28,7 +28,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blocked", @@ -86,7 +86,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "not blocked", @@ -144,7 +144,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "transformed", @@ -202,7 +202,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "transformed", @@ -260,7 +260,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "not blocked", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json index 40e62dd1686..5d17e684045 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json @@ -56,7 +56,7 @@ "domain": "centos7" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Started", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json index bcb8d6f3d29..d0487cfd2be 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json @@ -19,7 +19,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "600", @@ -82,7 +82,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Delete", @@ -143,7 +143,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "detectOnly", @@ -231,7 +231,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Log", @@ -286,7 +286,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "updated", @@ -379,7 +379,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "IDS:Reset", @@ -446,7 +446,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "3002795", @@ -502,7 +502,7 @@ "version": "0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "5000000", diff --git a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml index ab067960c57..05a4f607013 100644 --- a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for CEF logs. CEF decoding happens in the Agent. This perf processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - convert: field: event.id diff --git a/packages/cef/data_stream/log/sample_event.json b/packages/cef/data_stream/log/sample_event.json index 2921fcb328c..aa4da19638e 100644 --- a/packages/cef/data_stream/log/sample_event.json +++ b/packages/cef/data_stream/log/sample_event.json @@ -42,7 +42,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "69f5d3be-c31a-4be6-adb6-cb3ed3e50817", diff --git a/packages/cef/docs/README.md b/packages/cef/docs/README.md index 8dca26f0601..996ea05c7fd 100644 --- a/packages/cef/docs/README.md +++ b/packages/cef/docs/README.md @@ -175,7 +175,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "69f5d3be-c31a-4be6-adb6-cb3ed3e50817", diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml index 5bcae7fa174..10e7c4dd34b 100644 --- a/packages/cef/manifest.yml +++ b/packages/cef/manifest.yml @@ -1,6 +1,6 @@ name: cef title: CEF Logs -version: "2.0.3" +version: "2.1.0" release: ga description: Collect logs from CEF Logs with Elastic Agent. type: integration diff --git a/packages/checkpoint/_dev/build/build.yml b/packages/checkpoint/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/checkpoint/_dev/build/build.yml +++ b/packages/checkpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/checkpoint/changelog.yml b/packages/checkpoint/changelog.yml index 8c46c1e29a4..1f3b7d94bcb 100644 --- a/packages/checkpoint/changelog.yml +++ b/packages/checkpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.5.1" changes: - description: Update Checkpoint logo. diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json index eb7b18195d6..96c19e2293d 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json @@ -13,7 +13,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -91,7 +91,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Drop", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json index 84124b7c843..f7a9fb25eb6 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json @@ -6,7 +6,7 @@ "sys_message": "The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -41,7 +41,7 @@ "sys_message": "installed Standard" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -166,7 +166,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -238,7 +238,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -302,7 +302,7 @@ "status": "Finished" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -353,7 +353,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -439,7 +439,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -498,7 +498,7 @@ "status": "Started" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -549,7 +549,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -621,7 +621,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -685,7 +685,7 @@ "status": "Finished" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -722,7 +722,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -786,7 +786,7 @@ "update_status": "updated" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -819,7 +819,7 @@ "update_status": "updated" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -857,7 +857,7 @@ "port": 138 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -937,7 +937,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Drop", @@ -992,7 +992,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -1061,7 +1061,7 @@ "port": 137 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -1130,7 +1130,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", @@ -1199,7 +1199,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json index 78487a93db5..98eb790aee5 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json @@ -13,7 +13,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index 6de6cf8bbd6..3f86b7bf3b5 100644 --- a/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing checkpoint firewall logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/checkpoint/data_stream/firewall/sample_event.json b/packages/checkpoint/data_stream/firewall/sample_event.json index a375c48028e..e911516a1fd 100644 --- a/packages/checkpoint/data_stream/firewall/sample_event.json +++ b/packages/checkpoint/data_stream/firewall/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ba9ee39d-37f1-433a-8800-9d424cb9dd11", diff --git a/packages/checkpoint/docs/README.md b/packages/checkpoint/docs/README.md index fc596238769..90da29a2473 100644 --- a/packages/checkpoint/docs/README.md +++ b/packages/checkpoint/docs/README.md @@ -38,7 +38,7 @@ An example event for `firewall` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ba9ee39d-37f1-433a-8800-9d424cb9dd11", diff --git a/packages/checkpoint/manifest.yml b/packages/checkpoint/manifest.yml index 6f13d1654a3..e55037c2d5f 100644 --- a/packages/checkpoint/manifest.yml +++ b/packages/checkpoint/manifest.yml @@ -1,6 +1,6 @@ name: checkpoint title: Check Point -version: 1.5.1 +version: "1.6.0" release: ga description: Collect logs from Check Point with Elastic Agent. type: integration diff --git a/packages/cisco_asa/_dev/build/build.yml b/packages/cisco_asa/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cisco_asa/_dev/build/build.yml +++ b/packages/cisco_asa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index 916ddeb3b1d..113b559666d 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.4.2" changes: - description: Map syslog priority details according to ECS diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json index 72b5f3a3e6c..03359439d90 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json @@ -22,7 +22,7 @@ "port": 53500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -109,7 +109,7 @@ "port": 53500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -188,7 +188,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -249,7 +249,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -309,7 +309,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -372,7 +372,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -447,7 +447,7 @@ "port": 111 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -530,7 +530,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -603,7 +603,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -679,7 +679,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -746,7 +746,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -790,7 +790,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -849,7 +849,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -911,7 +911,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -968,7 +968,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1032,7 +1032,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1099,7 +1099,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1167,7 +1167,7 @@ "port": 55225 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1255,7 +1255,7 @@ "port": 54839 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1334,7 +1334,7 @@ "port": 54230 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1411,7 +1411,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1481,7 +1481,7 @@ "port": 57006 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1554,7 +1554,7 @@ "port": 14322 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1627,7 +1627,7 @@ "port": 53356 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1713,7 +1713,7 @@ "port": 22638 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1800,7 +1800,7 @@ "port": 22638 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1880,7 +1880,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1954,7 +1954,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2022,7 +2022,7 @@ "port": 65020 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2093,7 +2093,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2163,7 +2163,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2233,7 +2233,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2304,7 +2304,7 @@ "port": 10051 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2378,7 +2378,7 @@ "port": 10051 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2452,7 +2452,7 @@ "port": 10051 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2525,7 +2525,7 @@ "port": 10051 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2604,7 +2604,7 @@ "port": 39222 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2677,7 +2677,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2729,7 +2729,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2788,7 +2788,7 @@ "port": 3452 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2865,7 +2865,7 @@ "port": 6007 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2933,7 +2933,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2975,7 +2975,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3024,7 +3024,7 @@ "port": 1985 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3087,7 +3087,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3129,7 +3129,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3178,7 +3178,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3255,7 +3255,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3305,7 +3305,7 @@ "port": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3380,7 +3380,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3450,7 +3450,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3511,7 +3511,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3572,7 +3572,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3633,7 +3633,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3711,7 +3711,7 @@ "port": 9101 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3803,7 +3803,7 @@ "port": 51635 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3880,7 +3880,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3947,7 +3947,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3997,7 +3997,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4059,7 +4059,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4115,7 +4115,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4182,7 +4182,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4246,7 +4246,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4313,7 +4313,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4371,7 +4371,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4451,7 +4451,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4517,7 +4517,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4576,7 +4576,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4648,7 +4648,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4711,7 +4711,7 @@ "port": 23 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4794,7 +4794,7 @@ "port": 123123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "bypass", @@ -4880,7 +4880,7 @@ "port": 514514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -4957,7 +4957,7 @@ "port": 123412 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5039,7 +5039,7 @@ "port": 514514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5122,7 +5122,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "created", @@ -5194,7 +5194,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deleted", @@ -5274,7 +5274,7 @@ "port": 7777 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-started", @@ -5350,7 +5350,7 @@ "port": 7777 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "error", @@ -5420,7 +5420,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5472,7 +5472,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5522,7 +5522,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "error", @@ -5573,7 +5573,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "error", @@ -5617,7 +5617,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5660,7 +5660,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "error", @@ -5704,7 +5704,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "error", @@ -5755,7 +5755,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5830,7 +5830,7 @@ "ip": "172.31.98.44" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5925,7 +5925,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6024,7 +6024,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6117,7 +6117,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6169,7 +6169,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6221,7 +6221,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6273,7 +6273,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json index 751d6505ee3..741b94a1064 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-error", @@ -82,7 +82,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-error", @@ -158,7 +158,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-error", @@ -234,7 +234,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-error", @@ -310,7 +310,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-error", @@ -386,7 +386,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-error", @@ -462,7 +462,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-error", @@ -538,7 +538,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-error", @@ -614,7 +614,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-error", @@ -662,7 +662,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-error", @@ -738,7 +738,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-connected", @@ -814,7 +814,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "client-vpn-disconnected", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index 48c7711ab35..513b48b5c8a 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -102,7 +102,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -177,7 +177,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -247,7 +247,7 @@ "port": 57621 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -324,7 +324,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -379,7 +379,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -452,7 +452,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -522,7 +522,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -592,7 +592,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -663,7 +663,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -751,7 +751,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json index 3735405a9e4..8712d6d5bd8 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json @@ -25,7 +25,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -98,7 +98,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -152,7 +152,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -185,7 +185,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index 9699f1a239b..5eed00a66b2 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -97,7 +97,7 @@ "port": 1772 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -177,7 +177,7 @@ "port": 1758 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -262,7 +262,7 @@ "port": 1757 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -347,7 +347,7 @@ "port": 1755 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -432,7 +432,7 @@ "port": 1754 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -517,7 +517,7 @@ "port": 1752 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -602,7 +602,7 @@ "port": 1749 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -687,7 +687,7 @@ "port": 1750 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -772,7 +772,7 @@ "port": 1747 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -857,7 +857,7 @@ "port": 1742 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -942,7 +942,7 @@ "port": 1741 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1027,7 +1027,7 @@ "port": 1739 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1112,7 +1112,7 @@ "port": 1740 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1197,7 +1197,7 @@ "port": 1738 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1282,7 +1282,7 @@ "port": 1756 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1367,7 +1367,7 @@ "port": 1737 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1452,7 +1452,7 @@ "port": 1736 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1537,7 +1537,7 @@ "port": 1765 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1621,7 +1621,7 @@ "port": 1188 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1704,7 +1704,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1784,7 +1784,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1872,7 +1872,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1952,7 +1952,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -2035,7 +2035,7 @@ "port": 8257 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2118,7 +2118,7 @@ "port": 1773 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2197,7 +2197,7 @@ "port": 8258 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2280,7 +2280,7 @@ "port": 1774 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2364,7 +2364,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2448,7 +2448,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2528,7 +2528,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -2612,7 +2612,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -2695,7 +2695,7 @@ "port": 8259 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2778,7 +2778,7 @@ "port": 1775 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2857,7 +2857,7 @@ "port": 1189 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2940,7 +2940,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3024,7 +3024,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3104,7 +3104,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3188,7 +3188,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3271,7 +3271,7 @@ "port": 8265 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3354,7 +3354,7 @@ "port": 1452 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3438,7 +3438,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3522,7 +3522,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3602,7 +3602,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3686,7 +3686,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3769,7 +3769,7 @@ "port": 8266 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3852,7 +3852,7 @@ "port": 1453 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3932,7 +3932,7 @@ "port": 1453 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -4021,7 +4021,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4101,7 +4101,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -4185,7 +4185,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -4268,7 +4268,7 @@ "port": 8267 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4351,7 +4351,7 @@ "port": 1454 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4430,7 +4430,7 @@ "port": 8268 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4513,7 +4513,7 @@ "port": 1455 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4592,7 +4592,7 @@ "port": 8269 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4675,7 +4675,7 @@ "port": 1456 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4759,7 +4759,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4839,7 +4839,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -4922,7 +4922,7 @@ "port": 8270 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5005,7 +5005,7 @@ "port": 1457 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5084,7 +5084,7 @@ "port": 8271 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5167,7 +5167,7 @@ "port": 1458 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5251,7 +5251,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5331,7 +5331,7 @@ "port": 1457 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -5415,7 +5415,7 @@ "port": 8272 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5498,7 +5498,7 @@ "port": 1459 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5578,7 +5578,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -5661,7 +5661,7 @@ "port": 8273 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5744,7 +5744,7 @@ "port": 1460 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5823,7 +5823,7 @@ "port": 8267 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -5905,7 +5905,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5988,7 +5988,7 @@ "port": 1385 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6067,7 +6067,7 @@ "port": 8268 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6149,7 +6149,7 @@ "port": 8269 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6231,7 +6231,7 @@ "port": 8270 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6313,7 +6313,7 @@ "port": 8271 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6395,7 +6395,7 @@ "port": 8272 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6477,7 +6477,7 @@ "port": 8273 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6560,7 +6560,7 @@ "port": 1382 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6645,7 +6645,7 @@ "port": 1385 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6729,7 +6729,7 @@ "port": 8278 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6812,7 +6812,7 @@ "port": 1386 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6892,7 +6892,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6973,7 +6973,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7054,7 +7054,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7135,7 +7135,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7216,7 +7216,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7297,7 +7297,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7378,7 +7378,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7459,7 +7459,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7540,7 +7540,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7621,7 +7621,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7702,7 +7702,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7783,7 +7783,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7864,7 +7864,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7944,7 +7944,7 @@ "port": 8279 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8027,7 +8027,7 @@ "port": 1275 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8106,7 +8106,7 @@ "port": 1190 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8189,7 +8189,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8269,7 +8269,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -8357,7 +8357,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8437,7 +8437,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -8520,7 +8520,7 @@ "port": 8280 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8603,7 +8603,7 @@ "port": 1276 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8682,7 +8682,7 @@ "port": 8281 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8765,7 +8765,7 @@ "port": 1277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8845,7 +8845,7 @@ "port": 1276 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -8929,7 +8929,7 @@ "port": 8282 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9012,7 +9012,7 @@ "port": 1278 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9092,7 +9092,7 @@ "port": 1277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -9176,7 +9176,7 @@ "port": 8283 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9259,7 +9259,7 @@ "port": 1279 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9339,7 +9339,7 @@ "port": 1278 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -9424,7 +9424,7 @@ "port": 1279 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -9508,7 +9508,7 @@ "port": 8284 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9591,7 +9591,7 @@ "port": 1280 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9671,7 +9671,7 @@ "port": 1280 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -9755,7 +9755,7 @@ "port": 8285 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9838,7 +9838,7 @@ "port": 1281 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9917,7 +9917,7 @@ "port": 8286 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10000,7 +10000,7 @@ "port": 1282 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10079,7 +10079,7 @@ "port": 8287 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10162,7 +10162,7 @@ "port": 1283 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10241,7 +10241,7 @@ "port": 8288 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10324,7 +10324,7 @@ "port": 1284 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10404,7 +10404,7 @@ "port": 1281 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -10489,7 +10489,7 @@ "port": 1282 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -10574,7 +10574,7 @@ "port": 1283 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -10658,7 +10658,7 @@ "port": 8289 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10741,7 +10741,7 @@ "port": 1285 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10820,7 +10820,7 @@ "port": 8290 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10903,7 +10903,7 @@ "port": 1286 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10983,7 +10983,7 @@ "port": 1284 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -11067,7 +11067,7 @@ "port": 8291 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11150,7 +11150,7 @@ "port": 1287 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11230,7 +11230,7 @@ "port": 1285 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -11315,7 +11315,7 @@ "port": 1286 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -11404,7 +11404,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11483,7 +11483,7 @@ "port": 8292 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11566,7 +11566,7 @@ "port": 1288 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11646,7 +11646,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -11734,7 +11734,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11814,7 +11814,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -11897,7 +11897,7 @@ "port": 8293 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11980,7 +11980,7 @@ "port": 1289 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12060,7 +12060,7 @@ "port": 1288 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12145,7 +12145,7 @@ "port": 1287 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12234,7 +12234,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12314,7 +12314,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12397,7 +12397,7 @@ "port": 8294 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12480,7 +12480,7 @@ "port": 1290 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12560,7 +12560,7 @@ "port": 68 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12643,7 +12643,7 @@ "port": 8276 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12730,7 +12730,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12814,7 +12814,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12894,7 +12894,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12982,7 +12982,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13062,7 +13062,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -13146,7 +13146,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -13234,7 +13234,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13314,7 +13314,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -13397,7 +13397,7 @@ "port": 8295 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13480,7 +13480,7 @@ "port": 1291 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13564,7 +13564,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13644,7 +13644,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -13727,7 +13727,7 @@ "port": 8296 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13810,7 +13810,7 @@ "port": 1292 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13889,7 +13889,7 @@ "port": 8297 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13972,7 +13972,7 @@ "port": 1293 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14051,7 +14051,7 @@ "port": 8298 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14134,7 +14134,7 @@ "port": 1294 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14214,7 +14214,7 @@ "port": 1293 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -14298,7 +14298,7 @@ "port": 8299 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14381,7 +14381,7 @@ "port": 1295 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14460,7 +14460,7 @@ "port": 8300 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14543,7 +14543,7 @@ "port": 1296 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14623,7 +14623,7 @@ "port": 1294 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -14708,7 +14708,7 @@ "port": 1295 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -14793,7 +14793,7 @@ "port": 1296 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -14877,7 +14877,7 @@ "port": 8301 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14960,7 +14960,7 @@ "port": 1297 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15039,7 +15039,7 @@ "port": 8302 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15122,7 +15122,7 @@ "port": 1298 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15206,7 +15206,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15286,7 +15286,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -15370,7 +15370,7 @@ "port": 1297 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -15454,7 +15454,7 @@ "port": 8303 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15537,7 +15537,7 @@ "port": 1299 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15616,7 +15616,7 @@ "port": 8304 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15699,7 +15699,7 @@ "port": 1300 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15779,7 +15779,7 @@ "port": 1298 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -15864,7 +15864,7 @@ "port": 1300 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -15948,7 +15948,7 @@ "port": 8305 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16031,7 +16031,7 @@ "port": 1301 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16110,7 +16110,7 @@ "port": 8306 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16193,7 +16193,7 @@ "port": 1302 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16272,7 +16272,7 @@ "port": 8280 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -16354,7 +16354,7 @@ "port": 8281 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -16436,7 +16436,7 @@ "port": 8282 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -16518,7 +16518,7 @@ "port": 8283 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -16600,7 +16600,7 @@ "port": 8284 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -16682,7 +16682,7 @@ "port": 8285 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -16764,7 +16764,7 @@ "port": 8286 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -16846,7 +16846,7 @@ "port": 8287 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -16928,7 +16928,7 @@ "port": 8288 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17010,7 +17010,7 @@ "port": 8289 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17092,7 +17092,7 @@ "port": 8290 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17174,7 +17174,7 @@ "port": 8291 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17256,7 +17256,7 @@ "port": 8292 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17338,7 +17338,7 @@ "port": 8297 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17420,7 +17420,7 @@ "port": 8298 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17502,7 +17502,7 @@ "port": 8308 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17585,7 +17585,7 @@ "port": 1304 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17664,7 +17664,7 @@ "port": 8299 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17746,7 +17746,7 @@ "port": 8300 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17833,7 +17833,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17917,7 +17917,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17997,7 +17997,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -18081,7 +18081,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -18164,7 +18164,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18247,7 +18247,7 @@ "port": 1305 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18326,7 +18326,7 @@ "port": 8301 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -18408,7 +18408,7 @@ "port": 8302 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -18490,7 +18490,7 @@ "port": 8303 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -18572,7 +18572,7 @@ "port": 8304 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -18654,7 +18654,7 @@ "port": 8305 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -18736,7 +18736,7 @@ "port": 8306 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -18818,7 +18818,7 @@ "port": 8307 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -18901,7 +18901,7 @@ "port": 1305 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -18986,7 +18986,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19067,7 +19067,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19148,7 +19148,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19228,7 +19228,7 @@ "port": 8310 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19311,7 +19311,7 @@ "port": 1306 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19391,7 +19391,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19472,7 +19472,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19553,7 +19553,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19634,7 +19634,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19715,7 +19715,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19796,7 +19796,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19877,7 +19877,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19958,7 +19958,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20039,7 +20039,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20120,7 +20120,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20201,7 +20201,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20282,7 +20282,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20363,7 +20363,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20444,7 +20444,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20525,7 +20525,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20606,7 +20606,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20687,7 +20687,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20768,7 +20768,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20849,7 +20849,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20930,7 +20930,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21011,7 +21011,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21092,7 +21092,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21173,7 +21173,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21254,7 +21254,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21335,7 +21335,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21416,7 +21416,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21497,7 +21497,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21578,7 +21578,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21659,7 +21659,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21740,7 +21740,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21821,7 +21821,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21902,7 +21902,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -21983,7 +21983,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json index 238a4358f76..c7a8a6ac25d 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index e72b04408c3..f628e5601ae 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -52,7 +52,7 @@ "asa": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -102,7 +102,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json index 6f831fd6e79..c0d95f0f88e 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json @@ -11,7 +11,7 @@ "domain": "target.destination.hostname.local" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -77,7 +77,7 @@ "ip": "192.168.2.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index 73817b19ee4..c3cb4660c50 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -104,7 +104,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -176,7 +176,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index 14bf7a260b5..f384357adef 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -85,7 +85,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -156,7 +156,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -226,7 +226,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -303,7 +303,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -379,7 +379,7 @@ "port": 12834 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -454,7 +454,7 @@ "port": 4952 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -522,7 +522,7 @@ "port": 25882 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -597,7 +597,7 @@ "port": 52925 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -669,7 +669,7 @@ "port": 45392 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -745,7 +745,7 @@ "port": 4953 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -815,7 +815,7 @@ "port": 52925 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -893,7 +893,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -973,7 +973,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1037,7 +1037,7 @@ "port": 10879 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1113,7 +1113,7 @@ "port": 4954 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1179,7 +1179,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1241,7 +1241,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1311,7 +1311,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1381,7 +1381,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1451,7 +1451,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1521,7 +1521,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1591,7 +1591,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1661,7 +1661,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1731,7 +1731,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1801,7 +1801,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1871,7 +1871,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1939,7 +1939,7 @@ "port": 137 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2001,7 +2001,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2063,7 +2063,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2133,7 +2133,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2203,7 +2203,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2273,7 +2273,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2343,7 +2343,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2413,7 +2413,7 @@ "port": 8111 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2483,7 +2483,7 @@ "port": 8111 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2553,7 +2553,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2623,7 +2623,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2694,7 +2694,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2768,7 +2768,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2840,7 +2840,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2913,7 +2913,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2990,7 +2990,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3067,7 +3067,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3140,7 +3140,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3217,7 +3217,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3294,7 +3294,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3369,7 +3369,7 @@ "port": 5679 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3435,7 +3435,7 @@ "port": 5679 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3503,7 +3503,7 @@ "port": 5000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3580,7 +3580,7 @@ "port": 65000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3656,7 +3656,7 @@ "port": 65000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3728,7 +3728,7 @@ "port": 1235 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3805,7 +3805,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3875,7 +3875,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3938,7 +3938,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4001,7 +4001,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4064,7 +4064,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4127,7 +4127,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4190,7 +4190,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4253,7 +4253,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4316,7 +4316,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4382,7 +4382,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4454,7 +4454,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4521,7 +4521,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4590,7 +4590,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4677,7 +4677,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4757,7 +4757,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4826,7 +4826,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4879,7 +4879,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4936,7 +4936,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5020,7 +5020,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5093,7 +5093,7 @@ "ip": "172.17.6.211" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5178,7 +5178,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5288,7 +5288,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5400,7 +5400,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -5495,7 +5495,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -5594,7 +5594,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -5687,7 +5687,7 @@ "port": 18449 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -5764,7 +5764,7 @@ "ip": "ff02::1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -5836,7 +5836,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5925,7 +5925,7 @@ "port": 50120 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6028,7 +6028,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6130,7 +6130,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6227,7 +6227,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6334,7 +6334,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6438,7 +6438,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deleted", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json index 70d28ebd0dd..86939376377 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json @@ -16,7 +16,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -83,7 +83,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -150,7 +150,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -217,7 +217,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f5412496e7a..337a0159f81 100644 --- a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # # Parse the syslog header # diff --git a/packages/cisco_asa/data_stream/log/sample_event.json b/packages/cisco_asa/data_stream/log/sample_event.json index fa30377de4b..8236d873b3f 100644 --- a/packages/cisco_asa/data_stream/log/sample_event.json +++ b/packages/cisco_asa/data_stream/log/sample_event.json @@ -24,7 +24,7 @@ "port": 8256 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "c077f5c5-ca69-4197-9db5-7963794bdac3", diff --git a/packages/cisco_asa/docs/README.md b/packages/cisco_asa/docs/README.md index 74a9619b684..109d18f8924 100644 --- a/packages/cisco_asa/docs/README.md +++ b/packages/cisco_asa/docs/README.md @@ -40,7 +40,7 @@ An example event for `log` looks as following: "port": 8256 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "c077f5c5-ca69-4197-9db5-7963794bdac3", diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index f0cc6e7c4f7..f0704b2e83e 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: 2.4.2 +version: "2.5.0" license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration diff --git a/packages/cisco_duo/_dev/build/build.yml b/packages/cisco_duo/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cisco_duo/_dev/build/build.yml +++ b/packages/cisco_duo/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index 26c9d98507a..345554eb974 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.2.4" changes: - description: Handle non-spec compliant `cisco_duo.auth.access_device.security_agents` diff --git a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json index 89928e8ffb4..f4850dd49f2 100644 --- a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json +++ b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "activation_begin", @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "admin_activate_duo_push", @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "activation_begin", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "activation_set_password", @@ -138,7 +138,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "admin_self_activate", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "admin_update", @@ -215,7 +215,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user_update", @@ -257,7 +257,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user_update", diff --git a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index 51f1d16664d..67737de6461 100644 --- a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo administrator logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/admin/sample_event.json b/packages/cisco_duo/data_stream/admin/sample_event.json index 6c70009ed53..c7596c5c4b7 100644 --- a/packages/cisco_duo/data_stream/admin/sample_event.json +++ b/packages/cisco_duo/data_stream/admin/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json index a9a5a63e077..f2e2034ce42 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json @@ -40,7 +40,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -163,7 +163,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -284,7 +284,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -404,7 +404,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -522,7 +522,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -624,7 +624,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -735,7 +735,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -837,7 +837,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -940,7 +940,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -1043,7 +1043,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -1146,7 +1146,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -1352,7 +1352,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -1451,7 +1451,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -1546,7 +1546,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -1641,7 +1641,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", @@ -1726,7 +1726,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "authentication", diff --git a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml index 39e2ae8a1e0..628d3f994d8 100644 --- a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo authentication logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/auth/sample_event.json b/packages/cisco_duo/data_stream/auth/sample_event.json index 271ad159d22..5e7c101df65 100644 --- a/packages/cisco_duo/data_stream/auth/sample_event.json +++ b/packages/cisco_duo/data_stream/auth/sample_event.json @@ -50,7 +50,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9c2175d9-ba8c-4169-b98d-dfcbc2a7bda3", diff --git a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json index b8aceb39805..03f5e9db100 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "original": "{\"action\": \"o2fa_user_provisioned\",\"description\": \"{\\\"user_agent\\\": \\\"DuoCredProv/4.0.6.413 (Windows NT 6.3.9600; x64; Server)\\\", \\\"hostname\\\": \\\"WKSW10x64\\\", \\\"factor\\\": \\\"duo_otp\\\"}\",\"isotimestamp\": \"2019-08-30T16:10:05+00:00\",\"object\": \"Acme Laptop Windows Logon\",\"timestamp\": 1567181405,\"username\": \"narroway\"}" diff --git a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml index 929f83a3ff7..70630d44277 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo offline enrollment logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json b/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json index 9a3e3e3eca7..8ea6bf86036 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json @@ -27,7 +27,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json index 399a400d425..3b1dcc12ac1 100644 --- a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json +++ b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2022-04-25T13:05:09.293968400Z", + "@timestamp": "2022-06-28T17:52:12.776176085Z", "cisco_duo": { "summary": { "admin_count": 6, @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "original": "{\"response\":{\"admin_count\":6,\"integration_count\":5,\"telephony_credits_remaining\":473,\"user_count\":4},\"stat\":\"OK\"}" @@ -21,7 +21,7 @@ ] }, { - "@timestamp": "2022-04-25T13:05:09.293994Z", + "@timestamp": "2022-06-28T17:52:12.776179085Z", "cisco_duo": { "summary": { "admin_count": 3, @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "original": "{\"response\":{\"admin_count\":3,\"integration_count\":9,\"telephony_credits_remaining\":960,\"user_count\":8},\"stat\":\"OK\"}" diff --git a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml index 89fe7b88015..51900105147 100644 --- a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo summary logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: "@timestamp" value: "{{{_ingest.timestamp}}}" diff --git a/packages/cisco_duo/data_stream/summary/sample_event.json b/packages/cisco_duo/data_stream/summary/sample_event.json index 21d5e9a30f1..1c432e3848b 100644 --- a/packages/cisco_duo/data_stream/summary/sample_event.json +++ b/packages/cisco_duo/data_stream/summary/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json index 74f27123d69..9db310847e3 100644 --- a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json +++ b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -32,7 +32,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml index 652f4fc4ff6..4b29de74656 100644 --- a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo telephony logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/cisco_duo/data_stream/telephony/sample_event.json b/packages/cisco_duo/data_stream/telephony/sample_event.json index 54bd428fb23..d09505986a3 100644 --- a/packages/cisco_duo/data_stream/telephony/sample_event.json +++ b/packages/cisco_duo/data_stream/telephony/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/docs/README.md b/packages/cisco_duo/docs/README.md index ce72ef2ad3d..402c57f60da 100644 --- a/packages/cisco_duo/docs/README.md +++ b/packages/cisco_duo/docs/README.md @@ -54,7 +54,7 @@ An example event for `admin` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", @@ -217,7 +217,7 @@ An example event for `auth` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9c2175d9-ba8c-4169-b98d-dfcbc2a7bda3", @@ -455,7 +455,7 @@ An example event for `offline_enrollment` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", @@ -569,7 +569,7 @@ An example event for `summary` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", @@ -676,7 +676,7 @@ An example event for `telephony` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index 1a473fae44b..dc526e9969d 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_duo title: Cisco Duo -version: 1.2.4 +version: "1.3.0" license: basic description: Collect logs from Cisco Duo with Elastic Agent. type: integration diff --git a/packages/cisco_ftd/_dev/build/build.yml b/packages/cisco_ftd/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cisco_ftd/_dev/build/build.yml +++ b/packages/cisco_ftd/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index 4c0b0e64ea6..5b4d0540de8 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.2.2" changes: - description: Map syslog priority details according to ECS diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index 4d49521cb63..f7d57b865be 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -95,7 +95,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -169,7 +169,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -238,7 +238,7 @@ "port": 57621 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -308,7 +308,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index 69342fca327..a841d5d6e17 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -96,7 +96,7 @@ "port": 1772 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -175,7 +175,7 @@ "port": 1758 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -259,7 +259,7 @@ "port": 1757 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -343,7 +343,7 @@ "port": 1755 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -427,7 +427,7 @@ "port": 1754 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -511,7 +511,7 @@ "port": 1752 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -595,7 +595,7 @@ "port": 1749 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -679,7 +679,7 @@ "port": 1750 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -763,7 +763,7 @@ "port": 1747 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -847,7 +847,7 @@ "port": 1742 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -931,7 +931,7 @@ "port": 1741 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1015,7 +1015,7 @@ "port": 1739 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1099,7 +1099,7 @@ "port": 1740 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1183,7 +1183,7 @@ "port": 1738 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1267,7 +1267,7 @@ "port": 1756 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1351,7 +1351,7 @@ "port": 1737 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1435,7 +1435,7 @@ "port": 1736 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1519,7 +1519,7 @@ "port": 1765 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1602,7 +1602,7 @@ "port": 1188 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1684,7 +1684,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1763,7 +1763,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1850,7 +1850,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1929,7 +1929,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -2011,7 +2011,7 @@ "port": 8257 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2093,7 +2093,7 @@ "port": 1773 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2171,7 +2171,7 @@ "port": 8258 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2253,7 +2253,7 @@ "port": 1774 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2336,7 +2336,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2419,7 +2419,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2498,7 +2498,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -2581,7 +2581,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -2663,7 +2663,7 @@ "port": 8259 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2745,7 +2745,7 @@ "port": 1775 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2823,7 +2823,7 @@ "port": 1189 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2905,7 +2905,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2988,7 +2988,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3067,7 +3067,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3150,7 +3150,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3232,7 +3232,7 @@ "port": 8265 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3314,7 +3314,7 @@ "port": 1452 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3397,7 +3397,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3480,7 +3480,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3559,7 +3559,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3642,7 +3642,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3724,7 +3724,7 @@ "port": 8266 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3806,7 +3806,7 @@ "port": 1453 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3885,7 +3885,7 @@ "port": 1453 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3973,7 +3973,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4052,7 +4052,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -4135,7 +4135,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -4217,7 +4217,7 @@ "port": 8267 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4299,7 +4299,7 @@ "port": 1454 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4377,7 +4377,7 @@ "port": 8268 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4459,7 +4459,7 @@ "port": 1455 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4537,7 +4537,7 @@ "port": 8269 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4619,7 +4619,7 @@ "port": 1456 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4702,7 +4702,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4781,7 +4781,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -4863,7 +4863,7 @@ "port": 8270 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4945,7 +4945,7 @@ "port": 1457 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5023,7 +5023,7 @@ "port": 8271 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5105,7 +5105,7 @@ "port": 1458 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5188,7 +5188,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5267,7 +5267,7 @@ "port": 1457 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -5350,7 +5350,7 @@ "port": 8272 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5432,7 +5432,7 @@ "port": 1459 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5511,7 +5511,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -5593,7 +5593,7 @@ "port": 8273 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5675,7 +5675,7 @@ "port": 1460 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5745,7 +5745,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5799,7 +5799,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5881,7 +5881,7 @@ "port": 1385 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5951,7 +5951,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -5997,7 +5997,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6043,7 +6043,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6089,7 +6089,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6135,7 +6135,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6181,7 +6181,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6236,7 +6236,7 @@ "port": 1382 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6320,7 +6320,7 @@ "port": 1385 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -6403,7 +6403,7 @@ "port": 8278 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6485,7 +6485,7 @@ "port": 1386 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6564,7 +6564,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6644,7 +6644,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6724,7 +6724,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6804,7 +6804,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6884,7 +6884,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -6964,7 +6964,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7044,7 +7044,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7124,7 +7124,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7204,7 +7204,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7284,7 +7284,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7364,7 +7364,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7444,7 +7444,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7524,7 +7524,7 @@ "port": 8277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7603,7 +7603,7 @@ "port": 8279 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7685,7 +7685,7 @@ "port": 1275 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7763,7 +7763,7 @@ "port": 1190 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7845,7 +7845,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -7924,7 +7924,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -8011,7 +8011,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8090,7 +8090,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -8172,7 +8172,7 @@ "port": 8280 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8254,7 +8254,7 @@ "port": 1276 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8332,7 +8332,7 @@ "port": 8281 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8414,7 +8414,7 @@ "port": 1277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8493,7 +8493,7 @@ "port": 1276 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -8576,7 +8576,7 @@ "port": 8282 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8658,7 +8658,7 @@ "port": 1278 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8737,7 +8737,7 @@ "port": 1277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -8820,7 +8820,7 @@ "port": 8283 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8902,7 +8902,7 @@ "port": 1279 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -8981,7 +8981,7 @@ "port": 1278 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -9065,7 +9065,7 @@ "port": 1279 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -9148,7 +9148,7 @@ "port": 8284 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9230,7 +9230,7 @@ "port": 1280 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9309,7 +9309,7 @@ "port": 1280 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -9392,7 +9392,7 @@ "port": 8285 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9474,7 +9474,7 @@ "port": 1281 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9552,7 +9552,7 @@ "port": 8286 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9634,7 +9634,7 @@ "port": 1282 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9712,7 +9712,7 @@ "port": 8287 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9794,7 +9794,7 @@ "port": 1283 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9872,7 +9872,7 @@ "port": 8288 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -9954,7 +9954,7 @@ "port": 1284 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10033,7 +10033,7 @@ "port": 1281 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -10117,7 +10117,7 @@ "port": 1282 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -10201,7 +10201,7 @@ "port": 1283 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -10284,7 +10284,7 @@ "port": 8289 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10366,7 +10366,7 @@ "port": 1285 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10444,7 +10444,7 @@ "port": 8290 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10526,7 +10526,7 @@ "port": 1286 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10605,7 +10605,7 @@ "port": 1284 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -10688,7 +10688,7 @@ "port": 8291 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10770,7 +10770,7 @@ "port": 1287 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -10849,7 +10849,7 @@ "port": 1285 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -10933,7 +10933,7 @@ "port": 1286 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -11021,7 +11021,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11099,7 +11099,7 @@ "port": 8292 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11181,7 +11181,7 @@ "port": 1288 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11260,7 +11260,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -11347,7 +11347,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11426,7 +11426,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -11508,7 +11508,7 @@ "port": 8293 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11590,7 +11590,7 @@ "port": 1289 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11669,7 +11669,7 @@ "port": 1288 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -11753,7 +11753,7 @@ "port": 1287 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -11841,7 +11841,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -11920,7 +11920,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12002,7 +12002,7 @@ "port": 8294 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12084,7 +12084,7 @@ "port": 1290 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12163,7 +12163,7 @@ "port": 68 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12237,7 +12237,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12296,7 +12296,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12379,7 +12379,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12458,7 +12458,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12545,7 +12545,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12624,7 +12624,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12707,7 +12707,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12794,7 +12794,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -12873,7 +12873,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -12955,7 +12955,7 @@ "port": 8295 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13037,7 +13037,7 @@ "port": 1291 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13120,7 +13120,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13199,7 +13199,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -13281,7 +13281,7 @@ "port": 8296 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13363,7 +13363,7 @@ "port": 1292 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13441,7 +13441,7 @@ "port": 8297 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13523,7 +13523,7 @@ "port": 1293 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13601,7 +13601,7 @@ "port": 8298 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13683,7 +13683,7 @@ "port": 1294 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13762,7 +13762,7 @@ "port": 1293 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -13845,7 +13845,7 @@ "port": 8299 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -13927,7 +13927,7 @@ "port": 1295 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14005,7 +14005,7 @@ "port": 8300 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14087,7 +14087,7 @@ "port": 1296 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14166,7 +14166,7 @@ "port": 1294 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -14250,7 +14250,7 @@ "port": 1295 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -14334,7 +14334,7 @@ "port": 1296 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -14417,7 +14417,7 @@ "port": 8301 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14499,7 +14499,7 @@ "port": 1297 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14577,7 +14577,7 @@ "port": 8302 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14659,7 +14659,7 @@ "port": 1298 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14742,7 +14742,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -14821,7 +14821,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -14904,7 +14904,7 @@ "port": 1297 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -14987,7 +14987,7 @@ "port": 8303 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15069,7 +15069,7 @@ "port": 1299 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15147,7 +15147,7 @@ "port": 8304 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15229,7 +15229,7 @@ "port": 1300 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15308,7 +15308,7 @@ "port": 1298 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -15392,7 +15392,7 @@ "port": 1300 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -15475,7 +15475,7 @@ "port": 8305 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15557,7 +15557,7 @@ "port": 1301 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15635,7 +15635,7 @@ "port": 8306 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15717,7 +15717,7 @@ "port": 1302 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15787,7 +15787,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15833,7 +15833,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15879,7 +15879,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15925,7 +15925,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -15971,7 +15971,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16017,7 +16017,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16063,7 +16063,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16109,7 +16109,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16155,7 +16155,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16201,7 +16201,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16247,7 +16247,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16293,7 +16293,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16339,7 +16339,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16385,7 +16385,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16431,7 +16431,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16485,7 +16485,7 @@ "port": 8308 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16567,7 +16567,7 @@ "port": 1304 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16637,7 +16637,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16683,7 +16683,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16742,7 +16742,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16825,7 +16825,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -16904,7 +16904,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -16987,7 +16987,7 @@ "port": 56132 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17069,7 +17069,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17151,7 +17151,7 @@ "port": 1305 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17221,7 +17221,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17267,7 +17267,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17313,7 +17313,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17359,7 +17359,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17405,7 +17405,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17451,7 +17451,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17497,7 +17497,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17552,7 +17552,7 @@ "port": 1305 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -17636,7 +17636,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17716,7 +17716,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17796,7 +17796,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17875,7 +17875,7 @@ "port": 8310 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -17957,7 +17957,7 @@ "port": 1306 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18036,7 +18036,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18116,7 +18116,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18196,7 +18196,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18276,7 +18276,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18356,7 +18356,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18436,7 +18436,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18516,7 +18516,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18596,7 +18596,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18676,7 +18676,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18756,7 +18756,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18836,7 +18836,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18916,7 +18916,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -18996,7 +18996,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19076,7 +19076,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19156,7 +19156,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19236,7 +19236,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19316,7 +19316,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19396,7 +19396,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19476,7 +19476,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19556,7 +19556,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19636,7 +19636,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19716,7 +19716,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19796,7 +19796,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19876,7 +19876,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -19956,7 +19956,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20036,7 +20036,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20116,7 +20116,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20196,7 +20196,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20276,7 +20276,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20356,7 +20356,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20436,7 +20436,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20516,7 +20516,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -20596,7 +20596,7 @@ "port": 8309 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index b77e211d29e..5cfb56125c5 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -66,7 +66,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -210,7 +210,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -352,7 +352,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -496,7 +496,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -639,7 +639,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -781,7 +781,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -926,7 +926,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -1068,7 +1068,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -1211,7 +1211,7 @@ "response_code": "SERVFAIL" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -1355,7 +1355,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -1497,7 +1497,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -1633,7 +1633,7 @@ "response_code": "SERVFAIL" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -1776,7 +1776,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -1918,7 +1918,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -2061,7 +2061,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -2205,7 +2205,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -2347,7 +2347,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -2489,7 +2489,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -2631,7 +2631,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -2771,7 +2771,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -2915,7 +2915,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index 18668d3fa3f..02ab7826062 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -52,7 +52,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json index 74e62bb1a86..780a0c8be4e 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json @@ -6,7 +6,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -46,7 +46,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -86,7 +86,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -126,7 +126,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -166,7 +166,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -206,7 +206,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -246,7 +246,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -286,7 +286,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -326,7 +326,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -366,7 +366,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -406,7 +406,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -446,7 +446,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -486,7 +486,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -526,7 +526,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -566,7 +566,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -606,7 +606,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -646,7 +646,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -686,7 +686,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -726,7 +726,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -766,7 +766,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -806,7 +806,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -846,7 +846,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -886,7 +886,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -926,7 +926,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -966,7 +966,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -1006,7 +1006,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -1046,7 +1046,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -1086,7 +1086,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -1126,7 +1126,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -1166,7 +1166,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -1206,7 +1206,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -1246,7 +1246,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -1286,7 +1286,7 @@ "ftd": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", @@ -1327,7 +1327,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json index b566d3d257a..3dfe0e7fb36 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json @@ -41,7 +41,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "intrusion-detected", @@ -154,7 +154,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "intrusion-detected", @@ -265,7 +265,7 @@ "port": 39114 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "intrusion-detected", @@ -374,7 +374,7 @@ "port": 40740 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "intrusion-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json index a2e94440681..5328c4648bd 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json @@ -18,7 +18,7 @@ "ip": "10.8.12.47" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "intrusion-detected", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "intrusion-detected", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-started", @@ -209,7 +209,7 @@ "port": 64311 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malware-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index b125fcf1514..40cab18f060 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -104,7 +104,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -175,7 +175,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index 49bac9b2b17..13bd2c2ebe4 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -84,7 +84,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -154,7 +154,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -223,7 +223,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -299,7 +299,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -374,7 +374,7 @@ "port": 12834 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -448,7 +448,7 @@ "port": 4952 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -515,7 +515,7 @@ "port": 25882 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -589,7 +589,7 @@ "port": 52925 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -660,7 +660,7 @@ "port": 45392 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -735,7 +735,7 @@ "port": 4953 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -804,7 +804,7 @@ "port": 52925 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -878,7 +878,7 @@ "port": 52925 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -947,7 +947,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -1010,7 +1010,7 @@ "port": 10879 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1085,7 +1085,7 @@ "port": 4954 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1150,7 +1150,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1211,7 +1211,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1280,7 +1280,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1349,7 +1349,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1418,7 +1418,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1487,7 +1487,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1556,7 +1556,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1625,7 +1625,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1694,7 +1694,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1763,7 +1763,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1832,7 +1832,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1899,7 +1899,7 @@ "port": 137 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1960,7 +1960,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2021,7 +2021,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2090,7 +2090,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2159,7 +2159,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2228,7 +2228,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2297,7 +2297,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2366,7 +2366,7 @@ "port": 8111 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2435,7 +2435,7 @@ "port": 8111 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2504,7 +2504,7 @@ "port": 40443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2573,7 +2573,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2643,7 +2643,7 @@ "port": 2000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2716,7 +2716,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2791,7 +2791,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2867,7 +2867,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2947,7 +2947,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3026,7 +3026,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3101,7 +3101,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3181,7 +3181,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3261,7 +3261,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3339,7 +3339,7 @@ "port": 5679 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3408,7 +3408,7 @@ "port": 5679 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3479,7 +3479,7 @@ "port": 5000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3559,7 +3559,7 @@ "port": 65000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3638,7 +3638,7 @@ "port": 65000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3713,7 +3713,7 @@ "port": 1235 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3793,7 +3793,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow-expiration", @@ -3862,7 +3862,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3925,7 +3925,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -3988,7 +3988,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4051,7 +4051,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4114,7 +4114,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4177,7 +4177,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4240,7 +4240,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4303,7 +4303,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4369,7 +4369,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4440,7 +4440,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4507,7 +4507,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4575,7 +4575,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4664,7 +4664,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4747,7 +4747,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4815,7 +4815,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4868,7 +4868,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -4925,7 +4925,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json index 9f7a6426439..e6f543375d8 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json @@ -42,7 +42,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-started", @@ -157,7 +157,7 @@ "packets": 1 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -296,7 +296,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-started", @@ -436,7 +436,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -565,7 +565,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-started", @@ -698,7 +698,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -845,7 +845,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-started", @@ -977,7 +977,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", @@ -1108,7 +1108,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-started", @@ -1229,7 +1229,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json index b1e93d65189..a49552919ed 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json @@ -31,7 +31,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file-detected", @@ -132,7 +132,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file-detected", @@ -233,7 +233,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file-detected", @@ -334,7 +334,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file-detected", @@ -439,7 +439,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file-detected", @@ -551,7 +551,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file-detected", @@ -667,7 +667,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malware-detected", @@ -794,7 +794,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malware-detected", @@ -909,7 +909,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malware-detected", @@ -1036,7 +1036,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malware-detected", @@ -1166,7 +1166,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malware-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json index 8196f4fea80..e0822d23fab 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json @@ -64,7 +64,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 38be2543cbc..5e2d29fa2ed 100644 --- a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" # # Parse the syslog header # diff --git a/packages/cisco_ftd/data_stream/log/sample_event.json b/packages/cisco_ftd/data_stream/log/sample_event.json index 161d408ca21..9125f92cbfc 100644 --- a/packages/cisco_ftd/data_stream/log/sample_event.json +++ b/packages/cisco_ftd/data_stream/log/sample_event.json @@ -60,7 +60,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b9045ecb-c8cf-4d1a-8b37-757e202e9ea1", diff --git a/packages/cisco_ftd/docs/README.md b/packages/cisco_ftd/docs/README.md index 0e50692c489..43cf57e5920 100644 --- a/packages/cisco_ftd/docs/README.md +++ b/packages/cisco_ftd/docs/README.md @@ -81,7 +81,7 @@ An example event for `log` looks as following: "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b9045ecb-c8cf-4d1a-8b37-757e202e9ea1", diff --git a/packages/cisco_ftd/manifest.yml b/packages/cisco_ftd/manifest.yml index 4cef366ed14..0b9c36fcc64 100644 --- a/packages/cisco_ftd/manifest.yml +++ b/packages/cisco_ftd/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ftd title: Cisco FTD -version: 2.2.2 +version: "2.3.0" license: basic description: Collect logs from Cisco FTD with Elastic Agent. type: integration diff --git a/packages/cisco_ios/_dev/build/build.yml b/packages/cisco_ios/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cisco_ios/_dev/build/build.yml +++ b/packages/cisco_ios/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index 528ef49b314..b0e22a20b44 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.6.0" changes: - description: Add TLS system test diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json index abe7d61b1b2..eae37c1fbbc 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json @@ -13,7 +13,7 @@ "ip": "224.0.0.22" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -66,7 +66,7 @@ "ip": "224.0.0.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -122,7 +122,7 @@ "ip": "255.255.255.255" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -184,7 +184,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allow", @@ -247,7 +247,7 @@ "port": 15600 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -301,7 +301,7 @@ "ip": "192.168.100.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -359,7 +359,7 @@ "port": 15600 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -408,7 +408,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -444,7 +444,7 @@ "port": 15600 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -511,7 +511,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -560,7 +560,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -595,7 +595,7 @@ "ip": "192.168.100.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -665,7 +665,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -718,7 +718,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -771,7 +771,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -830,7 +830,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "multicast-join", @@ -890,7 +890,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "multicast-join", @@ -936,7 +936,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -966,7 +966,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json index eb96b9d18b6..1e837fac928 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json index 77812b4f68b..2760d6a4491 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -132,7 +132,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -163,7 +163,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -194,7 +194,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -225,7 +225,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -256,7 +256,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -318,7 +318,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -380,7 +380,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -411,7 +411,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -442,7 +442,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -473,7 +473,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -535,7 +535,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json index fc5d62f57cd..b45d868763a 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -72,7 +72,7 @@ "ip": "10.100.8.34" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f22c5037ac6..0e66f85dc52 100644 --- a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco IOS logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.category value: network diff --git a/packages/cisco_ios/data_stream/log/sample_event.json b/packages/cisco_ios/data_stream/log/sample_event.json index 4278f6958d6..2ae65c03ae7 100644 --- a/packages/cisco_ios/data_stream/log/sample_event.json +++ b/packages/cisco_ios/data_stream/log/sample_event.json @@ -23,7 +23,7 @@ "ip": "224.0.0.22" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "18c952cc-80e4-43a5-afa9-79993d53ebf6", diff --git a/packages/cisco_ios/docs/README.md b/packages/cisco_ios/docs/README.md index 865021f3756..13be61e2d87 100644 --- a/packages/cisco_ios/docs/README.md +++ b/packages/cisco_ios/docs/README.md @@ -35,7 +35,7 @@ An example event for `log` looks as following: "ip": "224.0.0.22" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "18c952cc-80e4-43a5-afa9-79993d53ebf6", diff --git a/packages/cisco_ios/manifest.yml b/packages/cisco_ios/manifest.yml index 66155027bbb..7e604264d69 100644 --- a/packages/cisco_ios/manifest.yml +++ b/packages/cisco_ios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ios title: Cisco IOS -version: 1.6.0 +version: "1.7.0" license: basic description: Collect logs from Cisco IOS with Elastic Agent. type: integration diff --git a/packages/cisco_ise/_dev/build/build.yml b/packages/cisco_ise/_dev/build/build.yml index 47cbed9fed8..5661d603a89 100644 --- a/packages/cisco_ise/_dev/build/build.yml +++ b/packages/cisco_ise/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: git@v8.3.0 diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index f5b286a4da3..027e55a153b 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json index dda9c53ca8d..9895ae95e3c 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -250,7 +250,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -316,7 +316,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -385,7 +385,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -451,7 +451,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -521,7 +521,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -589,7 +589,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -652,7 +652,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -717,7 +717,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "ad-connector", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -830,7 +830,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json index 1013eaa7b0a..e2feede14c5 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "administrator-login", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "administrator-login", @@ -191,7 +191,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "administrator-login", @@ -268,7 +268,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "administrator-login", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "configuration-changes", @@ -437,7 +437,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "configuration-changes", @@ -525,7 +525,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "configuration-changes", @@ -607,7 +607,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "feedservice", @@ -668,7 +668,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "feedservice", @@ -743,7 +743,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mydevices", @@ -821,7 +821,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "system-management", @@ -903,7 +903,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "system-management", @@ -981,7 +981,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap-tls", @@ -1058,7 +1058,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap-tls", @@ -1138,7 +1138,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mydevices", @@ -1241,7 +1241,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "configuration-changes", @@ -1324,7 +1324,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mydevices", @@ -1417,7 +1417,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "process-management", @@ -1499,7 +1499,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "system-management", @@ -1580,7 +1580,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "system-management", @@ -1661,7 +1661,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "system-management", @@ -1737,7 +1737,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "administrator-login", @@ -1813,7 +1813,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "administrator-login", @@ -1890,7 +1890,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "administrator-login", @@ -1967,7 +1967,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "administrator-login", @@ -2044,7 +2044,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "administrator-login", @@ -2113,7 +2113,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -2173,7 +2173,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -2249,7 +2249,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "configuration-changes", @@ -2357,7 +2357,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "configuration-changes", @@ -2451,7 +2451,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "configuration-changes", @@ -2541,7 +2541,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "configuration-changes", @@ -2626,7 +2626,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "configuration-changes", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json index 2cf9879d7be..8a22bed20f2 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json @@ -63,7 +63,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "workflow", @@ -171,7 +171,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "workflow", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "authentication", @@ -383,7 +383,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "workflow", @@ -491,7 +491,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "workflow", @@ -597,7 +597,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "workflow", @@ -713,7 +713,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "workflow", @@ -824,7 +824,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "workflow", @@ -916,7 +916,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "authentication", @@ -997,7 +997,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json index 34cf58927a0..4de3127c61c 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json @@ -84,7 +84,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "failed-attempt", @@ -269,7 +269,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "failed-attempt", @@ -355,7 +355,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "guest", @@ -495,7 +495,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -680,7 +680,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -1108,7 +1108,7 @@ "port": 1645 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "failed-attempt", @@ -1193,7 +1193,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json index 18bfbba6cef..d51bd954028 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json @@ -45,7 +45,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "guest", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "guest", @@ -215,7 +215,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": [ @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": [ @@ -318,7 +318,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json index c49605ace33..895eaeccc95 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "local-user-db", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "local-user-db", @@ -235,7 +235,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "local-user-db", @@ -331,7 +331,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "local-user-db", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "local-user-db", @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "external-active-directory", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "external-active-directory", @@ -618,7 +618,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "external-active-directory", @@ -679,7 +679,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "external-active-directory", @@ -741,7 +741,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "external-active-directory", @@ -825,7 +825,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "external-active-directory", @@ -917,7 +917,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "external-active-directory", @@ -1008,7 +1008,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "local-user-db", @@ -1100,7 +1100,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "local-user-db", @@ -1195,7 +1195,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "external-active-directory", @@ -1265,7 +1265,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "external-active-directory", @@ -1343,7 +1343,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json index b2c56effc8b..62489bee2e7 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json @@ -28,7 +28,7 @@ "port": 9025 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "system-management", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "profiler", @@ -152,7 +152,7 @@ "port": 9005 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "system-management", @@ -217,7 +217,7 @@ "port": 9005 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "system-management", @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "logging", @@ -339,7 +339,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json index b2bac19eec9..0db18437781 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mydevices", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mydevices", @@ -233,7 +233,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mydevices", @@ -304,7 +304,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json index 74f833bf024..e0976aff12e 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json @@ -197,7 +197,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "passed-authentication", @@ -297,7 +297,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "guest", @@ -451,7 +451,7 @@ "port": 1645 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "passed-authentication", @@ -536,7 +536,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -608,7 +608,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json index 5dc2a922e35..5cb299e1213 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json @@ -41,7 +41,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "policy", @@ -138,7 +138,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "policy", @@ -259,7 +259,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "policy", @@ -373,7 +373,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "policy", @@ -467,7 +467,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "policy", @@ -566,7 +566,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "policy", @@ -658,7 +658,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "policy", @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json index 9c067dc0e43..6b5586ab7e5 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json @@ -32,7 +32,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eps", @@ -102,7 +102,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json index 8de554567bd..be86fa4f86f 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json @@ -114,7 +114,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius-accounting", @@ -231,7 +231,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius-accounting", @@ -346,7 +346,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json index 0bed2cd3834..85a01a1fc6d 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json @@ -59,7 +59,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -183,7 +183,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -269,7 +269,7 @@ "port": 1813 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -379,7 +379,7 @@ "port": 1813 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -501,7 +501,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -605,7 +605,7 @@ "port": 73 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -684,7 +684,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -784,7 +784,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -894,7 +894,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -994,7 +994,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -1098,7 +1098,7 @@ "port": 1813 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -1197,7 +1197,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -1313,7 +1313,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -1437,7 +1437,7 @@ "port": 72 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -1553,7 +1553,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -1669,7 +1669,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -1788,7 +1788,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -1913,7 +1913,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -2038,7 +2038,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -2164,7 +2164,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -2284,7 +2284,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -2399,7 +2399,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -2519,7 +2519,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -2638,7 +2638,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -2757,7 +2757,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -2877,7 +2877,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "eap", @@ -2991,7 +2991,7 @@ "port": 1892 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json index d01a70cc346..8c214c59c06 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json @@ -78,7 +78,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": [ @@ -174,7 +174,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": [ @@ -316,7 +316,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": [ @@ -408,7 +408,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": [ @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": [ @@ -568,7 +568,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json index 9e524208296..88c27421ebd 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json @@ -112,7 +112,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "tacacs-accounting", @@ -263,7 +263,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "tacacs-accounting", @@ -433,7 +433,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "tacacs-accounting", @@ -578,7 +578,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json index 6fac46667c1..c89939c7542 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json @@ -28,7 +28,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "irf", @@ -94,7 +94,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "irf", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "radius", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f4011d31a01..7163e5673cf 100644 --- a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco ISE logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_ise/data_stream/log/sample_event.json b/packages/cisco_ise/data_stream/log/sample_event.json index f4524cb7412..efac0f2c7b2 100644 --- a/packages/cisco_ise/data_stream/log/sample_event.json +++ b/packages/cisco_ise/data_stream/log/sample_event.json @@ -122,7 +122,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "882c1c63-68d0-49f9-8411-0e89960d3b00", diff --git a/packages/cisco_ise/docs/README.md b/packages/cisco_ise/docs/README.md index 9e7295a4111..62bf1aa7106 100644 --- a/packages/cisco_ise/docs/README.md +++ b/packages/cisco_ise/docs/README.md @@ -158,7 +158,7 @@ An example event for `log` looks as following: "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "882c1c63-68d0-49f9-8411-0e89960d3b00", diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index 17b83743aae..fe02ed6d8aa 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ise title: Cisco ISE -version: 0.1.0 +version: "0.2.0" license: basic description: Collect logs from Cisco ISE with Elastic Agent. type: integration diff --git a/packages/cisco_meraki/_dev/build/build.yml b/packages/cisco_meraki/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cisco_meraki/_dev/build/build.yml +++ b/packages/cisco_meraki/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index e8a3516767d..e8f6b8e8e04 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on topA +- version: "0.6.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.5.1" changes: - description: Fix doc build diff --git a/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json b/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json index 48303a383d9..16e63383aae 100644 --- a/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json +++ b/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "Cellular came up", @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "Insight Alert", @@ -133,7 +133,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "Failover event detected", diff --git a/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml index dbd99aecc4c..b6c06fda46b 100644 --- a/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Cisco Meraki events processors: - set: field: ecs.version - value: '8.0.0' + value: '8.3.0' - set: field: observer.serial_number copy_from: json.deviceSerial diff --git a/packages/cisco_meraki/data_stream/events/sample_event.json b/packages/cisco_meraki/data_stream/events/sample_event.json index 198d32bfbe5..638dba4eb6e 100644 --- a/packages/cisco_meraki/data_stream/events/sample_event.json +++ b/packages/cisco_meraki/data_stream/events/sample_event.json @@ -38,7 +38,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json index ab3bf32c484..7ef4f81be55 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json @@ -14,7 +14,7 @@ "mac": "6A-3A-3E-85-D9-F6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -59,7 +59,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -104,7 +104,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -150,7 +150,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -192,7 +192,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -237,7 +237,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -283,7 +283,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -328,7 +328,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -373,7 +373,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -419,7 +419,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -461,7 +461,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -506,7 +506,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -551,7 +551,7 @@ "mac": "6A-3A-3E-85-D9-F6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -597,7 +597,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -642,7 +642,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -687,7 +687,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -732,7 +732,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -777,7 +777,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -822,7 +822,7 @@ "mac": "78-55-CD-18-8F-76" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -869,7 +869,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -911,7 +911,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -956,7 +956,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1002,7 +1002,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1048,7 +1048,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1094,7 +1094,7 @@ "mac": "AE-17-E8-C7-D8-51" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1139,7 +1139,7 @@ "mac": "E2-CB-9C-B5-D4-1E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1185,7 +1185,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1230,7 +1230,7 @@ "mac": "5C-AA-FD-5D-76-0E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1276,7 +1276,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1322,7 +1322,7 @@ "mac": "78-28-CA-AA-6A-0A" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -1364,7 +1364,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1409,7 +1409,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1454,7 +1454,7 @@ "mac": "0E-8D-FB-70-0F-A8" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1499,7 +1499,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1545,7 +1545,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1591,7 +1591,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -1633,7 +1633,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1678,7 +1678,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1723,7 +1723,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1768,7 +1768,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1813,7 +1813,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1858,7 +1858,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1903,7 +1903,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1949,7 +1949,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -1994,7 +1994,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2040,7 +2040,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2083,7 +2083,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2125,7 +2125,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2170,7 +2170,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2215,7 +2215,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2260,7 +2260,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2305,7 +2305,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2350,7 +2350,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2396,7 +2396,7 @@ "mac": "90-AC-3F-02-31-59" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2438,7 +2438,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2483,7 +2483,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2529,7 +2529,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2574,7 +2574,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2619,7 +2619,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2665,7 +2665,7 @@ "mac": "08-A7-C0-3B-5A-95" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2707,7 +2707,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2753,7 +2753,7 @@ "mac": "78-28-CA-AA-69-96" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2799,7 +2799,7 @@ "mac": "AE-17-E8-C7-E2-9D" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2845,7 +2845,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2890,7 +2890,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2935,7 +2935,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -2980,7 +2980,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3026,7 +3026,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3071,7 +3071,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3116,7 +3116,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3162,7 +3162,7 @@ "mac": "6E-DA-36-A2-39-71" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -3204,7 +3204,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3249,7 +3249,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3294,7 +3294,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3340,7 +3340,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3386,7 +3386,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3433,7 +3433,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -3475,7 +3475,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3520,7 +3520,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3565,7 +3565,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3610,7 +3610,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3655,7 +3655,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3700,7 +3700,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3745,7 +3745,7 @@ "mac": "5C-AA-FD-5D-76-0E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3791,7 +3791,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3836,7 +3836,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3881,7 +3881,7 @@ "mac": "E2-CB-9C-B5-DA-7A" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3927,7 +3927,7 @@ "mac": "E2-CB-9C-B5-DA-7A" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -3973,7 +3973,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4019,7 +4019,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4065,7 +4065,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4110,7 +4110,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4155,7 +4155,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4200,7 +4200,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4246,7 +4246,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4288,7 +4288,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4333,7 +4333,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4379,7 +4379,7 @@ "mac": "78-28-CA-AA-6A-0A" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4421,7 +4421,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4466,7 +4466,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4512,7 +4512,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4558,7 +4558,7 @@ "mac": "EE-CE-D5-6A-B6-22" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4600,7 +4600,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4645,7 +4645,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4690,7 +4690,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4737,7 +4737,7 @@ "mac": "AE-17-E8-C7-E1-41" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4779,7 +4779,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4825,7 +4825,7 @@ "mac": "78-28-CA-AA-69-96" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4867,7 +4867,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4912,7 +4912,7 @@ "mac": "E2-CB-9C-B5-D7-80" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -4957,7 +4957,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5002,7 +5002,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5047,7 +5047,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5092,7 +5092,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5137,7 +5137,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5182,7 +5182,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5228,7 +5228,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5273,7 +5273,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5319,7 +5319,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5364,7 +5364,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5409,7 +5409,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5454,7 +5454,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5499,7 +5499,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5544,7 +5544,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5589,7 +5589,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5634,7 +5634,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5679,7 +5679,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5724,7 +5724,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5770,7 +5770,7 @@ "mac": "34-8F-27-25-CC-48" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssid-spoofing-detected", @@ -5812,7 +5812,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5857,7 +5857,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5902,7 +5902,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5947,7 +5947,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -5992,7 +5992,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6037,7 +6037,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6082,7 +6082,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6128,7 +6128,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6173,7 +6173,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6218,7 +6218,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6263,7 +6263,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6308,7 +6308,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6353,7 +6353,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6399,7 +6399,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6444,7 +6444,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6489,7 +6489,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6534,7 +6534,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6579,7 +6579,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6624,7 +6624,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6669,7 +6669,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6714,7 +6714,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6759,7 +6759,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6804,7 +6804,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6850,7 +6850,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6896,7 +6896,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6942,7 +6942,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -6988,7 +6988,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7033,7 +7033,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7078,7 +7078,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7123,7 +7123,7 @@ "mac": "AE-17-E8-C7-D8-51" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7168,7 +7168,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7213,7 +7213,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7258,7 +7258,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7304,7 +7304,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7350,7 +7350,7 @@ "mac": "E2-CB-9C-B5-D4-1E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7395,7 +7395,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7440,7 +7440,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7485,7 +7485,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7530,7 +7530,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7576,7 +7576,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7622,7 +7622,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7668,7 +7668,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7714,7 +7714,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7759,7 +7759,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7805,7 +7805,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", @@ -7850,7 +7850,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-ssid-detected", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json index 83285a4e714..0a3670a8bf4 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json @@ -12,7 +12,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dynamic-frequency-selection-detected", @@ -53,7 +53,7 @@ "mac": "E5:A4:98:71:9A:FE" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-wpa-failed-auth-or-deauth", @@ -95,7 +95,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-wpa-authentication", @@ -151,7 +151,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-disassociation-request", @@ -195,7 +195,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-association-request", @@ -232,7 +232,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "site-to-site-vpn", @@ -268,7 +268,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "site-to-site-vpn", @@ -310,7 +310,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "vpn-connectivity-change", @@ -348,7 +348,7 @@ "mac": "E0-CB-BC-02-4F-80" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-offer", @@ -386,7 +386,7 @@ "mac": "A4-83-E7-02-A2-F1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-no-offer", @@ -433,7 +433,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "site-to-site-vpn", @@ -497,7 +497,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-disassociation-request", @@ -539,7 +539,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "association-rejected-for-load-balancing", @@ -581,7 +581,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-association-request", @@ -623,7 +623,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-wpa-authentication", @@ -664,7 +664,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -715,7 +715,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -770,7 +770,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-association-request", @@ -813,7 +813,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-8021x-auth", @@ -856,7 +856,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "8021x_auth", @@ -916,7 +916,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-disassociation-request", @@ -979,7 +979,7 @@ "event_type": "events" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-disassociation-request", @@ -1021,7 +1021,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "wifi-wpa-authentication", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json index 2e5498a7fff..9a40fabc8fa 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json @@ -14,7 +14,7 @@ "port": 15600 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -70,7 +70,7 @@ "port": 44210 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ip-session-initiated", @@ -128,7 +128,7 @@ "port": 15500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "layer3-firewall-allowed-flow", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json index e60dc6a8d8c..be696616608 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json @@ -22,7 +22,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -76,7 +76,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -130,7 +130,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -190,7 +190,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -259,7 +259,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -307,7 +307,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -376,7 +376,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -424,7 +424,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json index a05c6438aa0..e64aa3186bd 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json @@ -17,7 +17,7 @@ "port": 56391 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ids-signature-matched", @@ -92,7 +92,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malicious-file-actioned", @@ -144,7 +144,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "issued-retrospective-malicious-disposition", @@ -192,7 +192,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ids-signature-matched", @@ -250,7 +250,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ids-signature-matched", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json index 3b28ec4f96c..c58e7e35f5d 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json @@ -32,7 +32,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "http-access-error", @@ -98,7 +98,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "http-access", diff --git a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 8f1d8a55b10..efe77c8f7f3 100644 --- a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco Meraki syslog processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 - rename: field: message target_field: event.original diff --git a/packages/cisco_meraki/data_stream/log/sample_event.json b/packages/cisco_meraki/data_stream/log/sample_event.json index 28606304bee..35a53441ee7 100644 --- a/packages/cisco_meraki/data_stream/log/sample_event.json +++ b/packages/cisco_meraki/data_stream/log/sample_event.json @@ -28,7 +28,7 @@ "port": 56391 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", diff --git a/packages/cisco_meraki/docs/README.md b/packages/cisco_meraki/docs/README.md index 34664d2de07..a03bab2a140 100644 --- a/packages/cisco_meraki/docs/README.md +++ b/packages/cisco_meraki/docs/README.md @@ -314,7 +314,7 @@ An example event for `log` looks as following: "port": 56391 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", @@ -650,7 +650,7 @@ An example event for `events` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml index 219b1ca60b2..145e5d51467 100644 --- a/packages/cisco_meraki/manifest.yml +++ b/packages/cisco_meraki/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_meraki title: Cisco Meraki Integration -version: 0.5.1 +version: "0.6.0" license: basic description: Collect events from Cisco Meraki. type: integration diff --git a/packages/cisco_nexus/_dev/build/build.yml b/packages/cisco_nexus/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cisco_nexus/_dev/build/build.yml +++ b/packages/cisco_nexus/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index 8f64cd4c1e7..9ae53bdd01e 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.6.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.5.1" changes: - description: Updated readme file diff --git a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json index 0385cd6b714..891a9a623d0 100644 --- a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json +++ b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2012 Dec 18 14:51:08 Nexus5010-B %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user en from 2.2.2.1 - login", "tags": [ diff --git a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 3cb188fd946..bd8172f1a21 100644 --- a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco Nexus processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/cisco_nexus/data_stream/log/sample_event.json b/packages/cisco_nexus/data_stream/log/sample_event.json index ea998bdb318..36fb5dc12de 100644 --- a/packages/cisco_nexus/data_stream/log/sample_event.json +++ b/packages/cisco_nexus/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/cisco_nexus/docs/README.md b/packages/cisco_nexus/docs/README.md index 0d6da722e11..e9e84a23795 100644 --- a/packages/cisco_nexus/docs/README.md +++ b/packages/cisco_nexus/docs/README.md @@ -29,7 +29,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/cisco_nexus/manifest.yml b/packages/cisco_nexus/manifest.yml index 07ba21375a0..f8bacceeaf0 100644 --- a/packages/cisco_nexus/manifest.yml +++ b/packages/cisco_nexus/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_nexus title: Cisco Nexus -version: 0.5.1 +version: "0.6.0" license: basic description: Collect logs from Cisco Nexus with Elastic Agent. type: integration diff --git a/packages/cisco_secure_email_gateway/_dev/build/build.yml b/packages/cisco_secure_email_gateway/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cisco_secure_email_gateway/_dev/build/build.yml +++ b/packages/cisco_secure_email_gateway/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index 2647aa64d82..a650d99914f 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json index 5665deb4382..494d440a724 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -108,7 +108,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -149,7 +149,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -202,7 +202,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -248,7 +248,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json index 181055ec034..5ab736e0143 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json @@ -14,7 +14,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -45,7 +45,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json index fa88359cf96..18761672851 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json @@ -60,7 +60,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -162,7 +162,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json index ed64ac1a326..8263d040c8c 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json @@ -13,7 +13,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -46,7 +46,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json index 152f21d31d8..e74a7cf9af5 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json @@ -13,7 +13,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -43,7 +43,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "subject": "'Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...': Unrecoverable error", @@ -83,7 +83,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "subject": "Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...", @@ -119,7 +119,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "subject": "'Critical \u003cSystem\u003e example.com: Log Error: Subscription error_logs: Failed to connect to 10....' (attempt #0)", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json index a20c4814031..d2410f8b88b 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json @@ -14,7 +14,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -87,7 +87,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -140,7 +140,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -183,7 +183,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -226,7 +226,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -308,7 +308,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -366,7 +366,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -404,7 +404,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -442,7 +442,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json index 6bc283a8263..c8be9a1aaf9 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json @@ -96,7 +96,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "message_id": "0" diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json index 47e7f10c1e0..c463097f803 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -56,7 +56,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -143,7 +143,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json index 144dcc61c20..095dda2ac40 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "message_id": "111" @@ -47,7 +47,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -78,7 +78,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -106,7 +106,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "subject": "\"Warning \u003cSystem\u003e cisco.esa: URL category definitions have changed.; Added new category '...\"", @@ -149,7 +149,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -186,7 +186,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "message_id": "6" @@ -217,7 +217,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -252,7 +252,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "message_id": "6", @@ -286,7 +286,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -321,7 +321,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -390,7 +390,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "message_id": "6" @@ -423,7 +423,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "message_id": "6" @@ -455,7 +455,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -512,7 +512,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "subject": "Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...", @@ -547,7 +547,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "subject": "'Warning \u003cSystem\u003e cisco.esa: Your \"Sophos Anti-Virus\" key will expire in under 60 day(s)....'", @@ -610,7 +610,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "subject": "'Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...': Unrecoverable error", @@ -652,7 +652,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "to": { diff --git a/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 8565b78f99c..be219a6f621 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco Secure Email Gateway logs processors: - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: _tmp.filepath value: "{{{log.file.path}}}" diff --git a/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json b/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json index b5de2a8143c..5a7630d683a 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json @@ -22,7 +22,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4ab79874-377f-4d22-87e0-fc0522d5a90a", diff --git a/packages/cisco_secure_email_gateway/docs/README.md b/packages/cisco_secure_email_gateway/docs/README.md index 31559fa4eec..ad5f74381dc 100644 --- a/packages/cisco_secure_email_gateway/docs/README.md +++ b/packages/cisco_secure_email_gateway/docs/README.md @@ -223,7 +223,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4ab79874-377f-4d22-87e0-fc0522d5a90a", diff --git a/packages/cisco_secure_email_gateway/manifest.yml b/packages/cisco_secure_email_gateway/manifest.yml index 613e1e10bc4..63c1a079acb 100644 --- a/packages/cisco_secure_email_gateway/manifest.yml +++ b/packages/cisco_secure_email_gateway/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_email_gateway title: Cisco Secure Email Gateway -version: 0.1.0 +version: "0.2.0" license: basic description: Collect logs from Cisco Secure Email Gateway with Elastic Agent. type: integration diff --git a/packages/cisco_secure_endpoint/_dev/build/build.yml b/packages/cisco_secure_endpoint/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cisco_secure_endpoint/_dev/build/build.yml +++ b/packages/cisco_secure_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cisco_secure_endpoint/changelog.yml b/packages/cisco_secure_endpoint/changelog.yml index b24614d3e24..b7b62863961 100644 --- a/packages/cisco_secure_endpoint/changelog.yml +++ b/packages/cisco_secure_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.4.1" changes: - description: update read me with link to vendor documentation diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json index 84bc981b277..fd84bce8919 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -111,7 +111,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Policy Update", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -274,7 +274,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -349,7 +349,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -528,7 +528,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -622,7 +622,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -700,7 +700,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -786,7 +786,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -872,7 +872,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -958,7 +958,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -1044,7 +1044,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -1130,7 +1130,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -1214,7 +1214,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1286,7 +1286,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1358,7 +1358,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1430,7 +1430,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1502,7 +1502,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1575,7 +1575,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1675,7 +1675,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -1753,7 +1753,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "File Fetch Completed", @@ -1842,7 +1842,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -1920,7 +1920,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected in Low Prevalence Executable", @@ -1992,7 +1992,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "File Fetch Completed", @@ -2069,7 +2069,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Policy Update", @@ -2133,7 +2133,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2204,7 +2204,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine", @@ -2276,7 +2276,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -2355,7 +2355,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -2536,7 +2536,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Vulnerable Application Detected", @@ -2609,7 +2609,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Policy Update", @@ -2676,7 +2676,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -2762,7 +2762,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -2841,7 +2841,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -2919,7 +2919,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -2993,7 +2993,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Policy Update", @@ -3058,7 +3058,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3156,7 +3156,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -3232,7 +3232,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3330,7 +3330,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -3408,7 +3408,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -3494,7 +3494,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -3594,7 +3594,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3693,7 +3693,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3822,7 +3822,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3895,7 +3895,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Policy Update", @@ -3958,7 +3958,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Scan Completed, No Detections", @@ -4016,7 +4016,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Scan Started", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json index 79156088e8d..face51c3357 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SecureX Threat Hunting Incident", @@ -175,7 +175,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -278,7 +278,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -377,7 +377,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -481,7 +481,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DFC Threat Detected", @@ -589,7 +589,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DFC Threat Detected", @@ -697,7 +697,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DFC Threat Detected", @@ -805,7 +805,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DFC Threat Detected", @@ -913,7 +913,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DFC Threat Detected", @@ -1021,7 +1021,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DFC Threat Detected", @@ -1114,7 +1114,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -1194,7 +1194,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1287,7 +1287,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Multiple Infected Files", @@ -1365,7 +1365,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1455,7 +1455,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1541,7 +1541,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1630,7 +1630,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Executed malware", @@ -1711,7 +1711,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1801,7 +1801,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1887,7 +1887,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1973,7 +1973,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2063,7 +2063,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2153,7 +2153,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2239,7 +2239,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2339,7 +2339,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Vulnerable Application Detected", @@ -2418,7 +2418,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2508,7 +2508,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2594,7 +2594,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2680,7 +2680,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2770,7 +2770,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2856,7 +2856,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2942,7 +2942,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3021,7 +3021,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3100,7 +3100,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3183,7 +3183,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3282,7 +3282,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3372,7 +3372,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3458,7 +3458,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3544,7 +3544,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3626,7 +3626,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Executed malware", @@ -3704,7 +3704,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3783,7 +3783,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json index f140fb9b16e..aa76dfb862e 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -113,7 +113,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -196,7 +196,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -279,7 +279,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -362,7 +362,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -445,7 +445,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -528,7 +528,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -611,7 +611,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -694,7 +694,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -777,7 +777,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -860,7 +860,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -943,7 +943,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1026,7 +1026,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1109,7 +1109,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1192,7 +1192,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1275,7 +1275,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1358,7 +1358,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1441,7 +1441,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1520,7 +1520,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1603,7 +1603,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1686,7 +1686,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1773,7 +1773,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1872,7 +1872,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1959,7 +1959,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2058,7 +2058,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2145,7 +2145,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2244,7 +2244,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2327,7 +2327,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2426,7 +2426,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2505,7 +2505,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2584,7 +2584,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2674,7 +2674,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2760,7 +2760,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2850,7 +2850,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2940,7 +2940,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3026,7 +3026,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3116,7 +3116,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3195,7 +3195,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3281,7 +3281,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3360,7 +3360,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3439,7 +3439,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3518,7 +3518,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3608,7 +3608,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3694,7 +3694,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3784,7 +3784,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json index 5d6953a19b7..f78c4035be9 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -120,7 +120,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Executed malware", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -276,7 +276,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -447,7 +447,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -541,7 +541,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -634,7 +634,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -723,7 +723,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -794,7 +794,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -869,7 +869,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -944,7 +944,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1019,7 +1019,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1094,7 +1094,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1244,7 +1244,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1319,7 +1319,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1394,7 +1394,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1469,7 +1469,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1544,7 +1544,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1619,7 +1619,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1694,7 +1694,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1769,7 +1769,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1844,7 +1844,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1919,7 +1919,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1994,7 +1994,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -2070,7 +2070,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2264,7 +2264,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2365,7 +2365,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2461,7 +2461,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -2532,7 +2532,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -2603,7 +2603,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -2674,7 +2674,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -2745,7 +2745,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -2820,7 +2820,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -2895,7 +2895,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -2970,7 +2970,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -3121,7 +3121,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3224,7 +3224,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3322,7 +3322,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -3393,7 +3393,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -3465,7 +3465,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3555,7 +3555,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3649,7 +3649,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3750,7 +3750,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3847,7 +3847,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3933,7 +3933,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4023,7 +4023,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4126,7 +4126,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4219,7 +4219,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Policy Update", @@ -4274,7 +4274,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Policy Update", @@ -4338,7 +4338,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4413,7 +4413,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4488,7 +4488,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4560,7 +4560,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -4639,7 +4639,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -4718,7 +4718,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -4800,7 +4800,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -4876,7 +4876,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4975,7 +4975,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -5073,7 +5073,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -5148,7 +5148,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -5223,7 +5223,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -5294,7 +5294,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine", @@ -5366,7 +5366,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -5445,7 +5445,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -5524,7 +5524,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -5610,7 +5610,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -5685,7 +5685,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -5760,7 +5760,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -5835,7 +5835,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -5910,7 +5910,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -5985,7 +5985,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -6060,7 +6060,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -6135,7 +6135,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -6210,7 +6210,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -6285,7 +6285,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -6360,7 +6360,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -6435,7 +6435,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -6511,7 +6511,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -6610,7 +6610,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -6707,7 +6707,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -6792,7 +6792,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -6867,7 +6867,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -6942,7 +6942,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -7017,7 +7017,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -7089,7 +7089,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -7179,7 +7179,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -7269,7 +7269,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -7359,7 +7359,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -7449,7 +7449,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -7539,7 +7539,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -7629,7 +7629,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -7719,7 +7719,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -7809,7 +7809,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -7899,7 +7899,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -7993,7 +7993,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -8086,7 +8086,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json index 1d22f7a2af8..7ce55c7ac27 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -138,7 +138,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -213,7 +213,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -285,7 +285,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -375,7 +375,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -478,7 +478,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -576,7 +576,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -651,7 +651,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -723,7 +723,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -813,7 +813,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -902,7 +902,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -977,7 +977,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1052,7 +1052,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1127,7 +1127,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1198,7 +1198,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine", @@ -1270,7 +1270,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -1349,7 +1349,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -1432,7 +1432,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -1511,7 +1511,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -1593,7 +1593,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1664,7 +1664,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine", @@ -1736,7 +1736,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -1819,7 +1819,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -1905,7 +1905,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1980,7 +1980,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2055,7 +2055,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2127,7 +2127,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -2206,7 +2206,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -2285,7 +2285,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -2368,7 +2368,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -2566,7 +2566,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detection", @@ -2639,7 +2639,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2714,7 +2714,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2789,7 +2789,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2864,7 +2864,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2936,7 +2936,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -3015,7 +3015,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -3094,7 +3094,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -3173,7 +3173,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -3252,7 +3252,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -3331,7 +3331,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -3410,7 +3410,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -3492,7 +3492,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -3564,7 +3564,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3654,7 +3654,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3736,7 +3736,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3825,7 +3825,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -3976,7 +3976,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4070,7 +4070,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -4145,7 +4145,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -4220,7 +4220,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -4292,7 +4292,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4378,7 +4378,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4464,7 +4464,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4550,7 +4550,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4636,7 +4636,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4722,7 +4722,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4808,7 +4808,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4894,7 +4894,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4980,7 +4980,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -5065,7 +5065,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json index e202c9273d2..0a31f68f31d 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -187,7 +187,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -671,7 +671,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -757,7 +757,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -842,7 +842,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -913,7 +913,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -984,7 +984,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -1056,7 +1056,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1146,7 +1146,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1350,7 +1350,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1449,7 +1449,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1551,7 +1551,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1626,7 +1626,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1697,7 +1697,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine", @@ -1769,7 +1769,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -1848,7 +1848,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -1927,7 +1927,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -2016,7 +2016,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -2095,7 +2095,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -2250,7 +2250,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -2332,7 +2332,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -2404,7 +2404,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2498,7 +2498,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2593,7 +2593,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2683,7 +2683,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2782,7 +2782,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2872,7 +2872,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2957,7 +2957,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -3028,7 +3028,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -3104,7 +3104,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3202,7 +3202,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Potential Dropper Infection", @@ -3269,7 +3269,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Policy Update", @@ -3333,7 +3333,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -3405,7 +3405,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3491,7 +3491,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -3655,7 +3655,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -3730,7 +3730,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -3805,7 +3805,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -3880,7 +3880,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -3956,7 +3956,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4053,7 +4053,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -4138,7 +4138,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -4213,7 +4213,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -4288,7 +4288,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json index 85bea963668..9fac9c90b6f 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -109,7 +109,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -281,7 +281,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -371,7 +371,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -460,7 +460,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -535,7 +535,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -606,7 +606,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -678,7 +678,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -768,7 +768,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -847,7 +847,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -932,7 +932,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -1010,7 +1010,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected in Low Prevalence Executable", @@ -1078,7 +1078,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Policy Update", @@ -1137,7 +1137,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "File Fetch Completed", @@ -1224,7 +1224,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1322,7 +1322,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -1397,7 +1397,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -1473,7 +1473,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1572,7 +1572,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -1670,7 +1670,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -1736,7 +1736,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Policy Update", @@ -1800,7 +1800,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Executed malware", @@ -1881,7 +1881,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Multiple Infected Files", @@ -1958,7 +1958,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine", @@ -2030,7 +2030,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", @@ -2116,7 +2116,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -2188,7 +2188,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2277,7 +2277,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -2352,7 +2352,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -2427,7 +2427,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Quarantine Failure", @@ -2499,7 +2499,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2584,7 +2584,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -2655,7 +2655,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -2727,7 +2727,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2813,7 +2813,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -2902,7 +2902,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Quarantined", @@ -2974,7 +2974,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3064,7 +3064,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3154,7 +3154,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3248,7 +3248,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Threat Detected", @@ -3351,7 +3351,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Malicious Activity Detection", @@ -3452,7 +3452,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -3538,7 +3538,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -3624,7 +3624,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -3710,7 +3710,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -3793,7 +3793,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -3864,7 +3864,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Quarantine", @@ -3936,7 +3936,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Retrospective Detection", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json index 12baec5a91b..4c915a05212 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -152,7 +152,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -382,7 +382,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", @@ -616,7 +616,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Cloud IOC", diff --git a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml index e82a940d014..3fad0cbeeb7 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -40,7 +40,7 @@ processors: ####################### - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: alert diff --git a/packages/cisco_secure_endpoint/data_stream/event/sample_event.json b/packages/cisco_secure_endpoint/data_stream/event/sample_event.json index e5f94611948..728815234ba 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/sample_event.json +++ b/packages/cisco_secure_endpoint/data_stream/event/sample_event.json @@ -50,7 +50,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "83d8d392-d20c-40ef-a257-bf9cf314d1db", diff --git a/packages/cisco_secure_endpoint/docs/README.md b/packages/cisco_secure_endpoint/docs/README.md index 78546ec1cdd..5822dbb4d41 100644 --- a/packages/cisco_secure_endpoint/docs/README.md +++ b/packages/cisco_secure_endpoint/docs/README.md @@ -65,7 +65,7 @@ An example event for `event` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "83d8d392-d20c-40ef-a257-bf9cf314d1db", diff --git a/packages/cisco_secure_endpoint/manifest.yml b/packages/cisco_secure_endpoint/manifest.yml index d37e6b5f6c6..9c63ed5c836 100644 --- a/packages/cisco_secure_endpoint/manifest.yml +++ b/packages/cisco_secure_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_endpoint title: Cisco Secure Endpoint (AMP) -version: 2.4.1 +version: "2.5.0" license: basic description: Collect logs from Cisco Secure Endpoint (AMP) with Elastic Agent. type: integration diff --git a/packages/cisco_umbrella/_dev/build/build.yml b/packages/cisco_umbrella/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cisco_umbrella/_dev/build/build.yml +++ b/packages/cisco_umbrella/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index 818e81b9202..2294794421e 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.1" changes: - description: Update to readme. added link to Cisco documentation diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json index 00751fb3267..eafd30ce101 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json index e69ee4c688f..7c3d7a25eee 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json @@ -26,7 +26,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -97,7 +97,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json index 60f22f99c47..a913b0003d1 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json @@ -26,7 +26,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dns-request-Allowed", @@ -100,7 +100,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dns-request-Blocked", @@ -168,7 +168,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dns-request-Allowed", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json index b752261888b..b85101542fd 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json @@ -25,7 +25,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -84,7 +84,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json index 07ee992beb5..848e16b055a 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json @@ -30,7 +30,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -115,7 +115,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml index cadb340add1..6af2a1ea799 100644 --- a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco Umbrella processors: - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: observer.vendor value: Cisco diff --git a/packages/cisco_umbrella/data_stream/log/sample_event.json b/packages/cisco_umbrella/data_stream/log/sample_event.json index f2356b0269f..180f761add1 100644 --- a/packages/cisco_umbrella/data_stream/log/sample_event.json +++ b/packages/cisco_umbrella/data_stream/log/sample_event.json @@ -42,7 +42,7 @@ }, "@timestamp": "2020-07-23T23:48:56.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "related": { "hash": [ diff --git a/packages/cisco_umbrella/docs/README.md b/packages/cisco_umbrella/docs/README.md index 248366de8c7..d4976f4ef09 100644 --- a/packages/cisco_umbrella/docs/README.md +++ b/packages/cisco_umbrella/docs/README.md @@ -60,7 +60,7 @@ An example event for `log` looks as following: }, "@timestamp": "2020-07-23T23:48:56.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "related": { "hash": [ diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml index bb5cdff6384..f57807277ca 100644 --- a/packages/cisco_umbrella/manifest.yml +++ b/packages/cisco_umbrella/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_umbrella title: Cisco Umbrella -version: 1.0.1 +version: "1.1.0" license: basic description: Collect logs from Cisco Umbrella with Elastic Agent. type: integration diff --git a/packages/cloudflare/_dev/build/build.yml b/packages/cloudflare/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cloudflare/_dev/build/build.yml +++ b/packages/cloudflare/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index b36b7ef77d9..4197dde01ba 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.0.1" changes: - description: Add link to vendor documentation in readme diff --git a/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index cf7d26771c7..57a9f9d6d04 100644 --- a/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "token_create", @@ -109,7 +109,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "token_revoke", @@ -185,7 +185,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "api_key_view", @@ -261,7 +261,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "api_key_view", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rotate_api_key", @@ -413,7 +413,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "api_key_created", @@ -493,7 +493,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "token_create", @@ -569,7 +569,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "purge", @@ -736,7 +736,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "tls_settings_deployed", @@ -789,7 +789,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete", @@ -871,7 +871,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "token_revoke", @@ -953,7 +953,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "token_revoke", @@ -1035,7 +1035,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "token_roll", @@ -1115,7 +1115,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "token_create", @@ -1204,7 +1204,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -1294,7 +1294,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -1384,7 +1384,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -1475,7 +1475,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -1566,7 +1566,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -1657,7 +1657,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -1748,7 +1748,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -1839,7 +1839,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -1929,7 +1929,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -2019,7 +2019,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -2109,7 +2109,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -2199,7 +2199,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_del", @@ -2288,7 +2288,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -2377,7 +2377,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -2466,7 +2466,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -2555,7 +2555,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -2644,7 +2644,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -2734,7 +2734,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -2824,7 +2824,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -2914,7 +2914,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -3004,7 +3004,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -3094,7 +3094,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -3183,7 +3183,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -3272,7 +3272,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -3361,7 +3361,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rec_add", @@ -3442,7 +3442,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pending", @@ -3530,7 +3530,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "tls_settings_deployed", @@ -3584,7 +3584,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add", @@ -3667,7 +3667,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_setting", @@ -3748,7 +3748,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "token_create", @@ -3824,7 +3824,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login", @@ -3930,8 +3930,8 @@ "country_iso_code": "NO", "country_name": "Norway", "location": { - "lat": 62, - "lon": 10 + "lat": 62.0, + "lon": 10.0 } }, "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" diff --git a/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 7970b6597d5..e6eb6fd853a 100644 --- a/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cloudflare audit logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare/data_stream/audit/sample_event.json b/packages/cloudflare/data_stream/audit/sample_event.json index f3bfb9f88d8..39d844d4d02 100644 --- a/packages/cloudflare/data_stream/audit/sample_event.json +++ b/packages/cloudflare/data_stream/audit/sample_event.json @@ -33,7 +33,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json b/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json index eec79a6d4f7..23cb689119b 100644 --- a/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json +++ b/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json @@ -105,7 +105,7 @@ "bytes": 2848 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -283,7 +283,7 @@ "bytes": 24743 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -487,7 +487,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml index 894c07fd870..c718038236a 100644 --- a/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cloudflare logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare/data_stream/logpull/sample_event.json b/packages/cloudflare/data_stream/logpull/sample_event.json index 798d1c9b58e..625c77e088a 100644 --- a/packages/cloudflare/data_stream/logpull/sample_event.json +++ b/packages/cloudflare/data_stream/logpull/sample_event.json @@ -103,7 +103,7 @@ "bytes": 2848 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/docs/README.md b/packages/cloudflare/docs/README.md index 1ef65f949f0..ea6e87a6c14 100644 --- a/packages/cloudflare/docs/README.md +++ b/packages/cloudflare/docs/README.md @@ -178,7 +178,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", @@ -539,7 +539,7 @@ An example event for `logpull` looks as following: "bytes": 2848 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/manifest.yml b/packages/cloudflare/manifest.yml index ddbc27b8a2b..e654471782b 100644 --- a/packages/cloudflare/manifest.yml +++ b/packages/cloudflare/manifest.yml @@ -1,6 +1,6 @@ name: cloudflare title: Cloudflare -version: 2.0.1 +version: "2.1.0" release: ga description: Collect and parse logs from Cloudflare API with Elastic Agent. type: integration diff --git a/packages/crowdstrike/_dev/build/build.yml b/packages/crowdstrike/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/crowdstrike/_dev/build/build.yml +++ b/packages/crowdstrike/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index 4dbec56bc28..f6e078f1862 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.4" changes: - description: Prevent missing `@timestamp` field. diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json index 6b37db9c714..0e029734f1d 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -152,7 +152,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -259,7 +259,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -322,7 +322,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user_activity_audit_event", @@ -382,7 +382,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -436,7 +436,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -550,7 +550,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -604,7 +604,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -658,7 +658,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -729,7 +729,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user_activity_audit_event", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json index 78827833d93..3883d706a11 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Prevention, process killed.", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "incident", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user_activity_audit_event", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json index f7bd095f687..600553e158c 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json @@ -46,7 +46,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -121,7 +121,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "incident", @@ -183,7 +183,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user_activity_audit_event", @@ -290,7 +290,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -356,7 +356,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": [ @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Detection, process would have been blocked if related prevention policy setting was enabled.", diff --git a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml index 2a94af718b5..40dbc432e7e 100644 --- a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Ingest pipeline for normalizing CrowdStrike Falcon logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/crowdstrike/data_stream/falcon/sample_event.json b/packages/crowdstrike/data_stream/falcon/sample_event.json index b2a82f11fc4..e12d36b60cb 100644 --- a/packages/crowdstrike/data_stream/falcon/sample_event.json +++ b/packages/crowdstrike/data_stream/falcon/sample_event.json @@ -52,7 +52,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", diff --git a/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json b/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json index e22bdef7c0e..12c27828caf 100644 --- a/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json +++ b/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json @@ -18,7 +18,7 @@ "name": "SyntheticProcessRollup2MacV3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SyntheticProcessRollup2", @@ -119,7 +119,7 @@ "name": "EndOfProcessMacV15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EndOfProcess", @@ -206,7 +206,7 @@ "port": 546 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RawBindIP6", @@ -298,7 +298,7 @@ "name": "ProcessRollup2StatsMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ProcessRollup2Stats", @@ -397,7 +397,7 @@ "name": "SensorHeartbeatMacV4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SensorHeartbeat", @@ -469,7 +469,7 @@ "name": "ProcessRollup2MacV5" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ProcessRollup2", @@ -581,7 +581,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkReceiveAcceptIP4", @@ -670,7 +670,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RawBindIP4", @@ -769,7 +769,7 @@ "port": 50626 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkConnectIP6", @@ -858,7 +858,7 @@ "name": "ProcessRollup2LinV6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ProcessRollup2", @@ -963,7 +963,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkConnectIP6", @@ -1043,7 +1043,7 @@ "name": "OoxmlFileWrittenMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "OoxmlFileWritten", @@ -1139,7 +1139,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkConnectIP4", @@ -1235,7 +1235,7 @@ "name": "ChannelVersionRequiredLinV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ChannelVersionRequired", @@ -1293,7 +1293,7 @@ "name": "LocalIpAddressIP6LinV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LocalIpAddressIP6", @@ -1379,7 +1379,7 @@ "name": "ChannelVersionRequiredMacV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ChannelVersionRequired", @@ -1439,7 +1439,7 @@ "name": "SensorHeartbeatLinV4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SensorHeartbeat", @@ -1503,7 +1503,7 @@ "name": "JavaClassFileWrittenMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "JavaClassFileWritten", @@ -1600,7 +1600,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkConnectIP4", @@ -1690,7 +1690,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DnsRequest", @@ -1760,7 +1760,7 @@ "name": "NewScriptWrittenMacV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NewScriptWritten", @@ -1839,7 +1839,7 @@ "name": "LocalIpAddressRemovedIP6LinV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LocalIpAddressRemovedIP6", @@ -1922,7 +1922,7 @@ "name": "DirectoryCreateMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DirectoryCreate", @@ -2023,7 +2023,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkCloseIP4", @@ -2144,7 +2144,7 @@ "name": "FsVolumeMountedMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FsVolumeMounted", @@ -2216,7 +2216,7 @@ "name": "LocalIpAddressIP4LinV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LocalIpAddressIP4", @@ -2300,7 +2300,7 @@ "name": "LocalIpAddressRemovedIP6MacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LocalIpAddressRemovedIP6", @@ -2395,7 +2395,7 @@ "name": "LocalIpAddressIP6MacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LocalIpAddressIP6", @@ -2483,7 +2483,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkListenIP4", @@ -2562,7 +2562,7 @@ "name": "ExecutableDeletedMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ExecutableDeleted", @@ -2638,7 +2638,7 @@ "name": "GzipFileWrittenMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GzipFileWritten", @@ -2711,7 +2711,7 @@ "name": "IOServiceRegisterMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "IOServiceRegister", @@ -2776,7 +2776,7 @@ "name": "PtyCreatedMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "PtyCreated", @@ -2848,7 +2848,7 @@ "name": "LocalIpAddressRemovedIP4MacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LocalIpAddressRemovedIP4", @@ -2936,7 +2936,7 @@ "port": 9 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkCloseIP6", @@ -3022,7 +3022,7 @@ "name": "ConfigStateUpdateLinV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ConfigStateUpdate", @@ -3087,7 +3087,7 @@ "name": "SuspiciousDnsRequestMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SuspiciousDnsRequest", @@ -3163,7 +3163,7 @@ "name": "ErrorEventLinV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ErrorEvent", @@ -3256,7 +3256,7 @@ "name": "ConfigStateUpdateMacV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ConfigStateUpdate", @@ -3321,7 +3321,7 @@ "name": "KextLoadMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "KextLoad", @@ -3392,7 +3392,7 @@ "name": "ChannelVersionRequiredLinV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ChannelVersionRequired", @@ -3452,7 +3452,7 @@ "name": "ProcessRollup2StatsLinV3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ProcessRollup2Stats", @@ -3541,7 +3541,7 @@ "name": "UserIdentityMacV4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserIdentity", @@ -3625,7 +3625,7 @@ "name": "DeliverLocalFXToCloudMacV4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DeliverLocalFXToCloud", @@ -3682,7 +3682,7 @@ "name": "CreateProcessArgsMac" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CreateProcessArgs", @@ -3780,7 +3780,7 @@ "name": "PdfFileWrittenMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "PdfFileWritten", @@ -3860,7 +3860,7 @@ "name": "GroupIdentityMacV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GroupIdentity", @@ -3929,7 +3929,7 @@ "name": "MachOFileWrittenMacV3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MachOFileWritten", @@ -4019,7 +4019,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkListenIP6", @@ -4220,7 +4220,7 @@ "name": "CurrentSystemTagsMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CurrentSystemTags", @@ -4285,7 +4285,7 @@ "name": "NewExecutableWrittenMacV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NewExecutableWritten", @@ -4490,7 +4490,7 @@ "name": "LfoUploadDataCompleteMacV3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LfoUploadDataComplete", @@ -4563,7 +4563,7 @@ "name": "LightningLatencyInfoMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LightningLatencyInfo", @@ -4655,7 +4655,7 @@ "name": "NeighborListIP4MacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NeighborListIP4", @@ -4720,7 +4720,7 @@ "name": "ZipFileWrittenMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ZipFileWritten", @@ -4821,7 +4821,7 @@ "name": "AgentOnlineMacV13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AgentOnline", @@ -4899,7 +4899,7 @@ "name": "CriticalFileAccessedMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CriticalFileAccessed", @@ -4988,7 +4988,7 @@ "name": "OsVersionInfoMacV3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "OsVersionInfo", @@ -5070,7 +5070,7 @@ "name": "ConfigStateUpdateLinV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ConfigStateUpdate", @@ -5134,7 +5134,7 @@ "name": "LFODownloadConfirmationLinV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LFODownloadConfirmation", @@ -5215,7 +5215,7 @@ "name": "TarFileWrittenMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TarFileWritten", @@ -5304,7 +5304,7 @@ "name": "AgentConnectMacV5" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AgentConnect", @@ -5372,7 +5372,7 @@ "name": "LFODownloadConfirmationMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LFODownloadConfirmation", @@ -5455,7 +5455,7 @@ "name": "AsepFileChangeMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AsepFileChange", @@ -5533,7 +5533,7 @@ "name": "TerminateProcessLinV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TerminateProcess", @@ -5604,7 +5604,7 @@ "name": "FirewallEnabledMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FirewallEnabled", @@ -5673,7 +5673,7 @@ "name": "FsVolumeUnmountedMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FsVolumeUnmounted", @@ -5744,7 +5744,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkListenIP4", @@ -5824,7 +5824,7 @@ "name": "ELFFileWrittenMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ELFFileWritten", @@ -5915,7 +5915,7 @@ "name": "OsVersionInfoLinV4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "OsVersionInfo", @@ -5982,7 +5982,7 @@ "name": "CriticalFileModifiedMacV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CriticalFileModified", @@ -6071,7 +6071,7 @@ "name": "NeighborListIP6MacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NeighborListIP6", @@ -6137,7 +6137,7 @@ "name": "NewScriptWrittenMacV3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NewScriptWritten", @@ -6232,7 +6232,7 @@ "name": "SystemCapacityMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SystemCapacity", @@ -6302,7 +6302,7 @@ "name": "FirmwareAnalysisStatusMacV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FirmwareAnalysisStatus", @@ -6381,7 +6381,7 @@ "name": "LocalIpAddressIP4MacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LocalIpAddressIP4", @@ -6471,7 +6471,7 @@ "name": "ProcessRollup2LinV5" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ProcessRollup2", @@ -6579,7 +6579,7 @@ "name": "EndOfProcessMacV14" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EndOfProcess", @@ -6709,7 +6709,7 @@ "name": "EndOfProcessV15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EndOfProcess", @@ -6806,7 +6806,7 @@ "name": "EndOfProcessMacV12" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EndOfProcess", @@ -6899,7 +6899,7 @@ "name": "ProcessRollup2V17" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ProcessRollup2", @@ -6997,7 +6997,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DnsRequest", @@ -7067,7 +7067,7 @@ "name": "CriticalFileAccessedLinV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CriticalFileAccessed", @@ -7160,7 +7160,7 @@ "name": "ProcessRollup2MacV3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ProcessRollup2", @@ -7266,7 +7266,7 @@ "name": "NewScriptWrittenV7" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NewScriptWritten", @@ -7362,7 +7362,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkConnectIP4", @@ -7463,7 +7463,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkConnectIP4", @@ -7564,7 +7564,7 @@ "name": "UserLogonV8" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLogon", @@ -7656,7 +7656,7 @@ "name": "PeFileWrittenV14" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "PeFileWritten", @@ -7752,7 +7752,7 @@ "name": "UserLogoffV3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLogoff", @@ -7839,7 +7839,7 @@ "name": "NewExecutableWrittenV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NewExecutableWritten", @@ -7924,7 +7924,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkListenIP4", @@ -8030,7 +8030,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLogonFailed2", @@ -8115,7 +8115,7 @@ "name": "ExecutableDeletedV3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ExecutableDeleted", @@ -8207,7 +8207,7 @@ "name": "EndOfProcessMacV11" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EndOfProcess", @@ -8283,7 +8283,7 @@ "name": "RegisterRawInputDevicesEtwV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RegisterRawInputDevicesEtw", @@ -8357,7 +8357,7 @@ "name": "LFODownloadConfirmationV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "LFODownloadConfirmation", @@ -8446,7 +8446,7 @@ "name": "NewExecutableRenamedV6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NewExecutableRenamed", @@ -8535,7 +8535,7 @@ "name": "DirectoryCreateV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DirectoryCreate", @@ -8620,7 +8620,7 @@ "name": "ServiceStartedV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ServiceStarted", @@ -8711,7 +8711,7 @@ "port": 2181 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkConnectIP6", @@ -8805,7 +8805,7 @@ "name": "UserIdentityV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserIdentity", @@ -8917,7 +8917,7 @@ "name": "ProcessRollup2V16" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ProcessRollup2", @@ -9020,7 +9020,7 @@ "name": "RansomwareOpenFileV4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RansomwareOpenFile", @@ -9152,7 +9152,7 @@ "name": "EndOfProcessV14" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EndOfProcess", @@ -9245,7 +9245,7 @@ "name": "OoxmlFileWrittenV11" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "OoxmlFileWritten", @@ -9331,7 +9331,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkListenIP6", @@ -9424,7 +9424,7 @@ "name": "AsepFileChangeMacV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AsepFileChange", @@ -9507,7 +9507,7 @@ "name": "UserLogonFailedV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLogonFailed", @@ -9600,7 +9600,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkConnectIP6", @@ -9690,7 +9690,7 @@ "name": "NewExecutableRenamedMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NewExecutableRenamed", @@ -9778,7 +9778,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkListenIP6", @@ -9860,7 +9860,7 @@ "name": "SuspiciousDnsRequestV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SuspiciousDnsRequest", @@ -9942,7 +9942,7 @@ "name": "FsVolumeMountedV6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FsVolumeMounted", @@ -10018,7 +10018,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NetworkListenIP4", @@ -10108,7 +10108,7 @@ "name": "HostedServiceStartedV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "HostedServiceStarted", @@ -10184,7 +10184,7 @@ "name": "HostedServiceStoppedV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "HostedServiceStopped", @@ -10262,7 +10262,7 @@ "name": "PdfFileWrittenV11" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "PdfFileWritten", @@ -10360,7 +10360,7 @@ "name": "ProcessRollup2V18" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ProcessRollup2", @@ -10452,7 +10452,7 @@ "name": "UserIdentityMacV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserIdentity", @@ -10533,7 +10533,7 @@ "name": "HostInfoV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "HostInfo", @@ -10607,7 +10607,7 @@ "name": "GenericFileWrittenV11" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GenericFileWritten", @@ -10686,7 +10686,7 @@ "name": "FsVolumeUnmountedV2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FsVolumeUnmounted", @@ -10755,7 +10755,7 @@ "name": "FirewallDisabledMacV1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FirewallDisabled", @@ -10833,7 +10833,7 @@ "cid": "ffffffff30a3407dae27d0503611022ff" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2021-11-09T05:47:19.952Z", @@ -10908,7 +10908,7 @@ "name": "UserLogoffV3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLogoff", diff --git a/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml index 8f90f5732c3..3d80e8e117e 100644 --- a/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml @@ -77,7 +77,7 @@ processors: ## ECS fields. - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" ## Categorization. - script: diff --git a/packages/crowdstrike/data_stream/fdr/sample_event.json b/packages/crowdstrike/data_stream/fdr/sample_event.json index 07551bd55ba..3b961e03614 100644 --- a/packages/crowdstrike/data_stream/fdr/sample_event.json +++ b/packages/crowdstrike/data_stream/fdr/sample_event.json @@ -31,7 +31,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", diff --git a/packages/crowdstrike/docs/README.md b/packages/crowdstrike/docs/README.md index 77ec53e0b5b..8b672a29c1d 100644 --- a/packages/crowdstrike/docs/README.md +++ b/packages/crowdstrike/docs/README.md @@ -22,7 +22,7 @@ Contains endpoint data and CrowdStrike Falcon platform audit data forwarded from |---|---|---| | @timestamp | Event timestamp. | date | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | -| agent.name | Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty. | keyword | +| agent.name | Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. | keyword | | agent.type | Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. | keyword | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.availability_zone | Availability zone in which this host is running. | keyword | @@ -278,7 +278,7 @@ An example event for `falcon` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", @@ -933,7 +933,7 @@ An example event for `fdr` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml index d188e5438bf..af621783f8e 100644 --- a/packages/crowdstrike/manifest.yml +++ b/packages/crowdstrike/manifest.yml @@ -1,6 +1,6 @@ name: crowdstrike title: CrowdStrike Logs -version: "1.3.4" +version: "1.4.0" description: Collect and parse falcon logs from Crowdstrike products with Elastic Agent. type: integration format_version: 1.0.0 diff --git a/packages/cyberarkpas/_dev/build/build.yml b/packages/cyberarkpas/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cyberarkpas/_dev/build/build.yml +++ b/packages/cyberarkpas/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index 1fd8792cfd2..6b280962183 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.4.2" changes: - description: Fix broken file paths configuration variable diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json index 615d22ceed8..d3217e4c782 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json @@ -25,7 +25,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add file category", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add file category", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add file category", @@ -222,7 +222,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add file category", @@ -289,7 +289,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add file category", @@ -357,7 +357,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json index bfa18116f8c..c12dc11be9b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json @@ -25,7 +25,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update file category", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update file category", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update file category", @@ -222,7 +222,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update file category", @@ -290,7 +290,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update file category", @@ -358,7 +358,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json index 53fc13cb09f..5b20d475efc 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json @@ -26,7 +26,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json index 6200a51d3f8..faa8e095f22 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rename file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json index 23e7b7113e1..208fadd25e3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rename file (cont.)", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json index 285f1b0706c..bf18f69310c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "unlock file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json index 65de2e39e05..f631e85f9f9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json @@ -43,7 +43,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm disable password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json index 191b7d116f9..635db375ed7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "get user's details", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json index 82c40895064..0f09955bc8c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -95,7 +95,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -173,7 +173,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -251,7 +251,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -329,7 +329,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -407,7 +407,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -485,7 +485,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -564,7 +564,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -643,7 +643,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -722,7 +722,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -801,7 +801,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", @@ -880,7 +880,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add user", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json index 70b4ce1cdb6..52f81b73f07 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json index 668678b5628..d9b41e3d9b1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add safe", @@ -80,7 +80,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json index 770a65977ca..9e97d41be58 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add folder", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add folder", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json index aafa94978d6..5cfbd294def 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "full gateway connection", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "full gateway connection", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "full gateway connection", @@ -289,7 +289,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "full gateway connection", @@ -370,7 +370,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "full gateway connection", @@ -462,7 +462,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "full gateway connection", @@ -554,7 +554,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "full gateway connection", @@ -637,7 +637,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "full gateway connection", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "full gateway connection", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json index 2148786e9b2..56f46de95c5 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "partial gateway connection", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json index 304c669f4ee..f41912cc827 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "old backup files deletion start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json index ab798ac45fb..309b355b103 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "old backup files deletion end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json index 5b3de040105..2328a2430af 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json index 3d6e070f512..94967574f35 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "action on closed safe", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "action on closed safe", @@ -136,7 +136,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "action on closed safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json index ee4780fa908..83aa70b493e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json @@ -42,7 +42,7 @@ "domain": "radiussrv.cyberark.local" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm change password", @@ -136,7 +136,7 @@ "domain": "components" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm change password", @@ -239,7 +239,7 @@ "domain": "components" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm change password", @@ -343,7 +343,7 @@ "domain": "components" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm change password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json index b7d933673b1..33df36321e4 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add/update group", @@ -79,7 +79,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add/update group", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add/update group", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add/update group", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json index 56a8f135248..86551b4ecb9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -144,7 +144,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -207,7 +207,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -333,7 +333,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -396,7 +396,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -459,7 +459,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -522,7 +522,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -586,7 +586,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -650,7 +650,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -714,7 +714,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -778,7 +778,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", @@ -842,7 +842,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add group member", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json index a9da765eef7..079f26f7d96 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "remove group member", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "remove group member", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json index 6ba58f8acd7..7cd1ca4e14f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "remove owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json index e65fb5a99d1..1cec2bb60b3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add rule", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json index f736e3c9c68..6e902607348 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "auto clear users history start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "auto clear users history start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json index 674f760cb0d..bbf8294c3f3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "auto clear users history end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "auto clear users history end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json index e90b99eccf1..7527b5840a9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "auto clear safes history start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json index 84739b27c1c..ba2d8aaa9f1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "auto clear safes history end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json index 96411f314c0..a1b44921ad0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json @@ -28,7 +28,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store password", @@ -90,7 +90,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store password", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store password", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store password", @@ -296,7 +296,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store password", @@ -362,7 +362,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store password", @@ -449,7 +449,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store password", @@ -517,7 +517,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store password", @@ -596,7 +596,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store password", @@ -674,7 +674,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json index 64b841b474a..002f583b88c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -219,7 +219,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -324,7 +324,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -410,7 +410,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -510,7 +510,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -600,7 +600,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -694,7 +694,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -803,7 +803,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -889,7 +889,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -979,7 +979,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -1073,7 +1073,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json index 4644d59516d..22dd021c11d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json @@ -47,7 +47,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -387,7 +387,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -621,7 +621,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -861,7 +861,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -992,7 +992,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -1121,7 +1121,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -1250,7 +1250,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -1379,7 +1379,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -1504,7 +1504,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -1629,7 +1629,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -1763,7 +1763,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -1897,7 +1897,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", @@ -2031,7 +2031,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm connect", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json index bc8c11f13e3..4eb345bb130 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json @@ -48,7 +48,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -156,7 +156,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -275,7 +275,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -394,7 +394,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -632,7 +632,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -751,7 +751,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -876,7 +876,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -1009,7 +1009,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -1140,7 +1140,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -1271,7 +1271,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -1402,7 +1402,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -1529,7 +1529,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -1656,7 +1656,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -1792,7 +1792,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", @@ -1928,7 +1928,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm disconnect", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json index 11d884e9926..4daadef5e2a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "psm upload recording", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json index 2504ae675c8..5dd332f4fbb 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", @@ -244,7 +244,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", @@ -351,7 +351,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", @@ -458,7 +458,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", @@ -565,7 +565,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", @@ -672,7 +672,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", @@ -784,7 +784,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", @@ -902,7 +902,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", @@ -1025,7 +1025,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", @@ -1148,7 +1148,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "use password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json index 30896ed6d29..49876f226a4 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json @@ -21,7 +21,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_failure", @@ -95,7 +95,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_failure", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_failure", @@ -254,7 +254,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_failure", @@ -338,7 +338,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_failure", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json index 91cd276d2ea..4ec2672c71d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json @@ -44,7 +44,7 @@ "domain": "dbserver.cyberark.local" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm reconcile password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json index e50d49885e0..0831bd40b2b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "monitor dr replication start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "monitor dr replication start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json index 7641c9d82e9..348d0b0eee2 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "monitor dr replication end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "monitor dr replication end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json index 3fbb19fc0b8..d19d3d41da0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "reset user password detailed information", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json index a3c6d33eb7f..856bfd57cf4 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "reset user password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json index 6e18fb7a9b3..55fd5b6e78e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -179,7 +179,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -260,7 +260,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -422,7 +422,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -503,7 +503,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -584,7 +584,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -665,7 +665,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -827,7 +827,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -908,7 +908,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -989,7 +989,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -1070,7 +1070,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -1151,7 +1151,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", @@ -1232,7 +1232,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json index 63482dee92a..ecaaaf4717a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm auto-detection start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json index 65b68fe2e44..f01a69ae35f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm auto-detection end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json index 5381eb6a043..9da5974678a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update owner", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update owner", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update owner", @@ -261,7 +261,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update owner", @@ -342,7 +342,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update owner", @@ -423,7 +423,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update owner", @@ -505,7 +505,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json index 10f0f71ce25..c5f179c10ad 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "monitor license expiration date start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json index 5a7ef679b16..29730eb6e96 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "monitor license expiration date end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json index 20ce62c255b..81a6535679f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "monitor fw rules start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "monitor fw rules start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json index e2dc4666514..855b02fd795 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "monitor fw rules end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "monitor fw rules end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json index 52a9e55649e..28212cd12f9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sql command", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sql command", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sql command", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sql command", @@ -530,7 +530,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sql command", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sql command", @@ -766,7 +766,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sql command", @@ -884,7 +884,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sql command", @@ -1002,7 +1002,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sql command", @@ -1120,7 +1120,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sql command", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json index 2e354b68a63..dccd5fe3523 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "keystroke logging", @@ -164,7 +164,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "keystroke logging", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "keystroke logging", @@ -426,7 +426,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "keystroke logging", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "keystroke logging", @@ -693,7 +693,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "keystroke logging", @@ -829,7 +829,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "keystroke logging", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json index 6144f3c24a7..67a428a4325 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -413,7 +413,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -532,7 +532,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -640,7 +640,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -749,7 +749,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -967,7 +967,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -1076,7 +1076,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -1188,7 +1188,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -1300,7 +1300,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -1412,7 +1412,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -1527,7 +1527,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", @@ -1646,7 +1646,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json index 3a9c8f2a993..ca15df48bb9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json @@ -23,7 +23,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blservice audit record", @@ -86,7 +86,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blservice audit record", @@ -149,7 +149,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blservice audit record", @@ -212,7 +212,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blservice audit record", @@ -275,7 +275,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blservice audit record", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json index 660aa444158..6a0f963d7ea 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_failure", @@ -96,7 +96,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_failure", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json index be017936874..abe2943d6a0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json @@ -56,7 +56,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "window title", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json index 365d8c4e2a6..9b34947dc5a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "keystroke logging", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json index bd3871b1af1..8b05f1d0c44 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm verify ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json index 11deb9423f1..4e9b88a3712 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json index 5b9aefde0f0..c4b02747301 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve ssh key", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve ssh key", @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json index 1635cff6950..6297a840c20 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create discovery succeeded", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json index 9ce892c55e9..0b157073817 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "general audit", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "general audit", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "general audit", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json index 6b03445799d..70e15d8ed2f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "the component public key for jwt authentication was updated", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json index 555626db96e..01fb4295e29 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "security warning - the signature hash algorithm of the vault certificate is sha1.", @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "security warning - the signature hash algorithm of the vault certificate is sha1.", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json index 76420ff3646..289308600ee 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "update existing add account bulk operation succeeded", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json index 6568c0af109..655233c53e7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store file", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store file", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store file", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store file", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store file", @@ -337,7 +337,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "store file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json index ae8b5873f1e..ed754240da0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve file", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve file", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json index 4b2bc7da32b..afa06aa76e9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json @@ -31,7 +31,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file", @@ -106,7 +106,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file", @@ -167,7 +167,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file", @@ -225,7 +225,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file", @@ -301,7 +301,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file", @@ -372,7 +372,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file", @@ -445,7 +445,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file", @@ -518,7 +518,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file", @@ -595,7 +595,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file", @@ -672,7 +672,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json index 32d817759f7..4eb506a6d20 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json @@ -54,7 +54,7 @@ "domain": "rhel7.cybr.com" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm change password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json index d3e5875c2b3..e052eeb846c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "clear safe history", @@ -68,7 +68,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "clear safe history", @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "clear safe history", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json index d039ec2997e..4538af9b9ec 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json @@ -54,7 +54,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm reconcile password failed", @@ -172,7 +172,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm reconcile password failed", @@ -288,7 +288,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm reconcile password failed", @@ -406,7 +406,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm reconcile password failed", @@ -524,7 +524,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm reconcile password failed", @@ -641,7 +641,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm reconcile password failed", @@ -760,7 +760,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm reconcile password failed", @@ -877,7 +877,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm reconcile password failed", @@ -997,7 +997,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "cpm reconcile password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json index 339bb3e27e0..6712dda627d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create file version", @@ -84,7 +84,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create file version", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create file version", @@ -216,7 +216,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create file version", @@ -283,7 +283,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create file version", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create file version", @@ -413,7 +413,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create file version", @@ -474,7 +474,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create file version", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json index b0f51356eec..36986152d71 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json @@ -21,7 +21,7 @@ "ip": "10.2.0.3" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -280,7 +280,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -346,7 +346,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -417,7 +417,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -492,7 +492,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -576,7 +576,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -655,7 +655,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -730,7 +730,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -805,7 +805,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json index 15508e8ed0a..265c13bcdbc 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -280,7 +280,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -346,7 +346,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -487,7 +487,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -562,7 +562,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -637,7 +637,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -727,7 +727,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -812,7 +812,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -883,7 +883,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -959,7 +959,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", @@ -1049,7 +1049,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logoff", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json index 92f77155448..2c2a7eb9ef3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -68,7 +68,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -118,7 +118,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -217,7 +217,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -269,7 +269,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -330,7 +330,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -391,7 +391,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -452,7 +452,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -635,7 +635,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -697,7 +697,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -759,7 +759,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -821,7 +821,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -883,7 +883,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -945,7 +945,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", @@ -1007,7 +1007,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "set password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json index a82dfe94c52..1fa37156028 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "open file (write only)", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "open file (write only)", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "open file (write only)", @@ -213,7 +213,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "open file (write only)", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json index dba5e1a5a36..ae170815f81 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "open file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json index 645bbc653c9..2f8438b0884 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json index 3567eb9e2cb..caf0d3c726c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "retrieve file", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "authentication_success", diff --git a/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index c12922ca45e..18cfd4eb989 100644 --- a/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: # - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # # Set event.original from message, unless reindexing. diff --git a/packages/cyberarkpas/data_stream/audit/sample_event.json b/packages/cyberarkpas/data_stream/audit/sample_event.json index fd888f6521c..2d0ff03f012 100644 --- a/packages/cyberarkpas/data_stream/audit/sample_event.json +++ b/packages/cyberarkpas/data_stream/audit/sample_event.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/cyberarkpas/docs/README.md b/packages/cyberarkpas/docs/README.md index 12fd2f9948e..bf010d475e8 100644 --- a/packages/cyberarkpas/docs/README.md +++ b/packages/cyberarkpas/docs/README.md @@ -68,7 +68,7 @@ An example event for `audit` looks as following: } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/cyberarkpas/manifest.yml b/packages/cyberarkpas/manifest.yml index 3f07e67ad54..44589c657dd 100644 --- a/packages/cyberarkpas/manifest.yml +++ b/packages/cyberarkpas/manifest.yml @@ -1,6 +1,6 @@ name: cyberarkpas title: CyberArk Privileged Access Security Logs -version: 2.4.2 +version: "2.5.0" release: ga description: Collect audit logs from Cyberark Vault servers with Elastic Agent. type: integration diff --git a/packages/cylance/_dev/build/build.yml b/packages/cylance/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/cylance/_dev/build/build.yml +++ b/packages/cylance/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/cylance/changelog.yml b/packages/cylance/changelog.yml index 0658b99d1dd..a470ef97ee6 100644 --- a/packages/cylance/changelog.yml +++ b/packages/cylance/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.8.1" changes: - description: Format host.mac as per ECS. diff --git a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json index b1f596ede7c..784bc73b407 100644 --- a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "29-January-2016 06:09:59 high boNemoe4402.www.invalid dolore \u003c\u003csequa\u003eabo 2016-1-29T6:09:59.squira nostrud4819.mail.test CylancePROTECT mqui nci [billoi] Event Type: AuditLog, Event Name: ZoneAdd, Message: Policy Assigned:orev; Devices: pisciv , User: uii umexe (estlabo)", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016-2-12T1:12:33.olupt volup208.invalid CylancePROTECT eosquir orsi [nulapari] Event Type: AuditLog, Event Name: LoginSuccess, Message: Devices: vol, User: luptat isiutal (moenimi)", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "26-Feb-2016 8:15:08 very-high anonnu410.internal.home aqu \u003c\u003cutper\u003esquame 26T20:15:08.ntex eius6159.www5.localhost CylancePROTECT Event Name:Alert, Device Message: Device: aer User: ),lupt (tia oloremqu Zone Names: temvel Device Id: iatu", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016-3-12T3:17:42.ceroinBC ratvolup497.www.corp CylancePROTECT ionofde con [uia] Event Type: AuditLog, Event Name: SystemSecurity, Message: ommodic, User: mipsu consec (taliquip)", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016-3-26T10:20:16.gelit tatno5625.api.local CylancePROTECT taev roidents [oluptas] Event Type: AuditLog, Event Name: Alert, Message: Source: taliqu; SHA256: ommod; Reason: failure, User: tur aperi (iveli)", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "uatDuis 2016-4-9T5:22:51.ude maveniam1399.mail.lan CylancePROTECT siutaliq exercit [tempor] Event Type: omnis, Event Name: SystemSecurity, Device Name: eip, Agent Version: lupta, IP Address: (10.124.61.119), MAC Address: (01:00:5e:dc:bb:8b), Logged On Users: (occ), OS: ect Zone Names: reetdolo", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "24-Apr-2016 12:25:25 low lor340.mail.local natura \u003c\u003caboris\u003eima 24T00:25:25.tanimi nimadmin6499.local CylancePROTECT Event Name:Device Policy Assigned, Device Message: Device: dexe User: ),urerep (aquaeab liqu Zone Names: lorem Device Id: emq", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ari 2016-5-8T7:27:59.equun suntinc4934.www5.test CylancePROTECT ipis gelits [tatevel] Event Type: AuditLog, Event Name: ThreatUpdated, Message: Policy: uptatev; SHA256: uovol, User: )dmi (olab mquisnos", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "22-May-2016 14:30:33 medium tvol457.internal.local inim \u003c\u003cema\u003eroinBCSe 2016-5-22T2:30:33.onse tae1382.mail.localhost CylancePROTECT oluptate ofdeF tion Event Type: orsitame, Event Name: threat_quarantined, Threat Class: lit, Threat Subclass: iam, SHA256: qua, MD5: umdo", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016-6-5T9:33:08.eniam reetdolo2451.www.example CylancePROTECT rumet oll [erc] Event Type: ScriptControl, Event Name: SystemSecurity, Device Name: llam, File Path: aspern, Interpreter: itlabori, Interpreter Version: 1.2344, Zone Names: ollit, User Name: usan", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "olo 2016-6-20T4:35:42.uaera sitas4259.mail.corp CylancePROTECT atquovo iumto aboreetd Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Zone: dun; Policy: enim; Value: saute, User: vel quu (undeo)", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016-7-4T11:38:16.isqu uis7612.www5.domain CylancePROTECT llumquid tation [ips] Event Type: emeumfug, Event Name: Registration, emporinc", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cup 2016-7-18T6:40:50.boNemoen uid7309.api.domain CylancePROTECT uradi aborumSe luptat Event Type: AuditLog, Event Name: SyslogSettingsSave, Message: Policy: antiumto, User: strude ctetura (usmod)", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2-Aug-2016 1:43:25 high fugit7668.www5.invalid lupt \u003c\u003cxea\u003equa 2T01:43:25.luptatev admi3749.api.lan CylancePROTECT Event Name:DeviceRemove, Device Message: Device: tinvol; Zones Removed: dolore; Zones Added: abor, User: iqui etc (etM), Zone Names:nimadmin Device Id: ditautfu", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016-8-16T8:45:59.ostr rudexerc703.internal.host CylancePROTECT itaut imaven [liqua] Event Type: ScriptControl, Event Name: fullaccess, Device Name: onproide, File Path: Nemoen, Interpreter: tfug, Interpreter Version: 1.5383 (ccu), Zone Names: urE, User Name: isaute", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eomnisis 2016-8-30T3:48:33.mqui civeli370.www5.local CylancePROTECT sunt stl tdolorem Event Type: AuditLog, Event Name: Alert, Message: The Device: picia was auto assigned to the Zone: IP Address: Fake Devices, User: mUtenima emaperi ()tame", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 2016/09/13 22:51:07 ivelits712.api.example CylancePROTECT Event Type: AppControl, etdolo inv [agnaali] Event Type: AppControl, Event Name: threat_found, Device Name: sequatur, IP Address: (10.199.98.186), Action: cancel, Action Type: nihi, File Path: Lor, SHA256: itecto, Zone Names: erc", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "olupt 2016-9-28T5:53:42.modoco estqu1709.internal.example CylancePROTECT ostrume molest [upt] Event Type: Threat, Event Name: LoginSuccess, Device Name: uasia, IP Address: (10.64.70.5), File Name: ici, Path: giatquov, Drive Type: eritquii, SHA256: dexeac, MD5: iscinge, Status: atvol, Cylance Score: 145.898000, Found Date: uames, File Type: tati, Is Running: utaliqu, Auto Run: oriosamn, Detected By: deFinibu, Zone Names: iadese, Is Malware: imidest, Is Unique To Cylance: emagnama, Threat Classification: eprehend", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016-10-12T12:56:16.suntinc xeac7155.www.localdomain CylancePROTECT taliq intoccae [ents] Event Type: pida, Event Name: Alert, Device Name: idolor, Agent Version: emeumfu, IP Address: (10.143.239.210), MAC Address: (01:00:5e:93:1c:9f), Logged On Users: (oinBCSe), OS: mnisist Zone Names: sedd", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ipitla 2016-10-26T7:58:50.quae maccusa5126.api.domain CylancePROTECT idex xerci [aqu] Event Type: ExploitAttempt, Event Name: Alert, Device Name: olorema, IP Address: (10.32.143.134), Action: accept, Process ID: 2289, Process Name: aliqu.exe, User Name: olupta, Violation Type: mipsumd, Zone Names: eFinib", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10-Nov-2016 3:01:24 low eav3687.internal.local siar \u003c\u003corev\u003eiamquis 10T03:01:24.quirat llu4718.localhost CylancePROTECT Event Name:DeviceEdit, Device Name:conseq, External Device Type:oidentsu, External Device Vendor ID:atiset, External Device Name:atu, External Device Product ID:umexerci, External Device Serial Number:ern, Zone Names:psaquae", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 24 10:03:59 doloremi7402.www.test CylancePROTECT Event Type:stquidol, Event Name:DeviceRemove, Device Message: Device: leumiu; Policy Changed: namali to 'taevit', User: rinrepre etconse (tincu), Zone Names:ari, Device Id: exercit", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "8-December-2016 17:06:33 very-high occae1180.internal.localhost aquaeabi \u003c\u003clita\u003eadeseru 2016-12-8T5:06:33.emoe eaq908.api.home CylancePROTECT itame intoc [oluptas] Event Type: tNequepo, Event Name: ZoneAddDevice, Device Name: luptasn, Zone Names:equat", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ihilmole 2016-12-23T12:09:07.eriamea amre146.mail.host CylancePROTECT pisciv iquidex radipisc Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Policy: nti; SHA256: abi; Category: sectetur, User: )uioffi (oru temqu", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ommodico 2017-1-6T7:11:41.quatD mcolab379.internal.home CylancePROTECT tsedqu agnid [proide] Event Type: ScriptControl, Event Name: DeviceRemove, Device Name: tper, File Path: olor, Interpreter: Neque, Interpreter Version: 1.4129 (xerc), Zone Names: iutali, User Name: fdeFi", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jan 20 2:14:16 tasuntex5037.www.corp CylancePROTECT Event Type:boN, Event Name:threat_quarantined, Device Name:ectio, Agent Version:dutper, IP Address: (10.237.205.140), MAC Address: (01:00:5e:3f:c4:6c), Logged On Users: (uames), OS:iduntu, Zone Names:veniam", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "3-Feb-2017 9:16:50 very-high reme622.mail.example isnisiu \u003c\u003cbore\u003etsu 3T21:16:50.tcons sciun4694.api.lan CylancePROTECT Event Name:LoginSuccess, Device Message: Device: nsect User: ),idata (rumwritt magnid Zone Names: enderit Device Id: untex", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "paquioff 2017-2-18T4:19:24.mquisnos maven3758.www.invalid CylancePROTECT labor didunt uptatema Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: udan, IP Address: (10.74.104.215), Action: cancel, Process ID: 7410, Process Name: mveleu.exe, User Name: nofdeFin, Violation Type: sequam, Zone Names: temvel", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "4-Mar-2017 11:21:59 medium tvolu3997.mail.home eiu \u003c\u003cntiumdo\u003eautfu 4T11:21:59.gnaaliq mni7200.mail.localdomain CylancePROTECT Event Name:pechange, Device Name:idolor, Zone Names:uisau, Device Id: eleum", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Mar 18 6:24:33 ate4627.localdomain CylancePROTECT Event Type:officiad, Event Name:Device Policy Assigned, Message: The Device:quinescwas auto assigned to Zone:madmi, User:tur", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2-April-2017 01:27:07 very-high orem6702.invalid tev \u003c\u003csaute\u003entocca 2017-4-2T1:27:07.ostru ntoccae1705.internal.invalid CylancePROTECT temquiav equatu [upta] Event Type: ScriptControl, Event Name: Alert, Device Name: sBon, File Path: orro, Interpreter: tae, Interpreter Version: 1.3212, Zone Names: tlab, User Name: aperiame", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "16-Apr-2017 8:29:41 high tobea2364.internal.localhost itinvol \u003c\u003ceavolup\u003efugiatn 16T08:29:41.docon etconsec6708.internal.invalid CylancePROTECT Event Name:PolicyAdd, Device Name:ersp, External Device Type:tquov, External Device Vendor ID:diconseq, External Device Name:inven, External Device Product ID:osquira, External Device Serial Number:tes, Zone Names:mquame", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017-4-30T3:32:16.squirati Sedutp7428.internal.home CylancePROTECT utlabor itessequ [porro] Event Type: AuditLog, Event Name: PolicyAdd, Message: Zone: iquipe; Policy: itempor; Value: quin, User: upida tvolupt (eufugi)", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "uamni 2017-5-14T10:34:50.ctet ati4639.www5.home CylancePROTECT archite loreme [untu] Event Type: AuditLog, Event Name: Alert, Message: Device: ven; User: con nisist (usmodte)", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017-5-29T5:37:24.eturadi torever662.www5.home CylancePROTECT quam sumdolor [meaqueip] Event Type: AuditLog, Event Name: PolicyAdd, Message: The Device: pexe was auto assigned to the Zone: IP Address: 10.70.168.240, User: amcol adeser ()oin", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "12-June-2017 12:39:58 medium meius3932.internal.example ccaeca \u003c\u003cumdolo\u003euptate 2017-6-12T12:39:58.amc cusant1701.api.localdomain CylancePROTECT siutaliq dutp psaquaea Event Type: taevita, Event Name: DeviceRemove, Device Name: siut, Agent Version: tconsect, IP Address: (10.190.175.158), MAC Address: (01:00:5e:45:8b:97), Logged On Users: (ditemp), OS: edqui", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "26-June-2017 19:42:33 very-high rnatu2805.www.home enderi \u003c\u003cmquisno\u003eodoconse 2017-6-26T7:42:33.quamqua eacommod1930.internal.lan CylancePROTECT tpersp stla uptatema Event Type: AuditLog, Event Name: fullaccess, Message: Device: uradi; SHA256: tot; Category: llamco, User: )nea (psum tasnulap", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017-7-11T2:45:07.oremipsu emeumfug4387.internal.lan CylancePROTECT uidol litani [utodita] Event Type: AuditLog, Event Name: Alert, Message: Device: untincul; SHA256: iduntu, User: )ccaeca (niamq lapariat", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "uat 2017-7-25T9:47:41.tiaec rumwrit764.www5.local CylancePROTECT edquiac urerepr [eseru] Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: etMal, External Device Type: qua, External Device Vendor ID: rsita, External Device Name: ate, External Device Product ID: ipsamvo, External Device Serial Number: onula, Zone Names: miu", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 8 4:50:15 mex2054.mail.corp CylancePROTECT Event Type:luptat, Event Name:SyslogSettingsSave, Message: Provider:ica, Source IP:10.13.66.97, User: dicta taedicta (ritt)#015", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017-8-22T11:52:50.dictasun veniamqu7284.mail.invalid CylancePROTECT nte mvel nof Event Type: AuditLog, Event Name: DeviceEdit, Message: The Device: tetur was auto assigned to the Zone: IP Address: Fake Devices, User: ()xce", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "6-September-2017 06:55:24 high isiu5733.api.domain etdolor \u003c\u003clupta\u003exeaco 2017-9-6T6:55:24.nvolupt oremi1485.api.localhost CylancePROTECT iosa boNemoe [onsequ] Event Type: AuditLog, Event Name: threat_quarantined, Message: SHA256: amvolupt; Reason: success, User: atisund xea (ites)", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eri 2017-9-20T1:57:58.quunt olori416.api.test CylancePROTECT elit cidunt plica Event Type: ExploitAttempt, Event Name: Alert, Device Name: exeaco, IP Address: (10.31.190.145), Action: cancel, Process ID: 5530, Process Name: accusant.exe, User Name: onse, Violation Type: admin, Zone Names: stenatu", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "4-Oct-2017 9:00:32 high nvol6269.internal.local tla \u003c\u003citem\u003enimid 4T21:00:32.dat periam126.api.host CylancePROTECT Event Name:threat_found, Threat Class:rExc, Threat Subclass:iusmo, SHA256:tame, MD5:naaliq", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "19-October-2017 04:03:07 medium toccaec7645.www5.home psaqua \u003c\u003cullamcor\u003eitationu 2017-10-19T4:03:07.proident maliquam2147.internal.home CylancePROTECT lores ritati orisni Event Type: DeviceControl, Event Name: PolicyAdd, Device Name: estl, External Device Type: sitam, External Device Vendor ID: orem, External Device Name: rcit, External Device Product ID: llamco, External Device Serial Number: atu, Zone Names: untincul", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "iuntNe 2017-11-2T11:05:41.atise tate6578.api.localdomain CylancePROTECT emvele isnost [olorem] Event Type: Threat, Event Name: PolicyAdd, Device Name: yCiceroi, IP Address: (10.252.165.146), File Name: iquamqua, Path: sit, Drive Type: rumSect, SHA256: ita, MD5: vitaed, Status: exeaco, Cylance Score: 51.523000, Found Date: mven, File Type: olorsit, Is Running: tore, Auto Run: elits, Detected By: consequa, Zone Names: turadip, Is Malware: tatevel, Is Unique To Cylance: boreetdo, Threat Classification: undeom", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017-11-16T6:08:15.uov itlab6956.mail.local CylancePROTECT loremqu tetur amvo Event Type: siuta, Event Name: threat_changed, Device Name: ommodo, Agent Version: uptat, IP Address: (10.105.46.101, tatione), MAC Address: (01:00:5e:de:32:2c, ori), Logged On Users: (tconsect), OS: rum", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017-12-1T1:10:49.ugiatn midestl1919.host CylancePROTECT cingel modocon [ipsu] Event Type: ntNeq, Event Name: Device Policy Assigned, Device Name: aUt, Agent Version: boNem, IP Address: (10.124.88.222), MAC Address: (01:00:5e:f9:78:c2), Logged On Users: (onu), OS: liquaUte", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ria 2017-12-15T8:13:24.atDu nsec923.internal.local CylancePROTECT agnaaliq tlaboree norumet Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: mod, IP Address: (10.28.120.149), Action: deny, Process ID: 3916, Process Name: tinvolup.exe, User Name: tsed, Violation Type: inv, Zone Names: rroq", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017-12-29T3:15:58.mipsamvo eiusmod3517.internal.invalid CylancePROTECT oreveri ehende [eaqueip] Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: olup; SHA256: labor, User: )dol (sciun metcons", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "12-January-2018 22:18:32 high asnu3806.api.lan tamet \u003c\u003cperspici\u003eationul 2018/01/12T22:18:32.mquisn queips4947.mail.example CylancePROTECT molestia quir eavolup Event Type: AppControl, Event Name: Registration, Device Name: labore, IP Address: (10.165.16.231), Action: accept, Action Type: uto, File Path: iuntNequ, SHA256: esseq, Zone Names: aincidun", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "27-January-2018 05:21:06 low oloreseo5039.test derit \u003c\u003corese\u003edolor 2018-1-27T5:21:06.econs ntexpl3889.www.home CylancePROTECT yCic nder [mdolore] Event Type: Cic, Event Name: DeviceRemove, Device Name: saqu, Agent Version: iscive, IP Address: (10.156.34.19), MAC Address: (01:00:5e:54:ab:3f), Logged On Users: (imveni), OS: ariaturE Zone Names: stquid", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ree 2018-2-10T12:23:41.saquaea ation6657.www.home CylancePROTECT iatqu lorsi repreh Event Type: AuditLog, Event Name: Registration, Message: sitamet, User: utlabo tetur (tionula)", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "24-Feb-2018 7:26:15 very-high idolor3916.www5.home tas \u003c\u003cautfugi\u003etasun 24T19:26:15.duntutla ntium4450.www5.localdomain CylancePROTECT Event Name:DeviceRemove, Device Name:vol, Agent Version:oremquel, IP Address: (10.22.94.10), MAC Address: (01:00:5e:ee:e8:77), Logged On Users: (ssusci), OS:animid, Zone Names:mpo", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "llam 2018-3-11T2:28:49.cti aparia1179.www.localdomain CylancePROTECT rever ore offici Event Type: AuditLog, Event Name: DeviceEdit, Message: Devices: metco, User: acom ceroinB (nim)", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "25-March-2018 09:31:24 medium taliqui5348.mail.localdomain loremag \u003c\u003ctcu\u003eiatqu 2018-3-25T9:31:24.inBCSedu erspi5757.local CylancePROTECT suntex iacons [occaec] Event Type: DeviceControl, Event Name: LoginSuccess, Device Name: uov, External Device Type: quaeab, External Device Vendor ID: fici, External Device Name: imve, External Device Product ID: quide, External Device Serial Number: quaU, Zone Names: undeomni", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "liquid 2018-4-8T4:33:58.enim Finibus1411.www5.corp CylancePROTECT xea taed umdolo Event Type: AuditLog, Event Name: fullaccess, Message: Policy Assigned:rroqu; Devices: dquiaco , User: nibus vitaed (ser)", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 22 11:36:32 upt7879.www5.example CylancePROTECT Event Type:idolo, Event Name:threat_found, Device Message: Device: edolo; Zones Removed: ugiatquo; Zones Added: ntium, User: uptate lloinven (econs), Zone Names:lmolesti Device Id: apariatu", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 2018/05/07 06:39:06 erspi4926.www5.test CylancePROTECT Event Type: AppControl, incidid quin [autemv] Event Type: AppControl, Event Name: PolicyAdd, Device Name: fugits, IP Address: (10.153.34.43), Action: allow, Action Type: acommo, File Path: isi, SHA256: culpaq, Zone Names: saute", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018-5-21T1:41:41.abor magnid3343.home CylancePROTECT tesseq niam [pernat] Event Type: DeviceControl, Event Name: threat_found, Device Name: gitse, External Device Type: ugitse, External Device Vendor ID: quiineav, External Device Name: billoinv, External Device Product ID: sci, External Device Serial Number: col, Zone Names: obea", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "4-Jun-2018 8:44:15 high uptatem4483.localhost inrepr \u003c\u003cmol\u003eumdolors 4T20:44:15.dolori asperna7623.www.home CylancePROTECT Event Name:ThreatUpdated, Message: Device:dexewas auto assigned to Zone:tat, User:onproide", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "riosa 2018-6-19T3:46:49.tNe pisc3553.internal.home CylancePROTECT rautod olest eataev Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: ritati, IP Address: (10.43.110.203), Action: allow, Process ID: 1359, Process Name: nim.exe, User Name: ame, Violation Type: amvolu, Zone Names: mip", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "3-July-2018 10:49:23 medium iame4937.local tiumd \u003c\u003cntmoll\u003emexer 2018/07/03T10:49:23.estla uipexe7153.api.corp CylancePROTECT saqu remips illoi Event Type: AppControl, Event Name: ZoneAdd, Device Name: abori, IP Address: (10.127.20.244), Action: block, Action Type: uelauda, File Path: ema, SHA256: odi, Zone Names: ptatems", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "nde 2018-7-17T5:51:58.abillo undeom845.www5.example CylancePROTECT quaer eetdo [tlab] Event Type: ScriptControl, Event Name: LoginSuccess, Device Name: liq, File Path: seddoeiu, Interpreter: nse, Interpreter Version: 1.3421, Zone Names: quira, User Name: tassita", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 1 12:54:32 atis6201.internal.invalid CylancePROTECT Event Type:nisiut, Event Name:threat_changed, Message: Device:quirawas auto assigned to Zone:rror, User:tatema", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "15-August-2018 07:57:06 low tperspic7591.www.lan ict \u003c\u003csquirati\u003etem 2018-8-15T7:57:06.mestq ura675.mail.localdomain CylancePROTECT eleumiu uei Nequepo Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: seddo, External Device Type: uam, External Device Vendor ID: orumSec, External Device Name: nisiuta, External Device Product ID: stiaecon, External Device Serial Number: dol, Zone Names: sumquiad", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "29-August-2018 14:59:40 high oeni179.api.localhost gna \u003c\u003cisiutali\u003elumqu 2018-8-29T2:59:40.onulamco ons5050.mail.test CylancePROTECT unt tass [tiumdol] Event Type: Threat, Event Name: threat_quarantined, Device Name: mquiad, IP Address: (10.48.209.115), File Name: psa, Path: nculpaq, Drive Type: reseosqu, SHA256: sequat, MD5: lor, Status: ccaec, Cylance Score: 75.498000, Found Date: ommo, File Type: iame, Is Running: laudanti, Auto Run: umiurer, Detected By: rere, Zone Names: cta, Is Malware: aevi, Is Unique To Cylance: uameiusm, Threat Classification: adm", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "12-September-2018 22:02:15 medium mnihilm1903.internal.host ditautf \u003c\u003citametc\u003eori 2018-9-12T10:02:15.uamqu olori4584.mail.domain CylancePROTECT sunt autfugit emUte Event Type: AuditLog, Event Name: ThreatUpdated, Message: Zone: nturmag; Policy: tura; Value: osquirat, User: equat aliquid (usantiu)", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "27-Sep-2018 5:04:49 very-high trudex4443.www5.localhost lor \u003c\u003cxplic\u003eeseruntm 27T05:04:49.lpaquiof oloreeu7597.mail.home CylancePROTECT Event Name:PolicyAdd, Device Name:nula, Agent Version:quiacons, IP Address: (10.7.99.47), MAC Address: (01:00:5e:e8:41:ae), Logged On Users: (evolupta), OS:teturadi, Zone Names:ditau", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "hend 2018-10-11T12:07:23.eacommo ueip5847.api.test CylancePROTECT umd sciveli [dolorem] Event Type: sed, Event Name: Device Updated, Threat Class: Nemoenim, Threat Subclass: usm, SHA256: labori, MD5: porai", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ostr 2018-10-25T7:09:57.sec uid3520.www.home CylancePROTECT eFini ectob [mrema] Event Type: ScriptControl, Event Name: SystemSecurity, Device Name: prehend, File Path: eufug, Interpreter: roquisq, Interpreter Version: 1.989 (est), Zone Names: civelits, User Name: ici", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 9 2:12:32 miurerep3693.mail.localhost CylancePROTECT Event Type:iduntu, Event Name:SyslogSettingsSave, Device Name:inibusB, Zone Names:nostrud", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 23 9:15:06 esse3795.www.host CylancePROTECT Event Type:pariatur, Event Name:SyslogSettingsSave, Message: The Device:imaveniawas auto assigned to Zone:expli, User:ugiat", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "bore 2018-12-7T4:17:40.ptate teir7585.www5.localdomain CylancePROTECT quu xeac [llitanim] Event Type: AuditLog, Event Name: SystemSecurity, Message: Devices: oreverit, User: scip Finibus (Utenimad)", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Dec 21 11:20:14 hen1901.example CylancePROTECT Event Type:ali, Event Name:SyslogSettingsSave, Device Name:quunt, External Device Type:itasp, External Device Vendor ID:qui, External Device Name:equeporr, External Device Product ID:met, External Device Serial Number:volup, Zone Names:ptate, Device Id: entsu, Policy Name: conse", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jan 5 6:22:49 mag4267.www.test CylancePROTECT Event Type:atura, Event Name:Alert, Device Message: Device: oreeu User: ),nvo (iamqui tassita Zone Names: colabori Device Id: imidestl", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019-1-19T1:25:23.minimve serrorsi1096.www5.localdomain CylancePROTECT lamco cit [siar] Event Type: AuditLog, Event Name: ZoneAddDevice, Message: The Device: reetdo was auto assigned to the Zone: IP Address: Fake Devices, User: ()ever", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "quiav 2019-2-2T8:27:57.mse prehen4807.mail.invalid CylancePROTECT liqua ariatur [labo] Event Type: DeviceControl, Event Name: SystemSecurity, Device Name: remq, External Device Type: unt, External Device Vendor ID: tla, External Device Name: arch, External Device Product ID: lite, External Device Serial Number: ugia, Zone Names: meum", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Feb 17 3:30:32 nvolupta126.www.domain CylancePROTECT Event Type:quas, Event Name:threat_found, Device Name:orp, File Path:ender, Interpreter:dico, Interpreter Version:1.5848, Zone Names:Utenima, User Name: olore", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "3-March-2019 10:33:06 medium radip4253.www.corp gna \u003c\u003cici\u003equamnih 2019-3-3T10:33:06.asnulap yCiceroi5998.mail.home CylancePROTECT inc tect uiad Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: roinBCSe, External Device Type: maperiam, External Device Vendor ID: mSec, External Device Name: smoditem, External Device Product ID: tatisetq, External Device Serial Number: uidolo, Zone Names: umdolore", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019-3-17T5:35:40.abori sit1400.www.lan CylancePROTECT ames amni [tatio] Event Type: AuditLog, Event Name: ZoneAdd, Message: Zone: ntsunti; Policy: borios; Value: ani, User: uid idatat (onev)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "iosamni 2019-4-1T12:38:14.idu sis3986.internal.lan CylancePROTECT tsedquia its umdolor Event Type: isiu, Event Name: Device Policy Assigned, Device Name: mmodi, Agent Version: snostr, IP Address: (10.232.90.3), MAC Address: (01:00:5e:e6:a6:a2), Logged On Users: (midestl), OS: nci", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "hilmole 2019-4-15T7:40:49.sequ sectetu7182.localdomain CylancePROTECT dolor lorumwri [amnihil] Event Type: orissus, Event Name: Device Updated, uido", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019-4-29T2:43:23.itse officiad4982.www5.domain CylancePROTECT lumqui quiavolu [upta] Event Type: AuditLog, Event Name: ZoneAdd, Message: Device: umtota; User: etdolore magnaa (sumquiad)", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019-5-13T9:45:57.Duisa consequa1486.internal.localdomain CylancePROTECT aevitaed byCic [leumiur] Event Type: ptatemse, Event Name: pechange, Threat Class: quaeratv, Threat Subclass: involu, SHA256: tobeata, MD5: nesciun", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "onorumet 2019-5-28T4:48:31.ptatema eavolup6981.www5.example CylancePROTECT psaquaea rchit psumq Event Type: DeviceControl, Event Name: threat_changed, Device Name: lum, External Device Type: xerc, External Device Vendor ID: ctetura, External Device Name: msequ, External Device Product ID: nvol, External Device Serial Number: enimadmi, Zone Names: tateveli", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019-6-11T11:51:06.oremip its6443.mail.example CylancePROTECT natuserr ostrudex [nse] Event Type: miurere, Event Name: fullaccess, Device Name: tlabo, Agent Version: tatemse, IP Address: (10.139.80.71), MAC Address: (01:00:5e:bc:c1:21), Logged On Users: (orem), OS: eniamqui", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "25-June-2019 18:53:40 high tnulapa7580.www.domain adeser \u003c\u003cuasiarc\u003edoeiu 2019-6-25T6:53:40.onsectet dentsunt6061.www5.home CylancePROTECT tobeata imven onnumqua Event Type: quioff, Event Name: SyslogSettingsSave, Device Names: (upt), Policy Name: atatnonp, User: nvol dtemp (mquis)", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10-July-2019 01:56:14 medium midest133.www5.example tocca \u003c\u003corsitvol\u003entor 2019-7-10T1:56:14.oinBCSed oid218.api.invalid CylancePROTECT roquisqu ariat midestl Event Type: AuditLog, Event Name: SyslogSettingsSave, Message: mcorpori, User: mqu pteursi (orsitam)", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "totamre 2019-7-24T8:58:48.rpo velites4233.internal.home CylancePROTECT uisaute uun end Event Type: odocons, Event Name: Alert, Threat Class: asp, Threat Subclass: dexercit, SHA256: amn, MD5: itessequ", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "7-August-2019 16:01:23 low sumd3215.test aUtenima \u003c\u003cturQuis\u003etaevi 2019-8-7T4:01:23.uames tconsec7604.corp CylancePROTECT laboree udantiu [itametco] Event Type: Threat, Event Name: Alert, Device Name: stiaecon, IP Address: (10.223.246.244), File Name: itl, Path: ttenb, Drive Type: olor, SHA256: quiav, MD5: gna, Status: Nem, Cylance Score: 105.845000, Found Date: lors, File Type: oluptat, Is Running: enimad, Auto Run: tis, Detected By: qua, Zone Names: con, Is Malware: tore, Is Unique To Cylance: sequatD, Threat Classification: ercitati", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "21-Aug-2019 11:03:57 high oeiusmo5035.api.local tconse \u003c\u003crem\u003etseddoei 21T23:03:57.teursint etMa3452.www5.test CylancePROTECT Event Name:threat_found, Device Name:nturmag, File Path:uredol, Interpreter:maliqua, Interpreter Version:1.4613, Zone Names:mquia, User Name: omnisi, Device Id: etMalor, Policy Name: mco", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "5-September-2019 06:06:31 high taspe1205.mail.domain cti \u003c\u003commodoc\u003ense 2019-9-5T6:06:31.mveniam tuser2694.internal.invalid CylancePROTECT tlaboru aeabillo [ciad] Event Type: ugiatqu, Event Name: threat_found, Device Names: (turveli), Policy Name: isciv, User: natus boreet (luptasnu)", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "edqu 2019-9-19T1:09:05.tationu gnaaliq5240.api.test CylancePROTECT nula ameaquei [gnama] Event Type: esciun, Event Name: pechange, Threat Class: ratvo, Threat Subclass: ntutl, SHA256: volupt, MD5: ine", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "3-Oct-2019 8:11:40 low ditaut33.mail.localhost iumdo \u003c\u003coreeu\u003emea 3T20:11:40.ssec illum2625.test CylancePROTECT Event Name:LoginSuccess, Threat Class:iaeconse, Threat Subclass:uisa, SHA256:nimadmin, MD5:tdolo", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "18-October-2019 03:14:14 high porissus1225.www5.corp ddoe \u003c\u003cuptateve\u003eured 2019-10-18T3:14:14.ctetu oreeu6419.www.corp CylancePROTECT cul iinea snos Event Type: AuditLog, Event Name: PolicyAdd, Message: Device: moenimip; User: uames tium (ianonn)", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019-11-1T10:16:48.tiset sci333.mail.home CylancePROTECT doloreeu lors eumfu Event Type: docons, Event Name: PolicyAdd, Device Names: (eumf), Policy Name: roquisq, User: uasi maveniam (uis)", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "imi 2019-11-15T5:19:22.animi edutpers6452.api.host CylancePROTECT ntiumt sumquia vento Event Type: sitv, Event Name: LoginSuccess, Threat Class: com, Threat Subclass: rep, SHA256: mveni, MD5: aquae", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "30-November-2019 00:21:57 low iaturE3103.api.domain aturve \u003c\u003cptateve\u003eiatu 2019/11/30T00:21:57.use nulamc5617.mail.host CylancePROTECT teturad ese [eddoei] Event Type: AppControl, Event Name: SystemSecurity, Device Name: ntu, IP Address: (10.134.137.205), Action: deny, Action Type: duntut, File Path: emporin, SHA256: oreseosq, Zone Names: etquasia", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019-12-14T7:24:31.cinge tatem4713.internal.host CylancePROTECT elites pariat [nimip] Event Type: AuditLog, Event Name: threat_found, Message: Zone: usci; Policy: unturmag; Value: dexeaco, User: lupta ura (oreeufug)", "tags": [ diff --git a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json index 201c1d97cff..ae960fcc382 100644 --- a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json +++ b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json @@ -15,7 +15,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml b/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml index 451e19a92d7..051f3d42f78 100644 --- a/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for CylanceProtect processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - gsub: field: host.mac ignore_missing: true diff --git a/packages/cylance/data_stream/protect/sample_event.json b/packages/cylance/data_stream/protect/sample_event.json index 770512969e9..e22298905db 100644 --- a/packages/cylance/data_stream/protect/sample_event.json +++ b/packages/cylance/data_stream/protect/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/cylance/manifest.yml b/packages/cylance/manifest.yml index ecc403f9e80..3c741892323 100644 --- a/packages/cylance/manifest.yml +++ b/packages/cylance/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cylance title: CylanceProtect Logs -version: "0.8.1" +version: "0.9.0" description: Collect logs from CylanceProtect devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/f5/_dev/build/build.yml b/packages/f5/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/f5/_dev/build/build.yml +++ b/packages/f5/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/f5/changelog.yml b/packages/f5/changelog.yml index 285606778d7..e69e707caf3 100644 --- a/packages/f5/changelog.yml +++ b/packages/f5/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.10.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.9.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json b/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json index 61615bfc9cb..94a085f5c10 100644 --- a/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "iusm modtempo olab6078.home olaboris tur itv [F5@odoco acl_policy_name=ria acl_policy_type=min acl_rule_name=ite action=Closed hostname=tatemac3541.api.corp bigip_mgmt_ip=10.228.193.207 context_name=liqua context_type=ciade date_time=Jan 29 2016 06:09:59 dest_ip=10.125.114.51 dst_geo=umq dest_port=2288 device_product=pexe device_vendor=nes device_version=1.2262 drop_reason=reveri errdefs_msgno=boNemoe errdefs_msg_name=equepor flow_id=eni ip_protocol=ipv6 severity=low partition_name=ehend route_domain=ritquiin sa_translation_pool=umqui sa_translation_type=reeufugi source_ip=10.208.121.85 src_geo=sperna source_port=884 source_user=billoi translated_dest_ip=10.165.201.71 translated_dest_port=6153 translated_ip_protocol=tatemU translated_route_domain=deF translated_source_ip=10.11.196.142 translated_source_port=5222 translated_vlan=iatnu vlan=3810", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eporr quipexe alo4540.example umdo itessequ vol [F5@luptat acl_policy_name=isiutal acl_policy_type=moenimi acl_rule_name=mod action=Established hostname=enatus2114.mail.home bigip_mgmt_ip=10.51.132.10 context_name=utper context_type=squame date_time=Feb 12 2016 13:12:33 dest_ip=10.173.116.41 dst_geo=iin dest_port=6287 device_product=emape device_vendor=aer device_version=1.445 drop_reason=nse errdefs_msgno=eumiu errdefs_msg_name=uame flow_id=quis ip_protocol=tcp severity=medium partition_name=cca route_domain=dolo sa_translation_pool=meumfug sa_translation_type=tetu source_ip=10.162.9.235 src_geo=tionulam source_port=2548 source_user=byC translated_dest_ip=10.94.67.230 translated_dest_port=783 translated_ip_protocol=atio translated_route_domain=uipexea translated_source_ip=10.92.202.200 translated_source_port=6772 translated_vlan=eFini vlan=859", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "exe iatu ionofde2424.api.invalid rsitam ommodic mipsu [F5@consec acl_policy_name=taliquip acl_policy_type=psumq acl_rule_name=atcup action=Reject hostname=gelit6728.api.invalid bigip_mgmt_ip=10.122.116.161 context_name=uam context_type=untutl date_time=Feb 26 2016 20:15:08 dest_ip=10.40.68.117 dst_geo=uptassi dest_port=3179 device_product=scivel device_vendor=aqui device_version=1.4726 drop_reason=iveli errdefs_msgno=llumd errdefs_msg_name=enatuse flow_id=magn ip_protocol=icmp severity=low partition_name=eos route_domain=enimad sa_translation_pool=rmagni sa_translation_type=sit source_ip=10.209.155.149 src_geo=tenima source_port=1073 source_user=seq translated_dest_ip=10.82.56.117 translated_dest_port=2935 translated_ip_protocol=veleumi translated_route_domain=tia translated_source_ip=10.191.68.244 translated_source_port=6905 translated_vlan=veri vlan=5990", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "siutaliq exercit tempor4496.www.localdomain eip lupta iusmodt [F5@doloreeu acl_policy_name=pori acl_policy_type=occ acl_rule_name=ect action=Accept hostname=uid545.www5.localhost bigip_mgmt_ip=10.12.44.169 context_name=autfu context_type=natura date_time=Mar 12 2016 03:17:42 dest_ip=10.163.217.10 dst_geo=untNequ dest_port=5075 device_product=nimadmin device_vendor=erep device_version=1.2696 drop_reason=temq errdefs_msgno=ugiatqu errdefs_msg_name=eacomm flow_id=Utenimad ip_protocol=igmp severity=high partition_name=ehend route_domain=ueipsaqu sa_translation_pool=uidolore sa_translation_type=niamqu source_ip=10.202.66.28 src_geo=tevelit source_port=5098 source_user=elits translated_dest_ip=10.131.233.27 translated_dest_port=5037 translated_ip_protocol=ari translated_route_domain=eataevit translated_source_ip=10.50.112.141 translated_source_port=7303 translated_vlan=dmi vlan=499", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "mquisnos loremagn iciade3433.example enimad incididu eci [F5@aali acl_policy_name=ametcons acl_policy_type=porainc acl_rule_name=amquisno action=Established hostname=emquiavo452.internal.localhost bigip_mgmt_ip=10.151.111.38 context_name=tvol context_type=moll date_time=Mar 26 2016 10:20:16 dest_ip=10.228.149.225 dst_geo=ema dest_port=5969 device_product=tquovol device_vendor=ntsuntin device_version=1.3341 drop_reason=tatno errdefs_msgno=imav errdefs_msg_name=ididu flow_id=ciunt ip_protocol=ipv6-icmp severity=very-high partition_name=emqu route_domain=lit sa_translation_pool=iam sa_translation_type=qua source_ip=10.159.182.171 src_geo=umdolore source_port=6680 source_user=mol translated_dest_ip=10.96.35.212 translated_dest_port=3982 translated_ip_protocol=rumet translated_route_domain=oll translated_source_ip=10.206.197.113 translated_source_port=4075 translated_vlan=temUten vlan=4125", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "iqu ollit usan6343.www5.domain olo uaera sitas [F5@ehenderi acl_policy_name=pidatat acl_policy_type=gni acl_rule_name=tquiinea action=Drop hostname=sun1403.www.invalid bigip_mgmt_ip=10.126.177.162 context_name=eriame context_type=lorema date_time=Apr 09 2016 17:22:51 dest_ip=10.213.82.64 dst_geo=rnatura dest_port=3007 device_product=ddoeiu device_vendor=enb device_version=1.6179 drop_reason=onse errdefs_msgno=liq errdefs_msg_name=metcon flow_id=smo ip_protocol=igmp severity=medium partition_name=emporinc route_domain=untutlab sa_translation_pool=tem sa_translation_type=ons source_ip=10.213.113.28 src_geo=ali source_port=6446 source_user=ist translated_dest_ip=10.169.144.147 translated_dest_port=2399 translated_ip_protocol=nibus translated_route_domain=edquiano translated_source_ip=10.89.163.114 translated_source_port=5166 translated_vlan=par vlan=686", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "rveli rsint omm4276.www.example onofd taed lup [F5@remeumf acl_policy_name=antiumto acl_policy_type=strude acl_rule_name=ctetura action=Closed hostname=ittenbyC7838.api.localdomain bigip_mgmt_ip=10.18.124.28 context_name=ido context_type=paqu date_time=Apr 24 2016 00:25:25 dest_ip=10.158.194.3 dst_geo=qua dest_port=2945 device_product=quip device_vendor=oin device_version=1.6316 drop_reason=elaudant errdefs_msgno=tinvol errdefs_msg_name=dolore flow_id=abor ip_protocol=udp severity=medium partition_name=etc route_domain=etM sa_translation_pool=nimadmin sa_translation_type=ditautfu source_ip=10.146.88.52 src_geo=entsu source_port=5364 source_user=rudexerc translated_dest_ip=10.101.223.43 translated_dest_port=6494 translated_ip_protocol=quam translated_route_domain=adm translated_source_ip=10.103.107.47 translated_source_port=6094 translated_vlan=Nemoen vlan=2827", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "icab mwr fugi4637.www.lan imadmini ntutla equa [F5@mexercit acl_policy_name=dtem acl_policy_type=tasuntex acl_rule_name=sunt action=Reject hostname=ume465.corp bigip_mgmt_ip=10.189.109.245 context_name=emaperi context_type=tame date_time=May 08 2016 07:27:59 dest_ip=10.83.234.60 dst_geo=ivelits dest_port=712 device_product=iusmodt device_vendor=etdolo device_version=1.3768 drop_reason=lorumw errdefs_msgno=ommod errdefs_msg_name=sequatur flow_id=uidolo ip_protocol=ipv6-icmp severity=high partition_name=nihi route_domain=Lor sa_translation_pool=itecto sa_translation_type=erc source_ip=10.69.57.206 src_geo=olupt source_port=5979 source_user=onse translated_dest_ip=10.110.99.17 translated_dest_port=6888 translated_ip_protocol=ostrume translated_route_domain=molest translated_source_ip=10.150.220.75 translated_source_port=1298 translated_vlan=tisetq vlan=5372", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ici giatquov eritquii3561.www.example taut oreseos uames [F5@tati acl_policy_name=utaliqu acl_policy_type=oriosamn acl_rule_name=deFinibu action=Drop hostname=iciatisu1463.www5.localdomain bigip_mgmt_ip=10.153.136.222 context_name=tem context_type=est date_time=May 22 2016 14:30:33 dest_ip=10.176.205.96 dst_geo=nidolo dest_port=3409 device_product=taliq device_vendor=intoccae device_version=1.2299 drop_reason=dolo errdefs_msgno=Loremip errdefs_msg_name=idolor flow_id=emeumfu ip_protocol=ipv6-icmp severity=very-high partition_name=lupt route_domain=psaquae sa_translation_pool=oinBCSe sa_translation_type=mnisist source_ip=10.199.34.241 src_geo=amvolup source_port=7700 source_user=temveleu translated_dest_ip=10.19.194.101 translated_dest_port=3605 translated_ip_protocol=numqu translated_route_domain=qui translated_source_ip=10.121.219.204 translated_source_port=3496 translated_vlan=utali vlan=3611", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reetd lumqui itinvo7084.mail.corp equep iavolu den [F5@tutla acl_policy_name=olorema acl_policy_type=iades acl_rule_name=siarchi action=Reject hostname=aliqu6801.api.localdomain bigip_mgmt_ip=10.46.27.57 context_name=ihilm context_type=atDu date_time=Jun 05 2016 21:33:08 dest_ip=10.128.232.208 dst_geo=usmodt dest_port=1837 device_product=run device_vendor=mque device_version=1.4138 drop_reason=quirat errdefs_msgno=llu errdefs_msg_name=licab flow_id=eirure ip_protocol=rdp severity=medium partition_name=oidentsu route_domain=atiset sa_translation_pool=atu sa_translation_type=umexerci source_ip=10.64.141.105 src_geo=iadese source_port=2374 source_user=ice translated_dest_ip=10.57.103.192 translated_dest_port=2716 translated_ip_protocol=oei translated_route_domain=tlabori translated_source_ip=10.182.199.231 translated_source_port=1426 translated_vlan=data vlan=4478", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "nnum eritqu uradip7152.www5.home luptasn hitect dol [F5@leumiu acl_policy_name=namali acl_policy_type=taevit acl_rule_name=rinrepre action=Closed hostname=itame189.domain bigip_mgmt_ip=10.32.67.231 context_name=estia context_type=eaq date_time=Jun 20 2016 04:35:42 dest_ip=10.66.80.221 dst_geo=serunt dest_port=7865 device_product=texp device_vendor=tMalor device_version=1.7410 drop_reason=emoe errdefs_msgno=eaq errdefs_msg_name=amest flow_id=corp ip_protocol=tcp severity=low partition_name=rehender route_domain=iae sa_translation_pool=dantiumt sa_translation_type=luptasn source_ip=10.164.6.207 src_geo=olestiae source_port=5485 source_user=pic translated_dest_ip=10.160.210.31 translated_dest_port=7741 translated_ip_protocol=duntut translated_route_domain=magni translated_source_ip=10.3.134.237 translated_source_port=3156 translated_vlan=radipisc vlan=7020", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "fficiade uscipit vitaedi1318.corp temqu edol colab [F5@ommodico acl_policy_name=quatD acl_policy_type=mcolab acl_rule_name=neav action=Established hostname=tsedqu2456.www5.invalid bigip_mgmt_ip=10.182.178.217 context_name=tlab context_type=volupt date_time=Jul 04 2016 11:38:16 dest_ip=10.188.169.107 dst_geo=beata dest_port=6448 device_product=fdeFi device_vendor=texp device_version=1.3545 drop_reason=etdol errdefs_msgno=uela errdefs_msg_name=boN flow_id=eprehend ip_protocol=tcp severity=medium partition_name=aboN route_domain=ihilmo sa_translation_pool=radi sa_translation_type=gel source_ip=10.235.101.253 src_geo=veniam source_port=2400 source_user=giatnu translated_dest_ip=10.42.138.192 translated_dest_port=3403 translated_ip_protocol=quioffi translated_route_domain=uptate translated_source_ip=10.201.6.10 translated_source_port=6608 translated_vlan=sequa vlan=2851", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ate aliquam nimid893.mail.corp umwr oluptate issus [F5@osamn acl_policy_name=isnisiu acl_policy_type=bore acl_rule_name=tsu action=Closed hostname=stlabo1228.mail.host bigip_mgmt_ip=10.151.161.70 context_name=edo context_type=asia date_time=Jul 18 2016 18:40:50 dest_ip=10.108.167.93 dst_geo=enderit dest_port=5858 device_product=essecil device_vendor=citation device_version=1.3795 drop_reason=eco errdefs_msgno=Utenimad errdefs_msg_name=orpor flow_id=tlabo ip_protocol=rdp severity=low partition_name=emvel route_domain=tmollita sa_translation_pool=fde sa_translation_type=nsecte source_ip=10.22.102.198 src_geo=eroi source_port=176 source_user=nse translated_dest_ip=10.194.247.171 translated_dest_port=4940 translated_ip_protocol=mquisnos translated_route_domain=maven translated_source_ip=10.86.101.235 translated_source_port=3266 translated_vlan=lapar vlan=1024", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tfu udan orema6040.api.corp mveleu nofdeFin sequam [F5@temvel acl_policy_name=ris acl_policy_type=nisi acl_rule_name=dant action=Reject hostname=ecte4762.local bigip_mgmt_ip=10.204.35.15 context_name=quidolor context_type=tessec date_time=Aug 02 2016 01:43:25 dest_ip=10.135.160.125 dst_geo=mve dest_port=513 device_product=itatio device_vendor=uta device_version=1.4901 drop_reason=sintoc errdefs_msgno=volupt errdefs_msg_name=siste flow_id=uiinea ip_protocol=icmp severity=low partition_name=volupta route_domain=rcitati sa_translation_pool=eni sa_translation_type=ionevo source_ip=10.174.252.105 src_geo=sperna source_port=5368 source_user=mnisi translated_dest_ip=10.107.168.60 translated_dest_port=2227 translated_ip_protocol=oinBC translated_route_domain=quameius translated_source_ip=10.167.172.155 translated_source_port=3544 translated_vlan=etdo vlan=706", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ese isaute ptatemq95.api.host Nequepo ipsumd ntocc [F5@uteirure acl_policy_name=nevo acl_policy_type=ide acl_rule_name=aali action=Drop hostname=smo7167.www.test bigip_mgmt_ip=10.214.249.164 context_name=tco context_type=uae date_time=Aug 16 2016 08:45:59 dest_ip=10.187.20.98 dst_geo=quinesc dest_port=6218 device_product=santiumd device_vendor=turadip device_version=1.3427 drop_reason=niamqui errdefs_msgno=orem errdefs_msg_name=sno flow_id=atno ip_protocol=ipv6-icmp severity=high partition_name=volu route_domain=nonn sa_translation_pool=inventor sa_translation_type=quiavol source_ip=10.99.249.210 src_geo=iatisu source_port=6684 source_user=upta translated_dest_ip=10.182.191.174 translated_dest_port=1759 translated_ip_protocol=adm translated_route_domain=leumiur translated_source_ip=10.81.26.208 translated_source_port=7651 translated_vlan=isc vlan=5933", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tobea tor qui4499.api.local fugiatn docon etconsec [F5@ios acl_policy_name=evolu acl_policy_type=ersp acl_rule_name=tquov action=Drop hostname=sauteiru4554.api.domain bigip_mgmt_ip=10.220.5.143 context_name=com context_type=tnulapa date_time=Aug 30 2016 15:48:33 dest_ip=10.108.85.148 dst_geo=eriti dest_port=2201 device_product=norum device_vendor=madmi device_version=1.1766 drop_reason=sequatu errdefs_msgno=quameius errdefs_msg_name=nisiuta flow_id=roid ip_protocol=icmp severity=very-high partition_name=eprehen route_domain=entor sa_translation_pool=xeacomm sa_translation_type=nihil source_ip=10.101.226.128 src_geo=rsitv source_port=3087 source_user=porro translated_dest_ip=10.88.101.53 translated_dest_port=2458 translated_ip_protocol=tatemUt translated_route_domain=modtemp translated_source_ip=10.201.238.90 translated_source_port=2715 translated_vlan=remag vlan=3759", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ccaecat tquiin tse4198.www.localdomain ptasn taedicta itam [F5@str acl_policy_name=idolore acl_policy_type=pid acl_rule_name=illoin action=Reject hostname=untut4046.internal.domain bigip_mgmt_ip=10.217.150.196 context_name=uine context_type=udant date_time=Sep 13 2016 22:51:07 dest_ip=10.183.59.41 dst_geo=untu dest_port=5676 device_product=ven device_vendor=con device_version=1.7491 drop_reason=amnih errdefs_msgno=ium errdefs_msg_name=esciuntN flow_id=idunt ip_protocol=udp severity=low partition_name=rQu route_domain=oremeu sa_translation_pool=laudant sa_translation_type=isnost source_ip=10.157.18.252 src_geo=itess source_port=52 source_user=evit translated_dest_ip=10.30.133.66 translated_dest_port=1921 translated_ip_protocol=velitse translated_route_domain=oditem translated_source_ip=10.243.218.215 translated_source_port=662 translated_vlan=rsitvolu vlan=3751", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "sumdolor meaqueip npr4414.api.localdomain boNem ess ipisci [F5@gitsed acl_policy_name=tqu acl_policy_type=reprehen acl_rule_name=trumexer action=Accept hostname=quid3147.mail.home bigip_mgmt_ip=10.66.181.6 context_name=epre context_type=tobeata date_time=Sep 28 2016 05:53:42 dest_ip=10.181.53.249 dst_geo=iduntu dest_port=1655 device_product=temUt device_vendor=avol device_version=1.752 drop_reason=essequam errdefs_msgno=acommo errdefs_msg_name=nturma flow_id=str ip_protocol=ipv6 severity=high partition_name=etur route_domain=itecto sa_translation_pool=reetdol sa_translation_type=totamre source_ip=10.148.161.250 src_geo=ciadeser source_port=6135 source_user=adipisc translated_dest_ip=10.181.133.187 translated_dest_port=1079 translated_ip_protocol=aquioffi translated_route_domain=tamet translated_source_ip=10.167.227.44 translated_source_port=6595 translated_vlan=eFi vlan=6733", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "its ender riamea1540.www.host seq tutlab sau [F5@atevelit acl_policy_name=meius acl_policy_type=billo acl_rule_name=labo action=Reject hostname=umdolo1029.mail.localhost bigip_mgmt_ip=10.54.17.32 context_name=orumSe context_type=ratv date_time=Oct 12 2016 12:56:16 dest_ip=10.119.81.180 dst_geo=psaquaea dest_port=1348 device_product=nts device_vendor=siut device_version=1.5663 drop_reason=ano errdefs_msgno=piscinge errdefs_msg_name=tvol flow_id=velitess ip_protocol=ipv6 severity=high partition_name=uunturm route_domain=temUte sa_translation_pool=sit sa_translation_type=olab source_ip=10.84.163.178 src_geo=ima source_port=2031 source_user=mquisno translated_dest_ip=10.107.9.163 translated_dest_port=5433 translated_ip_protocol=eacommod translated_route_domain=ctetura translated_source_ip=10.74.11.43 translated_source_port=55 translated_vlan=seosqui vlan=6797", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "uradi tot llamco7206.www.home oremagna ncididun umSe [F5@xeacomm acl_policy_name=cinge acl_policy_type=itla acl_rule_name=iamquis action=Accept hostname=lorsita2019.internal.home bigip_mgmt_ip=10.192.229.221 context_name=ect context_type=modocons date_time=Oct 26 2016 19:58:50 dest_ip=10.199.194.188 dst_geo=odoconse dest_port=228 device_product=quatu device_vendor=veli device_version=1.5726 drop_reason=nonp errdefs_msgno=labo errdefs_msg_name=ulapar flow_id=aboreetd ip_protocol=igmp severity=low partition_name=llitanim route_domain=invo sa_translation_pool=hit sa_translation_type=urv source_ip=10.112.32.213 src_geo=runtmol source_port=1749 source_user=odi translated_dest_ip=10.184.73.211 translated_dest_port=6540 translated_ip_protocol=esseci translated_route_domain=tametcon translated_source_ip=10.230.129.252 translated_source_port=3947 translated_vlan=isis vlan=4917", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "utlab emUteni rum959.host velillu cteturad bor [F5@rauto acl_policy_name=ationev acl_policy_type=umdolor acl_rule_name=uaUten action=Reject hostname=paquioff624.mail.invalid bigip_mgmt_ip=10.161.148.64 context_name=ibusBon context_type=ven date_time=Nov 10 2016 03:01:24 dest_ip=10.162.114.217 dst_geo=doloreme dest_port=60 device_product=onemulla device_vendor=evitaed device_version=1.1721 drop_reason=suntin errdefs_msgno=itse errdefs_msg_name=umexerc flow_id=oremipsu ip_protocol=ipv6-icmp severity=medium partition_name=amco route_domain=ssecillu sa_translation_pool=liqua sa_translation_type=olo source_ip=10.199.216.143 src_geo=fdeF source_port=593 source_user=ccaeca translated_dest_ip=10.198.213.189 translated_dest_port=5024 translated_ip_protocol=remagn translated_route_domain=mquae translated_source_ip=10.7.200.140 translated_source_port=3298 translated_vlan=olupt vlan=2189", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "edquiac urerepr eseru4234.mail.example qua rsita ate [F5@ipsamvo acl_policy_name=onula acl_policy_type=miu acl_rule_name=rationev action=Reject hostname=mex2054.mail.corp bigip_mgmt_ip=10.65.232.27 context_name=ica context_type=lillum date_time=Nov 24 2016 10:03:59 dest_ip=10.199.40.38 dst_geo=taedicta dest_port=3409 device_product=poriss device_vendor=tvolup device_version=1.1000 drop_reason=siu errdefs_msgno=snost errdefs_msg_name=tpersp flow_id=llamc ip_protocol=tcp severity=very-high partition_name=mvel route_domain=nof sa_translation_pool=usmodi sa_translation_type=mvolu source_ip=10.206.96.56 src_geo=aincidu source_port=2687 source_user=uaeab translated_dest_ip=10.128.157.27 translated_dest_port=1493 translated_ip_protocol=etdolor translated_route_domain=lupta translated_source_ip=10.22.187.69 translated_source_port=3590 translated_vlan=oremi vlan=1485", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "nbyCi tevel usc5760.www5.localdomain cab atisund xea [F5@ites acl_policy_name=isetq acl_policy_type=iutali acl_rule_name=velite action=Closed hostname=avolupt7576.api.corp bigip_mgmt_ip=10.194.210.62 context_name=porincid context_type=atisetqu date_time=Dec 08 2016 17:06:33 dest_ip=10.51.213.42 dst_geo=dipisci dest_port=3449 device_product=ilmol device_vendor=eri device_version=1.3104 drop_reason=ueipsa errdefs_msgno=tae errdefs_msg_name=autodit flow_id=elit ip_protocol=udp severity=high partition_name=plica route_domain=ore sa_translation_pool=quidolor sa_translation_type=inven source_ip=10.71.114.14 src_geo=itsedd source_port=3010 source_user=admin translated_dest_ip=10.68.253.120 translated_dest_port=481 translated_ip_protocol=est translated_route_domain=uptatemU translated_source_ip=10.183.130.225 translated_source_port=5693 translated_vlan=item vlan=2738", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dat periam dqu6144.api.localhost dutpers erun orisn [F5@reetd acl_policy_name=prehen acl_policy_type=ntutlabo acl_rule_name=iusmodte action=Established hostname=loi7596.www5.home bigip_mgmt_ip=10.31.177.226 context_name=deserun context_type=esseq date_time=Dec 23 2016 00:09:07 dest_ip=10.209.157.8 dst_geo=giatquov dest_port=1918 device_product=enderi device_vendor=ptatem device_version=1.341 drop_reason=fugi errdefs_msgno=labo errdefs_msg_name=nostrud flow_id=gnaal ip_protocol=ggp severity=medium partition_name=cupi route_domain=tame sa_translation_pool=atione sa_translation_type=lores source_ip=10.45.253.103 src_geo=uii source_port=5923 source_user=remagn translated_dest_ip=10.47.255.237 translated_dest_port=2311 translated_ip_protocol=uuntur translated_route_domain=enderit translated_source_ip=10.107.45.175 translated_source_port=4185 translated_vlan=rumSecti vlan=4593", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "atise tate onevo4326.internal.local isnost olorem ido [F5@emqu acl_policy_name=riss acl_policy_type=iquamqua acl_rule_name=sit action=Reject hostname=nsequat1971.internal.invalid bigip_mgmt_ip=10.225.212.189 context_name=mven context_type=olorsit date_time=Jan 06 2017 07:11:41 dest_ip=10.121.239.183 dst_geo=illu dest_port=4875 device_product=turadip device_vendor=tatevel device_version=1.1607 drop_reason=ptassita errdefs_msgno=its errdefs_msg_name=lore flow_id=idol ip_protocol=igmp severity=high partition_name=isn route_domain=sBono sa_translation_pool=loremqu sa_translation_type=tetur source_ip=10.213.94.135 src_geo=tMal source_port=2607 source_user=dquia translated_dest_ip=10.55.105.113 translated_dest_port=3214 translated_ip_protocol=tatione translated_route_domain=nimveni translated_source_ip=10.44.58.106 translated_source_port=1241 translated_vlan=quid vlan=4814", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eporroq ulla iqu4614.www5.example abore squ uiadol [F5@Duisa acl_policy_name=lupta acl_policy_type=aUt acl_rule_name=boNem action=Reject hostname=ectiono2241.lan bigip_mgmt_ip=10.2.114.9 context_name=rehende context_type=velillu date_time=Jan 20 2017 14:14:16 dest_ip=10.94.139.127 dst_geo=mUten dest_port=1812 device_product=quidolor device_vendor=oqu device_version=1.51 drop_reason=tlaboree errdefs_msgno=norumet errdefs_msg_name=dtempo flow_id=tin ip_protocol=tcp severity=high partition_name=imad route_domain=tinvolup sa_translation_pool=tsed sa_translation_type=inv source_ip=10.163.209.70 src_geo=atu source_port=4718 source_user=olabor translated_dest_ip=10.69.161.78 translated_dest_port=1282 translated_ip_protocol=iruredol translated_route_domain=incidid translated_source_ip=10.255.74.136 translated_source_port=5902 translated_vlan=eaqueips vlan=6396", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "volupta dmi untexpl2847.www5.local eiusmod emoe uiinea [F5@mnisiut acl_policy_name=avolu acl_policy_type=Except acl_rule_name=olup action=Closed hostname=umetMal1664.mail.lan bigip_mgmt_ip=10.46.115.216 context_name=equun context_type=sitvo date_time=Feb 03 2017 21:16:50 dest_ip=10.223.198.146 dst_geo=iciad dest_port=7874 device_product=mad device_vendor=onse device_version=1.380 drop_reason=mipsum errdefs_msgno=lmo errdefs_msg_name=aliquamq flow_id=dtempori ip_protocol=rdp severity=medium partition_name=voluptat route_domain=ugit sa_translation_pool=tatem sa_translation_type=metcons source_ip=10.252.102.110 src_geo=henderit source_port=7829 source_user=perspici translated_dest_ip=10.184.59.148 translated_dest_port=6933 translated_ip_protocol=queips translated_route_domain=midest translated_source_ip=10.12.129.137 translated_source_port=721 translated_vlan=orroqu vlan=472", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "labore uela ntexplic4824.internal.localhost dolorsit archite remq [F5@veniamq acl_policy_name=occ acl_policy_type=oloreseo acl_rule_name=iruredol action=Established hostname=derit5270.mail.local bigip_mgmt_ip=10.105.52.140 context_name=ntexpl context_type=dunt date_time=Feb 18 2017 04:19:24 dest_ip=10.20.55.199 dst_geo=nder dest_port=3238 device_product=itanim device_vendor=nesciun device_version=1.1729 drop_reason=mollita errdefs_msgno=tatem errdefs_msg_name=iae flow_id=quido ip_protocol=ipv6-icmp severity=very-high partition_name=inBC route_domain=mol sa_translation_pool=tur sa_translation_type=ictas source_ip=10.81.184.7 src_geo=saquaea source_port=6344 source_user=eetd translated_dest_ip=10.155.204.243 translated_dest_port=459 translated_ip_protocol=lorsi translated_route_domain=repreh translated_source_ip=10.199.194.79 translated_source_port=7713 translated_vlan=illumqui vlan=3414", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "amali ate idolor3916.www5.home tas autfugi tasun [F5@duntutla acl_policy_name=ntium acl_policy_type=iration acl_rule_name=umwritte action=Closed hostname=orisni5238.mail.lan bigip_mgmt_ip=10.177.238.45 context_name=iumt context_type=tsed date_time=Mar 04 2017 11:21:59 dest_ip=10.249.120.78 dst_geo=unte dest_port=893 device_product=ueipsa device_vendor=scipitl device_version=1.1453 drop_reason=aparia errdefs_msgno=tatnon errdefs_msg_name=leumiur flow_id=tetura ip_protocol=ggp severity=very-high partition_name=oluptat route_domain=metco sa_translation_pool=acom sa_translation_type=ceroinB source_ip=10.110.2.166 src_geo=exeacomm source_port=79 source_user=taliqui translated_dest_ip=10.18.226.72 translated_dest_port=5140 translated_ip_protocol=olupta translated_route_domain=tsuntinc translated_source_ip=10.251.231.142 translated_source_port=872 translated_vlan=urExcep vlan=102", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "suntex iacons occaec7487.corp quaeab fici imve [F5@quide acl_policy_name=quaU acl_policy_type=undeomni acl_rule_name=accusa action=Established hostname=iutali7297.www.domain bigip_mgmt_ip=10.190.122.27 context_name=mporainc context_type=xea date_time=Mar 18 2017 18:24:33 dest_ip=10.123.113.152 dst_geo=billo dest_port=2618 device_product=radipisc device_vendor=Cice device_version=1.6332 drop_reason=vitaed errdefs_msgno=ser errdefs_msg_name=etconsec flow_id=elillum ip_protocol=tcp severity=high partition_name=rnat route_domain=eprehend sa_translation_pool=rem sa_translation_type=edolo source_ip=10.99.202.229 src_geo=eosquira source_port=4392 source_user=lloinven translated_dest_ip=10.100.199.226 translated_dest_port=7617 translated_ip_protocol=apariatu translated_route_domain=lorsita translated_source_ip=10.192.98.247 translated_source_port=4308 translated_vlan=temaccu vlan=5302", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "uptassit ncidi tlabori4803.www5.local oconse mag tob [F5@dolores acl_policy_name=equamnih acl_policy_type=taliqui acl_rule_name=eiu action=Drop hostname=orumw5960.www5.home bigip_mgmt_ip=10.248.111.207 context_name=dolor context_type=tiumto date_time=Apr 02 2017 01:27:07 dest_ip=10.38.28.151 dst_geo=nrepreh dest_port=5251 device_product=equep device_vendor=ever device_version=1.6463 drop_reason=atq errdefs_msgno=erspi errdefs_msg_name=iqu flow_id=niamqu ip_protocol=rdp severity=medium partition_name=icab route_domain=sBonor sa_translation_pool=fugits sa_translation_type=mipsumqu source_ip=10.172.154.97 src_geo=admi source_port=7165 source_user=culpaq translated_dest_ip=10.162.97.197 translated_dest_port=4357 translated_ip_protocol=tcupida translated_route_domain=isa translated_source_ip=10.37.193.70 translated_source_port=170 translated_vlan=tesseq vlan=7693", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "pernat rerepre nculpaq3821.www5.invalid billoinv sci col [F5@obea acl_policy_name=emp acl_policy_type=agnaaliq acl_rule_name=est action=Reject hostname=oinv5493.internal.domain bigip_mgmt_ip=10.36.63.31 context_name=nisiu context_type=imad date_time=Apr 16 2017 08:29:41 dest_ip=10.30.101.79 dst_geo=itasp dest_port=4927 device_product=sitametc device_vendor=onsequa device_version=1.3912 drop_reason=ntmo errdefs_msgno=loreeu errdefs_msg_name=temse flow_id=aspernat ip_protocol=ipv6 severity=very-high partition_name=caecat route_domain=rautod sa_translation_pool=olest sa_translation_type=eataev source_ip=10.171.221.230 src_geo=edquia source_port=1977 source_user=otamr translated_dest_ip=10.222.165.250 translated_dest_port=2757 translated_ip_protocol=amvolu translated_route_domain=mip translated_source_ip=10.45.35.180 translated_source_port=653 translated_vlan=maccusa vlan=7248", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "nimad ataevita oremqu542.internal.localhost uteir boree isn [F5@ulla acl_policy_name=equatDu acl_policy_type=pta acl_rule_name=enbyCi action=Reject hostname=tnonproi195.api.home bigip_mgmt_ip=10.238.4.219 context_name=uide context_type=scivel date_time=Apr 30 2017 15:32:16 dest_ip=10.150.9.246 dst_geo=meumfugi dest_port=7010 device_product=emaperia device_vendor=Section device_version=1.4329 drop_reason=iame errdefs_msgno=orroquis errdefs_msg_name=aquio flow_id=riatu ip_protocol=udp severity=low partition_name=tanimid route_domain=isnostru sa_translation_pool=nofdeFi sa_translation_type=aquioff source_ip=10.1.171.61 src_geo=amnisi source_port=7258 source_user=reetdolo translated_dest_ip=10.199.127.211 translated_dest_port=3598 translated_ip_protocol=ilmole translated_route_domain=ugi translated_source_ip=10.83.238.145 translated_source_port=5392 translated_vlan=emveleum vlan=3661", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "nde abillo undeom845.www5.example quaer eetdo tlab [F5@spernatu acl_policy_name=exercita acl_policy_type=sBonorum acl_rule_name=atems action=Drop hostname=edictasu5362.internal.localhost bigip_mgmt_ip=10.65.141.244 context_name=turmag context_type=ipsaqu date_time=May 14 2017 22:34:50 dest_ip=10.203.69.36 dst_geo=quira dest_port=3091 device_product=ore device_vendor=tation device_version=1.3789 drop_reason=porincid errdefs_msgno=tperspic errdefs_msg_name=equu flow_id=sintoc ip_protocol=rdp severity=very-high partition_name=tetura route_domain=riosamni sa_translation_pool=icta sa_translation_type=luptate source_ip=10.170.252.219 src_geo=iqui source_port=1978 source_user=Nequepo translated_dest_ip=10.44.226.104 translated_dest_port=7020 translated_ip_protocol=nse translated_route_domain=veniam translated_source_ip=10.74.213.42 translated_source_port=5922 translated_vlan=sse vlan=2498", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inBCSe otamrem tutlabor4180.internal.host consecte pteurs catcupi [F5@autf acl_policy_name=saqu acl_policy_type=uptat acl_rule_name=unt action=Reject hostname=uido492.www5.home bigip_mgmt_ip=10.180.48.221 context_name=lors context_type=aconsequ date_time=May 29 2017 05:37:24 dest_ip=10.33.195.166 dst_geo=sequat dest_port=4596 device_product=utemvel device_vendor=epteur device_version=1.2965 drop_reason=iusm errdefs_msgno=roi errdefs_msg_name=busBonor flow_id=stquido ip_protocol=igmp severity=high partition_name=mnisi route_domain=usmo sa_translation_pool=iamea sa_translation_type=imaveni source_ip=10.183.223.149 src_geo=cor source_port=2648 source_user=nihil translated_dest_ip=10.225.255.211 translated_dest_port=5595 translated_ip_protocol=citati translated_route_domain=uamei translated_source_ip=10.225.141.172 translated_source_port=956 translated_vlan=fugiatn vlan=3309", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "aaliq nat uovolupt307.internal.host serror onse umquam [F5@emagn acl_policy_name=emulla acl_policy_type=mips acl_rule_name=itae action=Established hostname=redo6311.api.invalid bigip_mgmt_ip=10.176.64.28 context_name=olup context_type=remipsu date_time=Jun 12 2017 12:39:58 dest_ip=10.92.6.176 dst_geo=mcorpor dest_port=7420 device_product=autfugit device_vendor=emUte device_version=1.7612 drop_reason=nturmag errdefs_msgno=tura errdefs_msg_name=osquirat flow_id=equat ip_protocol=tcp severity=high partition_name=usantiu route_domain=idunt sa_translation_pool=atqu sa_translation_type=naturau source_ip=10.97.138.181 src_geo=oluptat source_port=7128 source_user=eseruntm translated_dest_ip=10.205.174.181 translated_dest_port=766 translated_ip_protocol=olor translated_route_domain=etquasia translated_source_ip=10.169.123.103 translated_source_port=519 translated_vlan=uisa vlan=6863", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Cicero evolupta teturadi4718.api.local piscivel hend eacommo [F5@ueip acl_policy_name=maliqu acl_policy_type=iati acl_rule_name=minim action=Established hostname=dolorem1698.www.domain bigip_mgmt_ip=10.75.120.11 context_name=urau context_type=etur date_time=Jun 26 2017 19:42:33 dest_ip=10.20.73.247 dst_geo=laborum dest_port=5749 device_product=xeac device_vendor=umdolors device_version=1.4226 drop_reason=uiadolo errdefs_msgno=empor errdefs_msg_name=umexerci flow_id=duntut ip_protocol=ggp severity=very-high partition_name=prehend route_domain=eufug sa_translation_pool=roquisq sa_translation_type=temporai source_ip=10.53.101.131 src_geo=ici source_port=5097 source_user=tquo translated_dest_ip=10.204.4.40 translated_dest_port=271 translated_ip_protocol=sitvo translated_route_domain=ine translated_source_ip=10.169.101.161 translated_source_port=4577 translated_vlan=ipi vlan=4211", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "exerci idata ese4384.mail.domain rumexerc isiutali iquidexe [F5@illumq acl_policy_name=luptatem acl_policy_type=ite acl_rule_name=tasnul action=Reject hostname=evitae7333.www.lan bigip_mgmt_ip=10.28.51.219 context_name=ess context_type=quiad date_time=Jul 11 2017 02:45:07 dest_ip=10.43.210.236 dst_geo=litanim dest_port=2135 device_product=orsitam device_vendor=modico device_version=1.2990 drop_reason=itatio errdefs_msgno=porinc errdefs_msg_name=riame flow_id=riat ip_protocol=udp severity=very-high partition_name=eriam route_domain=pernat sa_translation_pool=udan sa_translation_type=archi source_ip=10.6.222.112 src_geo=aliqu source_port=780 source_user=onsequu translated_dest_ip=10.156.117.169 translated_dest_port=2939 translated_ip_protocol=agnamal translated_route_domain=quei translated_source_ip=10.87.120.87 translated_source_port=1636 translated_vlan=teni vlan=4967", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dant etdolor uat7787.www.host iti nimadm nculp [F5@asp acl_policy_name=eacom acl_policy_type=mag acl_rule_name=gelitse action=Drop hostname=arc2412.mail.lan bigip_mgmt_ip=10.247.44.59 context_name=eiusmo context_type=ainc date_time=Jul 25 2017 09:47:41 dest_ip=10.173.129.72 dst_geo=ecill dest_port=6831 device_product=snu device_vendor=inibusB device_version=1.388 drop_reason=texplica errdefs_msgno=oco errdefs_msg_name=aboree flow_id=ainci ip_protocol=udp severity=high partition_name=pariatur route_domain=uames sa_translation_pool=umtotamr sa_translation_type=mquido source_ip=10.57.89.155 src_geo=rur source_port=3553 source_user=ntorever translated_dest_ip=10.253.167.17 translated_dest_port=2990 translated_ip_protocol=seos translated_route_domain=exercita translated_source_ip=10.4.126.103 translated_source_port=892 translated_vlan=tco vlan=3607", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "oluptate lit santi837.api.domain turadip dip idolo [F5@Ute acl_policy_name=ptassita acl_policy_type=caecatcu acl_rule_name=inBC action=Established hostname=olorsi2746.internal.localhost bigip_mgmt_ip=10.15.240.220 context_name=teir context_type=quep date_time=Aug 08 2017 16:50:15 dest_ip=10.63.78.66 dst_geo=xeac dest_port=7061 device_product=abor device_vendor=oreverit device_version=1.6451 drop_reason=reetdo errdefs_msgno=tat errdefs_msg_name=eufugia flow_id=ncididun ip_protocol=tcp severity=medium partition_name=periamea route_domain=itametco sa_translation_pool=vel sa_translation_type=quunt source_ip=10.248.206.210 src_geo=nonn source_port=4478 source_user=met translated_dest_ip=10.36.69.125 translated_dest_port=7157 translated_ip_protocol=entsu translated_route_domain=conse translated_source_ip=10.143.183.208 translated_source_port=5214 translated_vlan=umwri vlan=4057", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "atura tur tur5914.internal.invalid tassita colabori imidestl [F5@piscing acl_policy_name=ceroi acl_policy_type=iconsequ acl_rule_name=iat action=Established hostname=edqu2208.www.localhost bigip_mgmt_ip=10.6.32.7 context_name=exerci context_type=inesciu date_time=Aug 22 2017 23:52:50 dest_ip=10.141.216.14 dst_geo=emu dest_port=5311 device_product=psa device_vendor=ate device_version=1.4386 drop_reason=fugitse errdefs_msgno=minimve errdefs_msg_name=serrorsi flow_id=tametco ip_protocol=ipv6-icmp severity=high partition_name=lore route_domain=isci sa_translation_pool=Dui sa_translation_type=reetdo source_ip=10.69.170.107 src_geo=iumtotam source_port=1010 source_user=ipitlabo translated_dest_ip=10.34.133.2 translated_dest_port=4807 translated_ip_protocol=nderi translated_route_domain=liqua translated_source_ip=10.142.186.43 translated_source_port=4691 translated_vlan=sautei vlan=2363", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "voluptas velill rspic5453.www.local meum borumSec aecatcup [F5@snisiut acl_policy_name=siar acl_policy_type=quas acl_rule_name=occaeca action=Closed hostname=ender5647.www5.example bigip_mgmt_ip=10.142.22.24 context_name=ulamc context_type=cept date_time=Sep 06 2017 06:55:24 dest_ip=10.93.88.228 dst_geo=rchitect dest_port=3402 device_product=gna device_vendor=ici device_version=1.2026 drop_reason=olu errdefs_msgno=iameaque errdefs_msg_name=identsun flow_id=ender ip_protocol=ipv6 severity=low partition_name=tect route_domain=uiad sa_translation_pool=doconse sa_translation_type=eni source_ip=10.121.153.197 src_geo=smoditem source_port=6593 source_user=borumSec translated_dest_ip=10.59.103.10 translated_dest_port=768 translated_ip_protocol=oquisq translated_route_domain=abori translated_source_ip=10.170.165.164 translated_source_port=505 translated_vlan=uiineavo vlan=5554", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "uidexeac sequa ntsunti2313.internal.invalid uinesc cid emi [F5@Bonorum acl_policy_name=lesti acl_policy_type=oreseo acl_rule_name=reprehen action=Established hostname=sis3986.internal.lan bigip_mgmt_ip=10.133.10.122 context_name=texplic context_type=edutp date_time=Sep 20 2017 13:57:58 dest_ip=10.93.59.189 dst_geo=eserun dest_port=3034 device_product=eniamqu device_vendor=inimav device_version=1.1576 drop_reason=imadm errdefs_msgno=uta errdefs_msg_name=tisu flow_id=remagnam ip_protocol=icmp severity=low partition_name=meiusm route_domain=nidolo sa_translation_pool=atquovol sa_translation_type=quunt source_ip=10.247.114.30 src_geo=olesti source_port=7584 source_user=quaeabil translated_dest_ip=10.19.99.129 translated_dest_port=956 translated_ip_protocol=itesse translated_route_domain=iamqui translated_source_ip=10.176.83.7 translated_source_port=5908 translated_vlan=inim vlan=6806", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Sed oremeumf lesti5921.api.localhost enima tnulapar ico [F5@giatquo acl_policy_name=lors acl_policy_type=its acl_rule_name=dolor action=Drop hostname=uatu2894.api.lan bigip_mgmt_ip=10.64.139.17 context_name=pro context_type=ice date_time=Oct 04 2017 21:00:32 dest_ip=10.87.238.169 dst_geo=conse dest_port=5351 device_product=mcol device_vendor=lup device_version=1.3824 drop_reason=upta errdefs_msgno=sedquian errdefs_msg_name=cti flow_id=rumSecti ip_protocol=rdp severity=medium partition_name=eca route_domain=oluptate sa_translation_pool=Duisa sa_translation_type=consequa source_ip=10.40.177.138 src_geo=aevitaed source_port=1082 source_user=rep translated_dest_ip=10.8.29.219 translated_dest_port=6890 translated_ip_protocol=quaeratv translated_route_domain=involu translated_source_ip=10.70.7.23 translated_source_port=2758 translated_vlan=amcolab vlan=4306", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "odic iuta liquaUte209.internal.test olores scipit lloinve [F5@borisnis acl_policy_name=onorumet acl_policy_type=ptatema acl_rule_name=eavolup action=Closed hostname=rmagnido5483.local bigip_mgmt_ip=10.180.62.222 context_name=ptatev context_type=atu date_time=Oct 19 2017 04:03:07 dest_ip=10.234.26.132 dst_geo=msequ dest_port=2383 device_product=mwritten device_vendor=tat device_version=1.6066 drop_reason=osa errdefs_msgno=mini errdefs_msg_name=rors flow_id=ssusci ip_protocol=udp severity=medium partition_name=inimve route_domain=uio sa_translation_pool=mexercit sa_translation_type=byC source_ip=10.2.189.20 src_geo=orin source_port=535 source_user=uptasnul translated_dest_ip=10.67.221.220 translated_dest_port=239 translated_ip_protocol=aedict translated_route_domain=niamqui translated_source_ip=10.67.173.228 translated_source_port=5767 translated_vlan=tatemse vlan=4493", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "uamestqu mpor orem6479.api.host seq rumSe tatnonp [F5@ommo acl_policy_name=adeser acl_policy_type=uasiarc acl_rule_name=doeiu action=Reject hostname=uian521.www.example bigip_mgmt_ip=10.209.52.47 context_name=imven context_type=onnumqua date_time=Nov 02 2017 11:05:41 dest_ip=10.141.201.173 dst_geo=upt dest_port=6017 device_product=itautfu device_vendor=nesci device_version=1.5040 drop_reason=mquis errdefs_msgno=lorsi errdefs_msg_name=tetura flow_id=eeufug ip_protocol=ipv6 severity=medium partition_name=tevelite route_domain=tocca sa_translation_pool=orsitvol sa_translation_type=ntor source_ip=10.147.127.181 src_geo=minimav source_port=6994 source_user=tasu translated_dest_ip=10.56.134.118 translated_dest_port=358 translated_ip_protocol=evo translated_route_domain=mcorpori translated_source_ip=10.196.176.243 translated_source_port=3465 translated_vlan=orsitam vlan=4991", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "prehende lup tpers2217.internal.lan nula tdolorem qui [F5@olupt acl_policy_name=nemulla acl_policy_type=asp acl_rule_name=dexercit action=Closed hostname=taliq5213.api.corp bigip_mgmt_ip=10.226.24.84 context_name=ectobea context_type=dat date_time=Nov 16 2017 18:08:15 dest_ip=10.91.18.221 dst_geo=aut dest_port=5596 device_product=uames device_vendor=tconsec device_version=1.7604 drop_reason=oll errdefs_msgno=laboree errdefs_msg_name=udantiu flow_id=itametco ip_protocol=ipv6 severity=very-high partition_name=odico route_domain=rsint sa_translation_pool=itl sa_translation_type=ttenb source_ip=10.231.18.90 src_geo=lapa source_port=4860 source_user=Nem translated_dest_ip=10.85.13.237 translated_dest_port=4072 translated_ip_protocol=upidata translated_route_domain=ici translated_source_ip=10.248.140.59 translated_source_port=5760 translated_vlan=ident vlan=4293", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "quelaud luptat rinrep6482.api.lan nimv emeu tatemac [F5@quisn acl_policy_name=rem acl_policy_type=ulamcola acl_rule_name=remagnaa action=Accept hostname=ntsunt4894.mail.domain bigip_mgmt_ip=10.203.46.215 context_name=mcorpori context_type=orisn date_time=Dec 01 2017 01:10:49 dest_ip=10.88.194.242 dst_geo=mco dest_port=6246 device_product=itame device_vendor=tenat device_version=1.5407 drop_reason=yCiceroi errdefs_msgno=nostrum errdefs_msg_name=orroquis flow_id=eumi ip_protocol=icmp severity=low partition_name=aea route_domain=tvolu sa_translation_pool=dutper sa_translation_type=tlaboru source_ip=10.207.183.204 src_geo=equuntu source_port=2673 source_user=eruntmo translated_dest_ip=10.8.224.72 translated_dest_port=6506 translated_ip_protocol=ion translated_route_domain=rured translated_source_ip=10.59.215.207 translated_source_port=6195 translated_vlan=ore vlan=5842", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "xerc Nequep ametcon7485.www.test rro tuser ctasu [F5@irat acl_policy_name=sitame acl_policy_type=oinven acl_rule_name=natu action=Drop hostname=mexer3864.api.corp bigip_mgmt_ip=10.98.154.146 context_name=nula context_type=ameaquei date_time=Dec 15 2017 08:13:24 dest_ip=10.72.114.116 dst_geo=mquis dest_port=7760 device_product=olupta device_vendor=isno device_version=1.6814 drop_reason=ine errdefs_msgno=aeco errdefs_msg_name=rinrepr flow_id=dutp ip_protocol=ipv6-icmp severity=very-high partition_name=giatqu route_domain=rsint sa_translation_pool=rsi sa_translation_type=paq source_ip=10.73.84.95 src_geo=uisautem source_port=6701 source_user=sitam translated_dest_ip=10.255.145.22 translated_dest_port=6949 translated_ip_protocol=emUtenim translated_route_domain=ende translated_source_ip=10.230.38.148 translated_source_port=3213 translated_vlan=sse vlan=368", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "incidi aedictas rumetMa2554.domain unt liq abore [F5@iumdo acl_policy_name=oreeu acl_policy_type=mea acl_rule_name=ssec action=Accept hostname=oluptat6960.www5.test bigip_mgmt_ip=10.211.29.187 context_name=ptat context_type=meaquei date_time=Dec 29 2017 15:15:58 dest_ip=10.228.204.249 dst_geo=eleumi dest_port=4584 device_product=porissus device_vendor=imip device_version=1.7160 drop_reason=ddoe errdefs_msgno=uptateve errdefs_msg_name=ured flow_id=ctetu ip_protocol=tcp severity=low partition_name=uasiarch route_domain=Malor sa_translation_pool=boriosa sa_translation_type=cillumdo source_ip=10.166.142.198 src_geo=oremipsu source_port=465 source_user=tium translated_dest_ip=10.105.120.162 translated_dest_port=2984 translated_ip_protocol=etc translated_route_domain=eturadip translated_source_ip=10.175.181.138 translated_source_port=3787 translated_vlan=tassitas vlan=1495", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "velite maccus nima5813.mail.example iarchit sBonorum moenimi [F5@lor acl_policy_name=auto acl_policy_type=rsinto acl_rule_name=ati action=Established hostname=fugiatnu2498.www.localhost bigip_mgmt_ip=10.182.213.195 context_name=tconse context_type=eumf date_time=Jan 12 2018 22:18:32 dest_ip=10.200.94.145 dst_geo=doconse dest_port=5211 device_product=uis device_vendor=lill device_version=1.6057 drop_reason=imi errdefs_msgno=animi errdefs_msg_name=edutpers flow_id=pisci ip_protocol=tcp severity=very-high partition_name=umto route_domain=xercit sa_translation_pool=lam sa_translation_type=asnu source_ip=10.122.133.162 src_geo=eriam source_port=4838 source_user=aquae translated_dest_ip=10.220.202.102 translated_dest_port=10 translated_ip_protocol=iaturE translated_route_domain=epor translated_source_ip=10.195.139.25 translated_source_port=5566 translated_vlan=tper vlan=4341", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tconsect pariat iutal3376.api.corp isi idexeac ntu [F5@tdolo acl_policy_name=nimve acl_policy_type=duntut acl_rule_name=emporin action=Reject hostname=ptat3230.domain bigip_mgmt_ip=10.156.208.5 context_name=tlaboru context_type=tec date_time=Jan 27 2018 05:21:06 dest_ip=10.9.69.13 dst_geo=uatD dest_port=6508 device_product=antium device_vendor=remaper device_version=1.3297 drop_reason=ntNequ errdefs_msgno=anim errdefs_msg_name=uae flow_id=ata ip_protocol=tcp severity=very-high partition_name=paq route_domain=emipsumq sa_translation_pool=culpaq sa_translation_type=quamq source_ip=10.53.72.161 src_geo=pta source_port=4723 source_user=scip translated_dest_ip=10.33.143.163 translated_dest_port=5404 translated_ip_protocol=iusmodi translated_route_domain=esciun translated_source_ip=10.247.144.9 translated_source_port=2494 translated_vlan=lit vlan=4112", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "oidentsu oditau onsec1632.internal.lan lup aeca isau [F5@giat acl_policy_name=ttenb acl_policy_type=eirure acl_rule_name=boreetd action=Closed hostname=exer447.internal.localhost bigip_mgmt_ip=10.35.190.164 context_name=radipis context_type=lore date_time=Feb 10 2018 12:23:41 dest_ip=10.76.99.144 dst_geo=eufugia dest_port=2345 device_product=pariat device_vendor=nimip device_version=1.2476 drop_reason=usci errdefs_msgno=unturmag errdefs_msg_name=dexeaco flow_id=lupta ip_protocol=ggp severity=very-high partition_name=oreeufug route_domain=Quisa sa_translation_pool=quiav sa_translation_type=ctionofd source_ip=10.21.58.162 src_geo=uisautei source_port=7881 source_user=porin translated_dest_ip=10.241.143.145 translated_dest_port=6151 translated_ip_protocol=ecillum translated_route_domain=olor translated_source_ip=10.113.65.192 translated_source_port=7807 translated_vlan=conseq vlan=6079", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "edutpers ctobeat upta4358.home orem inibus secte [F5@ctobeat acl_policy_name=onsec acl_policy_type=idestl acl_rule_name=litani action=Closed hostname=itanimi1934.home bigip_mgmt_ip=10.19.154.103 context_name=ittenb context_type=tobeatae date_time=Feb 24 2018 19:26:15 dest_ip=10.235.51.61 dst_geo=exe dest_port=1872 device_product=cia device_vendor=idolo device_version=1.768 drop_reason=pitlabo errdefs_msgno=tas errdefs_msg_name=rcitat flow_id=ree ip_protocol=tcp severity=very-high partition_name=quipexea route_domain=orsitv sa_translation_pool=dunt sa_translation_type=int source_ip=10.53.27.253 src_geo=temveleu source_port=3599 source_user=luptat translated_dest_ip=10.75.113.240 translated_dest_port=1874 translated_ip_protocol=ionulam translated_route_domain=auto translated_source_ip=10.129.16.166 translated_source_port=5141 translated_vlan=ntocca vlan=5439", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tvol lup mipsamv161.local ionula pexeaco temaccu [F5@uamqua acl_policy_name=Neq acl_policy_type=runt acl_rule_name=xcep action=Established hostname=pteurs1031.mail.corp bigip_mgmt_ip=10.125.150.220 context_name=lumquid context_type=eturadip date_time=Mar 11 2018 02:28:49 dest_ip=10.241.228.95 dst_geo=equ dest_port=7256 device_product=ssequamn device_vendor=ave device_version=1.5812 drop_reason=edquia errdefs_msgno=ihi errdefs_msg_name=undeomn flow_id=ape ip_protocol=rdp severity=medium partition_name=ari route_domain=umtot sa_translation_pool=onemulla sa_translation_type=atquo source_ip=10.120.50.13 src_geo=issu source_port=4426 source_user=inculpa translated_dest_ip=10.150.153.61 translated_dest_port=2773 translated_ip_protocol=loremagn translated_route_domain=acons translated_source_ip=10.22.213.196 translated_source_port=7230 translated_vlan=emoenimi vlan=1864", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "mqu onorume abill5290.lan mini mve tionev [F5@uasiarch acl_policy_name=velites acl_policy_type=uredolor acl_rule_name=epreh action=Accept hostname=edquiaco6562.api.lan bigip_mgmt_ip=10.113.2.13 context_name=rudexerc context_type=nturm date_time=Mar 25 2018 09:31:24 dest_ip=10.182.134.109 dst_geo=dquia dest_port=5334 device_product=bori device_vendor=dipi device_version=1.7232 drop_reason=utf errdefs_msgno=dolor errdefs_msg_name=dexe flow_id=nemul ip_protocol=igmp severity=low partition_name=lupt route_domain=quatur sa_translation_pool=dminim sa_translation_type=ptatevel source_ip=10.85.52.249 src_geo=eirured source_port=3772 source_user=tatiset translated_dest_ip=10.238.171.184 translated_dest_port=2574 translated_ip_protocol=duntutl translated_route_domain=nven translated_source_ip=10.229.155.171 translated_source_port=6978 translated_vlan=asiarch vlan=7121", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "utla deomni tse7542.test nesciu todit utaliqui [F5@emse acl_policy_name=emqui acl_policy_type=cipitla acl_rule_name=tlab action=Accept hostname=tatis7315.mail.home bigip_mgmt_ip=10.249.174.35 context_name=umfu context_type=utla date_time=Apr 08 2018 16:33:58 dest_ip=10.136.53.201 dst_geo=dolo dest_port=6418 device_product=samvol device_vendor=equa device_version=1.536 drop_reason=strumex errdefs_msgno=tessecil errdefs_msg_name=ugia flow_id=reprehe ip_protocol=udp severity=medium partition_name=umq route_domain=sistena sa_translation_pool=qui sa_translation_type=caboN source_ip=10.198.150.185 src_geo=catcupid source_port=3167 source_user=quela translated_dest_ip=10.51.245.225 translated_dest_port=3991 translated_ip_protocol=enimi translated_route_domain=illum translated_source_ip=10.220.1.249 translated_source_port=4200 translated_vlan=Sedut vlan=7832", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "audant obeata uredol2348.www5.host entorev quuntur olup [F5@aeab acl_policy_name=uradipis acl_policy_type=aerat acl_rule_name=les action=Drop hostname=eosqui3723.api.localdomain bigip_mgmt_ip=10.152.157.32 context_name=ali context_type=udexerci date_time=Apr 22 2018 23:36:32 dest_ip=10.76.232.245 dst_geo=osqu dest_port=4859 device_product=aborio device_vendor=rve device_version=1.219 drop_reason=nbyCi errdefs_msgno=runtmoll errdefs_msg_name=busBon flow_id=norumetM ip_protocol=udp severity=low partition_name=usBono route_domain=ameaq sa_translation_pool=Quis sa_translation_type=lupta source_ip=10.251.82.195 src_geo=umiure source_port=5186 source_user=olorese translated_dest_ip=10.190.96.181 translated_dest_port=2153 translated_ip_protocol=culp translated_route_domain=deomn translated_source_ip=10.38.185.31 translated_source_port=1085 translated_vlan=llo vlan=1106", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tla iaconseq sed3235.www5.localhost pidatatn isno luptatev [F5@occaeca acl_policy_name=dan acl_policy_type=pta acl_rule_name=upt action=Drop hostname=itaedict199.mail.corp bigip_mgmt_ip=10.103.102.242 context_name=labore context_type=lorem date_time=May 07 2018 06:39:06 dest_ip=10.68.159.207 dst_geo=eratv dest_port=7206 device_product=estq device_vendor=quasiarc device_version=1.6526 drop_reason=liq errdefs_msgno=xerc errdefs_msg_name=atisetqu flow_id=squir ip_protocol=icmp severity=very-high partition_name=quam route_domain=deriti sa_translation_pool=edictasu sa_translation_type=eturadi source_ip=10.190.247.194 src_geo=mSecti source_port=4210 source_user=tDuisaut translated_dest_ip=10.230.112.179 translated_dest_port=5926 translated_ip_protocol=vol translated_route_domain=ita translated_source_ip=10.211.198.50 translated_source_port=7510 translated_vlan=nibusB vlan=5555", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "amremap oremagna aqu4475.mail.invalid serrorsi tsedquia rsit [F5@quis acl_policy_name=upidatat acl_policy_type=mod acl_rule_name=niamqui action=Closed hostname=xeaco7887.www.localdomain bigip_mgmt_ip=10.47.223.155 context_name=ugitsed context_type=dminimve date_time=May 21 2018 13:41:41 dest_ip=10.111.137.84 dst_geo=uiac dest_port=7838 device_product=tot device_vendor=reme device_version=1.7750 drop_reason=loremi errdefs_msgno=queporro errdefs_msg_name=tur flow_id=eFi ip_protocol=ipv6-icmp severity=medium partition_name=ulapari route_domain=eporroq sa_translation_pool=uunturm sa_translation_type=iatn source_ip=10.219.83.199 src_geo=diduntut source_port=1321 source_user=ectetur translated_dest_ip=10.101.13.122 translated_dest_port=6737 translated_ip_protocol=nibusBo translated_route_domain=volup translated_source_ip=10.251.101.61 translated_source_port=5153 translated_vlan=scipit vlan=6495", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tore isni tamrema736.www5.lan ntiumdol conse aturve [F5@edqui acl_policy_name=tvolu acl_policy_type=psu acl_rule_name=strud action=Closed hostname=saute7421.www.invalid bigip_mgmt_ip=10.21.80.157 context_name=tiumtot context_type=tate date_time=Jun 04 2018 20:44:15 dest_ip=10.13.222.177 dst_geo=inBCSed dest_port=6353 device_product=Loremip device_vendor=taliqui device_version=1.5568 drop_reason=ipsaquae errdefs_msgno=olu errdefs_msg_name=exerci flow_id=isnostru ip_protocol=tcp severity=very-high partition_name=ngelits route_domain=volupt sa_translation_pool=billoi sa_translation_type=reseo source_ip=10.31.86.83 src_geo=pariat source_port=6646 source_user=litsed translated_dest_ip=10.21.30.43 translated_dest_port=4754 translated_ip_protocol=lorem translated_route_domain=iamquisn translated_source_ip=10.83.136.233 translated_source_port=6643 translated_vlan=imadm vlan=3187", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "lumdol edutper utemve6966.mail.local emoen ptate mipsumqu [F5@turad acl_policy_name=dol acl_policy_type=ntutla acl_rule_name=des action=Accept hostname=oluptas1637.home bigip_mgmt_ip=10.195.90.73 context_name=ipisc context_type=iatnulap date_time=Jun 19 2018 03:46:49 dest_ip=10.170.155.137 dst_geo=uine dest_port=1815 device_product=veniamqu device_vendor=iconsequ device_version=1.5445 drop_reason=apa errdefs_msgno=archite errdefs_msg_name=tur flow_id=ddo ip_protocol=ipv6 severity=high partition_name=inBC route_domain=did sa_translation_pool=atcupi sa_translation_type=eriti source_ip=10.45.152.205 src_geo=rema source_port=5107 source_user=datatn translated_dest_ip=10.194.197.107 translated_dest_port=2524 translated_ip_protocol=tur translated_route_domain=itation translated_source_ip=10.27.181.27 translated_source_port=5509 translated_vlan=uredo vlan=2155", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "use catcu quame922.internal.host eursi liquid ulapari [F5@ibus acl_policy_name=isu acl_policy_type=moll acl_rule_name=roinBCS action=Drop hostname=ididu5505.api.localdomain bigip_mgmt_ip=10.43.239.97 context_name=modi context_type=cip date_time=Jul 03 2018 10:49:23 dest_ip=10.60.60.164 dst_geo=iscive dest_port=5527 device_product=incididu device_vendor=yCice device_version=1.508 drop_reason=ionem errdefs_msgno=taevitae errdefs_msg_name=dminimv flow_id=quam ip_protocol=tcp severity=low partition_name=umdol route_domain=rerepr sa_translation_pool=ipiscin sa_translation_type=trudexe source_ip=10.222.2.132 src_geo=umdo source_port=6187 source_user=aedicta translated_dest_ip=10.129.161.18 translated_dest_port=782 translated_ip_protocol=umquiad translated_route_domain=porinc translated_source_ip=10.183.90.25 translated_source_port=5038 translated_vlan=conse vlan=2563", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dolo reeufu umexe5208.local suntex uptatema uteiru [F5@rcitati acl_policy_name=siutali acl_policy_type=uiratio acl_rule_name=ficia action=Closed hostname=mqui1099.api.corp bigip_mgmt_ip=10.231.167.171 context_name=onorumet context_type=illoinve date_time=Jul 17 2018 17:51:58 dest_ip=10.188.254.168 dst_geo=nevolup dest_port=3706 device_product=lor device_vendor=ica device_version=1.4479 drop_reason=sumd errdefs_msgno=elitse errdefs_msg_name=olu flow_id=temqu ip_protocol=rdp severity=very-high partition_name=nesci route_domain=meaquei sa_translation_pool=snisiu sa_translation_type=atem source_ip=10.189.162.131 src_geo=litsed source_port=6019 source_user=sedquia translated_dest_ip=10.67.129.100 translated_dest_port=7106 translated_ip_protocol=mmodicon translated_route_domain=eosquir translated_source_ip=10.248.156.138 translated_source_port=2125 translated_vlan=smodit vlan=3090", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dun xce dol5403.www.localhost asiar eiu maliquam [F5@gnama acl_policy_name=ursintoc acl_policy_type=minimve acl_rule_name=eprehe action=Reject hostname=siuta2155.lan bigip_mgmt_ip=10.63.103.30 context_name=ill context_type=imveniam date_time=Aug 01 2018 00:54:32 dest_ip=10.36.29.127 dst_geo=umqui dest_port=1757 device_product=sci device_vendor=isquames device_version=1.2927 drop_reason=tlabor errdefs_msgno=itecto errdefs_msg_name=loreeuf flow_id=orainci ip_protocol=icmp severity=low partition_name=aev route_domain=uelaudan sa_translation_pool=lab sa_translation_type=sequa source_ip=10.6.146.184 src_geo=rrorsi source_port=7247 source_user=sequu translated_dest_ip=10.185.107.27 translated_dest_port=2257 translated_ip_protocol=mips translated_route_domain=iduntutl translated_source_ip=10.142.106.66 translated_source_port=3790 translated_vlan=quelauda vlan=289", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dolo ulamc doe344.www5.local toreve squirat llum [F5@dol acl_policy_name=niam acl_policy_type=atio acl_rule_name=sno action=Established hostname=tatiset4191.localdomain bigip_mgmt_ip=10.214.93.200 context_name=dtempor context_type=rroquisq date_time=Aug 15 2018 07:57:06 dest_ip=10.215.63.248 dst_geo=uidex dest_port=1203 device_product=lloi device_vendor=nseq device_version=1.4023 drop_reason=isetqua errdefs_msgno=ianonn errdefs_msg_name=oluptas flow_id=doe ip_protocol=udp severity=very-high partition_name=rchitect route_domain=orsitame sa_translation_pool=tasn sa_translation_type=exeaco source_ip=10.93.39.237 src_geo=aincidu source_port=232 source_user=tionofd translated_dest_ip=10.0.202.9 translated_dest_port=7451 translated_ip_protocol=nvolup translated_route_domain=ommodic translated_source_ip=10.119.179.182 translated_source_port=7255 translated_vlan=undeo vlan=7696", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "uiinea uianonn eavolupt784.www5.example liquam sinto edi [F5@eumiure acl_policy_name=ore acl_policy_type=adeser acl_rule_name=mSe action=Drop hostname=aute2433.mail.lan bigip_mgmt_ip=10.252.204.162 context_name=tiae context_type=giat date_time=Aug 29 2018 14:59:40 dest_ip=10.115.77.51 dst_geo=mcorpor dest_port=2433 device_product=ostru device_vendor=mea device_version=1.5939 drop_reason=iquipex errdefs_msgno=byCice errdefs_msg_name=deritq flow_id=boreetdo ip_protocol=ipv6-icmp severity=medium partition_name=iin route_domain=nostr sa_translation_pool=luptatem sa_translation_type=tNequepo source_ip=10.28.145.163 src_geo=sper source_port=72 source_user=imadmin translated_dest_ip=10.123.154.140 translated_dest_port=2551 translated_ip_protocol=mSect translated_route_domain=iure translated_source_ip=10.30.189.166 translated_source_port=2749 translated_vlan=aer vlan=3422", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "roquis mremape ude2977.www.corp rmagnido exeaco dqu [F5@ccaec acl_policy_name=repreh acl_policy_type=imven acl_rule_name=usan action=Accept hostname=idolo6535.internal.example bigip_mgmt_ip=10.46.162.198 context_name=snulap context_type=onsequat date_time=Sep 12 2018 22:02:15 dest_ip=10.166.128.248 dst_geo=pariatur dest_port=7435 device_product=tura device_vendor=equuntur device_version=1.6564 drop_reason=uaera errdefs_msgno=mqua errdefs_msg_name=xer flow_id=utlabore ip_protocol=ipv6-icmp severity=very-high partition_name=beataevi route_domain=amquisn sa_translation_pool=itquii sa_translation_type=imaven source_ip=10.145.128.250 src_geo=nder source_port=5641 source_user=eni translated_dest_ip=10.79.49.3 translated_dest_port=7794 translated_ip_protocol=psamvolu translated_route_domain=teturad translated_source_ip=10.29.122.183 translated_source_port=6166 translated_vlan=tla vlan=6146", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "modtempo edict nost3250.internal.localdomain nibu quatur isiutali [F5@mdolo acl_policy_name=nof acl_policy_type=usantiu acl_rule_name=periam action=Closed hostname=one7728.api.localdomain bigip_mgmt_ip=10.177.232.136 context_name=obe context_type=niamqu date_time=Sep 27 2018 05:04:49 dest_ip=10.140.59.161 dst_geo=smoditem dest_port=575 device_product=tev device_vendor=oNemoeni device_version=1.3341 drop_reason=elillumq errdefs_msgno=loremeum errdefs_msg_name=luptatem flow_id=ing ip_protocol=tcp severity=very-high partition_name=riameaqu route_domain=etd sa_translation_pool=omnisi sa_translation_type=dolor source_ip=10.166.169.167 src_geo=ati source_port=1544 source_user=olors translated_dest_ip=10.65.174.196 translated_dest_port=472 translated_ip_protocol=iin translated_route_domain=uteiru translated_source_ip=10.142.235.217 translated_source_port=5846 translated_vlan=orain vlan=2663", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "llu quaUt labor7147.internal.host ten vitae tse [F5@gni acl_policy_name=per acl_policy_type=tione acl_rule_name=nibus action=Established hostname=uptatem4446.internal.localhost bigip_mgmt_ip=10.29.217.44 context_name=eacommod context_type=tali date_time=Oct 11 2018 12:07:23 dest_ip=10.131.223.198 dst_geo=orisnisi dest_port=4342 device_product=eritquii device_vendor=atevelit device_version=1.325 drop_reason=enat errdefs_msgno=ionula errdefs_msg_name=itaed flow_id=invol ip_protocol=rdp severity=low partition_name=cidun route_domain=tassitas sa_translation_pool=nimadmi sa_translation_type=dipisci source_ip=10.215.184.154 src_geo=nor source_port=3306 source_user=iarc translated_dest_ip=10.191.78.86 translated_dest_port=6355 translated_ip_protocol=uiac translated_route_domain=squ translated_source_ip=10.53.188.140 translated_source_port=6455 translated_vlan=ten vlan=2937", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "isciveli ntutlab sitamet452.domain nsequ ing ollita [F5@dipisci acl_policy_name=amnisiu acl_policy_type=ptat acl_rule_name=epr action=Drop hostname=emq2514.api.localhost bigip_mgmt_ip=10.135.77.156 context_name=uraut context_type=non date_time=Oct 25 2018 19:09:57 dest_ip=10.248.182.188 dst_geo=turad dest_port=2537 device_product=nBCSe device_vendor=ollita device_version=1.3567 drop_reason=eni errdefs_msgno=quipe errdefs_msg_name=oluptat flow_id=stenatus ip_protocol=ggp severity=very-high partition_name=iaecon route_domain=ect sa_translation_pool=tquid sa_translation_type=seru source_ip=10.76.148.147 src_geo=remagna source_port=1121 source_user=urve translated_dest_ip=10.46.222.149 translated_dest_port=3304 translated_ip_protocol=squ translated_route_domain=emagnaal translated_source_ip=10.74.74.129 translated_source_port=5904 translated_vlan=itati vlan=3497", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "rinc tno meumf4052.invalid pitlabo riamea Malorumw [F5@consect acl_policy_name=issu acl_policy_type=tconsect acl_rule_name=tationem action=Drop hostname=agna5654.www.corp bigip_mgmt_ip=10.96.200.223 context_name=iatisun context_type=cto date_time=Nov 09 2018 02:12:32 dest_ip=10.3.228.220 dst_geo=imadmini dest_port=3791 device_product=oeiusm device_vendor=aUtenim device_version=1.1186 drop_reason=isu errdefs_msgno=ute errdefs_msg_name=tdolore flow_id=madminim ip_protocol=igmp severity=very-high partition_name=prehen route_domain=ate sa_translation_pool=ull sa_translation_type=enimipsa source_ip=10.130.203.37 src_geo=quisnos source_port=2132 source_user=mvele translated_dest_ip=10.11.146.253 translated_dest_port=3581 translated_ip_protocol=remeum translated_route_domain=temseq translated_source_ip=10.145.49.29 translated_source_port=2464 translated_vlan=sedquia vlan=4912", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntmo aliqu iqu4429.www5.lan doconse volupta ptat [F5@oreverit acl_policy_name=nimides acl_policy_type=remipsum acl_rule_name=elit action=Drop hostname=ipi4827.mail.lan bigip_mgmt_ip=10.162.78.48 context_name=lab context_type=sedqui date_time=Nov 23 2018 09:15:06 dest_ip=10.243.157.94 dst_geo=epteu dest_port=5744 device_product=tura device_vendor=mquiavol device_version=1.6845 drop_reason=eabil errdefs_msgno=ibusB errdefs_msg_name=rporis flow_id=etco ip_protocol=ipv6 severity=very-high partition_name=ereprehe route_domain=olu sa_translation_pool=nofdeF sa_translation_type=riaturEx source_ip=10.24.23.209 src_geo=itautfu source_port=1503 source_user=rumwr translated_dest_ip=10.162.2.180 translated_dest_port=3889 translated_ip_protocol=mporain translated_route_domain=ectetur translated_source_ip=10.48.75.140 translated_source_port=1837 translated_vlan=ineavol vlan=5182", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "onproid sitv equam3114.test mcorp uelaud aperiam [F5@ngelit acl_policy_name=quiano acl_policy_type=sund acl_rule_name=iaconse action=Drop hostname=sequatD163.internal.example bigip_mgmt_ip=10.151.206.38 context_name=oloremi context_type=luptate date_time=Dec 07 2018 16:17:40 dest_ip=10.38.57.217 dst_geo=rur dest_port=5543 device_product=imidest device_vendor=oeiusmod device_version=1.419 drop_reason=psumqui errdefs_msgno=eddoeiu errdefs_msg_name=oinvento flow_id=mips ip_protocol=udp severity=medium partition_name=corpor route_domain=amvolu sa_translation_pool=ent sa_translation_type=ionemu source_ip=10.66.92.83 src_geo=orinrep source_port=2549 source_user=nproide translated_dest_ip=10.119.12.186 translated_dest_port=5674 translated_ip_protocol=qui translated_route_domain=nemullam translated_source_ip=10.97.105.115 translated_source_port=3576 translated_vlan=squir vlan=3987", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "umqu umet psaquaea5284.internal.example upt giatquo toccaec [F5@nihilmo acl_policy_name=atquo acl_policy_type=umetMa acl_rule_name=ngelitse action=Accept hostname=itamet1303.invalid bigip_mgmt_ip=10.12.148.73 context_name=eius context_type=evo date_time=Dec 21 2018 23:20:14 dest_ip=10.10.44.34 dst_geo=volupt dest_port=61 device_product=eosqu device_vendor=reetdolo device_version=1.7551 drop_reason=sten errdefs_msgno=enderi errdefs_msg_name=labore flow_id=uasiarch ip_protocol=igmp severity=very-high partition_name=magnama route_domain=reprehe sa_translation_pool=citatio sa_translation_type=dolo source_ip=10.201.132.114 src_geo=eetd source_port=6058 source_user=borisnis translated_dest_ip=10.64.76.142 translated_dest_port=7083 translated_ip_protocol=temse translated_route_domain=samvo translated_source_ip=10.169.139.250 translated_source_port=1374 translated_vlan=nostrume vlan=5035", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tatevel itin tam942.api.host iut leumiur deser [F5@boris acl_policy_name=ris acl_policy_type=nisiuta acl_rule_name=utper action=Drop hostname=epr3512.internal.domain bigip_mgmt_ip=10.9.236.18 context_name=iumdo context_type=exe date_time=Jan 05 2019 06:22:49 dest_ip=10.152.7.48 dst_geo=giatnula dest_port=71 device_product=enimadmi device_vendor=qui device_version=1.5292 drop_reason=aecon errdefs_msgno=sedq errdefs_msg_name=olo flow_id=sperna ip_protocol=udp severity=very-high partition_name=conseq route_domain=upta sa_translation_pool=eturadi sa_translation_type=cinge source_ip=10.111.128.11 src_geo=niamq source_port=5336 source_user=umfug translated_dest_ip=10.35.38.185 translated_dest_port=7077 translated_ip_protocol=labor translated_route_domain=Sec translated_source_ip=10.200.116.191 translated_source_port=3068 translated_vlan=nsecte vlan=5790", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "uianonnu por nve894.lan turadip ataev eFinib [F5@atione acl_policy_name=xcepte acl_policy_type=gnaa acl_rule_name=tio action=Reject hostname=uredol2174.home bigip_mgmt_ip=10.191.27.182 context_name=tMalo context_type=urautod date_time=Jan 19 2019 13:25:23 dest_ip=10.114.60.159 dst_geo=rese dest_port=5302 device_product=rissusci device_vendor=quaturve device_version=1.5991 drop_reason=tisunde errdefs_msgno=ende errdefs_msg_name=quidolor flow_id=lloin ip_protocol=igmp severity=high partition_name=proiden route_domain=moenimip sa_translation_pool=tat sa_translation_type=tate source_ip=10.236.67.227 src_geo=ern source_port=881 source_user=tlabo translated_dest_ip=10.134.238.8 translated_dest_port=2976 translated_ip_protocol=aqua translated_route_domain=edquiac translated_source_ip=10.240.62.238 translated_source_port=1251 translated_vlan=olo vlan=5926", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ali Nequepor aUten4127.internal.lan apariatu mnisis onsequa [F5@sunt acl_policy_name=orumSe acl_policy_type=olupta acl_rule_name=emveleum action=Drop hostname=ididunt7607.mail.localhost bigip_mgmt_ip=10.165.66.92 context_name=isq context_type=eacommo date_time=Feb 02 2019 20:27:57 dest_ip=10.244.171.198 dst_geo=nimad dest_port=7814 device_product=asi device_vendor=tobe device_version=1.6837 drop_reason=Lore errdefs_msgno=oin errdefs_msg_name=eritquii flow_id=taliqui ip_protocol=ipv6-icmp severity=very-high partition_name=entoreve route_domain=ion sa_translation_pool=exeaco sa_translation_type=tate source_ip=10.109.14.142 src_geo=sitas source_port=6036 source_user=perna translated_dest_ip=10.65.35.64 translated_dest_port=2748 translated_ip_protocol=irur translated_route_domain=risnisiu translated_source_ip=10.22.231.91 translated_source_port=2652 translated_vlan=equepor vlan=897", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ugiatn utpe hend1170.www5.lan ptateve aliqua officiad [F5@nimadmin acl_policy_name=iavol acl_policy_type=roq acl_rule_name=iumtota action=Reject hostname=inimav5557.www5.test bigip_mgmt_ip=10.71.112.86 context_name=olor context_type=emoenim date_time=Feb 17 2019 03:30:32 dest_ip=10.57.64.102 dst_geo=rume dest_port=7667 device_product=inibusBo device_vendor=tqui device_version=1.99 drop_reason=citat errdefs_msgno=prehende errdefs_msg_name=vitaedic flow_id=remip ip_protocol=ggp severity=high partition_name=rehe route_domain=aper sa_translation_pool=gnaa sa_translation_type=tam source_ip=10.64.161.215 src_geo=modi source_port=4869 source_user=rnatur translated_dest_ip=10.29.230.203 translated_dest_port=6579 translated_ip_protocol=abi translated_route_domain=inimaven translated_source_ip=10.89.221.90 translated_source_port=5835 translated_vlan=entoreve vlan=4612", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "roqu dquia ommod142.www.home ptate oloreeu imipsa [F5@iscinge acl_policy_name=ora acl_policy_type=meumfug acl_rule_name=inimve action=Closed hostname=nonn1650.www.test bigip_mgmt_ip=10.88.226.76 context_name=ptas context_type=iadolo date_time=Mar 03 2019 10:33:06 dest_ip=10.217.197.29 dst_geo=aliquide dest_port=7187 device_product=tinv device_vendor=iar device_version=1.5232 drop_reason=mquela errdefs_msgno=urm errdefs_msg_name=con flow_id=aeabil ip_protocol=udp severity=low partition_name=edicta route_domain=itaspern sa_translation_pool=tau sa_translation_type=rcit source_ip=10.79.208.135 src_geo=rehende source_port=3688 source_user=erspic translated_dest_ip=10.221.199.137 translated_dest_port=6430 translated_ip_protocol=quipe translated_route_domain=evita translated_source_ip=10.140.118.182 translated_source_port=4566 translated_vlan=nia vlan=7548", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "npro boriosa sundeo3076.internal.test Nequepor turQ tod [F5@rsitame acl_policy_name=nsectetu acl_policy_type=untexpli acl_rule_name=smo action=Reject hostname=acons3940.api.lan bigip_mgmt_ip=10.133.48.55 context_name=lab context_type=ela date_time=Mar 17 2019 17:35:40 dest_ip=10.134.141.37 dst_geo=oreve dest_port=2538 device_product=tali device_vendor=quamnih device_version=1.2492 drop_reason=reprehen errdefs_msgno=Exce errdefs_msg_name=tocca flow_id=tinvolu ip_protocol=ipv6 severity=low partition_name=iumt route_domain=mad sa_translation_pool=mpor sa_translation_type=eddoei source_ip=10.35.73.208 src_geo=dolo source_port=6552 source_user=tia translated_dest_ip=10.126.61.230 translated_dest_port=2068 translated_ip_protocol=dolor translated_route_domain=emUteni translated_source_ip=10.189.244.22 translated_source_port=734 translated_vlan=rinre vlan=6425", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ident uatur dquiaco2756.home uiine mve dolorema [F5@ditautf acl_policy_name=uisnostr acl_policy_type=oditautf acl_rule_name=nula action=Established hostname=suscipit587.www.localhost bigip_mgmt_ip=10.81.154.115 context_name=ita context_type=aeratvol date_time=Apr 01 2019 00:38:14 dest_ip=10.194.94.1 dst_geo=ostr dest_port=575 device_product=boreetd device_vendor=ueporro device_version=1.4044 drop_reason=oluptat errdefs_msgno=olors errdefs_msg_name=mSecti flow_id=ius ip_protocol=icmp severity=very-high partition_name=xerci route_domain=qua sa_translation_pool=iaecons sa_translation_type=pteurs source_ip=10.35.65.72 src_geo=veni source_port=3387 source_user=reseo translated_dest_ip=10.239.194.105 translated_dest_port=3629 translated_ip_protocol=isnos translated_route_domain=ntin translated_source_ip=10.240.94.109 translated_source_port=5437 translated_vlan=ono vlan=573", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "consequ ine hend3901.www.localdomain nsecte miurere tat [F5@pitlabor acl_policy_name=upi acl_policy_type=olupta acl_rule_name=ape action=Established hostname=mnisiut6146.internal.local bigip_mgmt_ip=10.52.70.192 context_name=empor context_type=ate date_time=Apr 15 2019 07:40:49 dest_ip=10.234.254.96 dst_geo=obeatae dest_port=2042 device_product=orem device_vendor=dquian device_version=1.2307 drop_reason=uis errdefs_msgno=emagnaal errdefs_msg_name=uunturm flow_id=nonnumq ip_protocol=ggp severity=very-high partition_name=ntocca route_domain=emquelau sa_translation_pool=adolorsi sa_translation_type=lupt source_ip=10.38.253.213 src_geo=ncidu source_port=3369 source_user=ionem translated_dest_ip=10.248.72.104 translated_dest_port=7485 translated_ip_protocol=cusan translated_route_domain=ivelit translated_source_ip=10.150.56.227 translated_source_port=4686 translated_vlan=isnost vlan=4697", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "urQu idol fici312.api.host eri pitlab riosamn [F5@Malo acl_policy_name=onse acl_policy_type=enatuse acl_rule_name=veritat action=Reject hostname=borios1067.www5.home bigip_mgmt_ip=10.218.15.164 context_name=ntNeque context_type=magnidol date_time=Apr 29 2019 14:43:23 dest_ip=10.56.60.3 dst_geo=aaliq dest_port=2143 device_product=gel device_vendor=modt device_version=1.2031 drop_reason=mvolu errdefs_msgno=agn errdefs_msg_name=eritinvo flow_id=aliq ip_protocol=rdp severity=very-high partition_name=uisautei route_domain=labor sa_translation_pool=ihilmol sa_translation_type=scinge source_ip=10.62.218.239 src_geo=yCiceroi source_port=166 source_user=reh translated_dest_ip=10.73.172.186 translated_dest_port=3510 translated_ip_protocol=itte translated_route_domain=niamquis translated_source_ip=10.203.193.134 translated_source_port=6251 translated_vlan=riosa vlan=7445", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ore ptatema poriss2289.localdomain luptat ficiad saquaea [F5@archi acl_policy_name=caboNe acl_policy_type=ptate acl_rule_name=enimips action=Established hostname=msequ323.www.example bigip_mgmt_ip=10.60.20.76 context_name=seq context_type=uae date_time=May 13 2019 21:45:57 dest_ip=10.244.241.67 dst_geo=quaeabi dest_port=5701 device_product=ost device_vendor=mave device_version=1.2555 drop_reason=aev errdefs_msgno=uovolup errdefs_msg_name=tMaloru flow_id=rum ip_protocol=ipv6-icmp severity=very-high partition_name=ptassita route_domain=ionemul sa_translation_pool=orema sa_translation_type=its source_ip=10.10.46.43 src_geo=stiaec source_port=7346 source_user=nev translated_dest_ip=10.136.211.234 translated_dest_port=4126 translated_ip_protocol=lamcor translated_route_domain=rorsitv translated_source_ip=10.131.127.113 translated_source_port=853 translated_vlan=iamqu vlan=1324", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "mwrit dminimve madminim5473.mail.example reeuf orinrepr tinvo [F5@oru acl_policy_name=ainc acl_policy_type=aeab acl_rule_name=iat action=Closed hostname=tdolorem813.internal.host bigip_mgmt_ip=10.50.177.151 context_name=rsitam context_type=aliqui date_time=May 28 2019 04:48:31 dest_ip=10.206.65.159 dst_geo=fdeFini dest_port=1295 device_product=eetdolo device_vendor=issuscip device_version=1.3291 drop_reason=tqu errdefs_msgno=rinc errdefs_msg_name=hender flow_id=sBonor ip_protocol=rdp severity=high partition_name=ercitati route_domain=lapa sa_translation_pool=enia sa_translation_type=atis source_ip=10.233.181.250 src_geo=isiuta source_port=2868 source_user=ugiatq translated_dest_ip=10.187.237.220 translated_dest_port=7744 translated_ip_protocol=eumfu translated_route_domain=remap translated_source_ip=10.248.0.74 translated_source_port=6349 translated_vlan=tru vlan=2520", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "isautem eiusm assit1598.www5.invalid archite eruntm iades [F5@mremape acl_policy_name=nimad acl_policy_type=ionemu acl_rule_name=nul action=Established hostname=volupt4626.internal.test bigip_mgmt_ip=10.189.43.11 context_name=asper context_type=eeu date_time=Jun 11 2019 11:51:06 dest_ip=10.193.169.102 dst_geo=olab dest_port=629 device_product=olore device_vendor=mSecti device_version=1.2859 drop_reason=idid errdefs_msgno=ela errdefs_msg_name=fugits flow_id=litseddo ip_protocol=igmp severity=medium partition_name=ptasn route_domain=amrem sa_translation_pool=umdolor sa_translation_type=iamq source_ip=10.248.248.120 src_geo=ationemu source_port=1282 source_user=iatn translated_dest_ip=10.96.223.46 translated_dest_port=3654 translated_ip_protocol=pern translated_route_domain=ptasn translated_source_ip=10.80.129.81 translated_source_port=4827 translated_vlan=tat vlan=5084", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eruntmo lumdolo urmagnid2749.api.host imip taspe siutaliq [F5@turadipi acl_policy_name=tMalo acl_policy_type=veni acl_rule_name=rspi action=Closed hostname=ntium5103.www5.localhost bigip_mgmt_ip=10.66.106.186 context_name=uatD context_type=reh date_time=Jun 25 2019 18:53:40 dest_ip=10.36.14.238 dst_geo=metco dest_port=4740 device_product=ilmoles device_vendor=xeaco device_version=1.1910 drop_reason=ccaecat errdefs_msgno=radip errdefs_msg_name=secil flow_id=totamr ip_protocol=udp severity=very-high partition_name=iciat route_domain=uira sa_translation_pool=orio sa_translation_type=mseq source_ip=10.102.109.199 src_geo=iono source_port=2061 source_user=tNequ translated_dest_ip=10.173.114.63 translated_dest_port=5877 translated_ip_protocol=tatisetq translated_route_domain=eabilloi translated_source_ip=10.91.115.139 translated_source_port=412 translated_vlan=eroi vlan=2077", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "riatur amrema illum2978.internal.home rumetMa entor urere [F5@involu acl_policy_name=qui acl_policy_type=aliqu acl_rule_name=sita action=Drop hostname=orpori3334.www.local bigip_mgmt_ip=10.198.157.122 context_name=ncu context_type=quatu date_time=Jul 10 2019 01:56:14 dest_ip=10.239.90.72 dst_geo=iratio dest_port=7700 device_product=its device_vendor=agn device_version=1.3690 drop_reason=ntmo errdefs_msgno=iur errdefs_msg_name=aboNemo flow_id=tsedquia ip_protocol=udp severity=very-high partition_name=tatiset route_domain=enim sa_translation_pool=gnido sa_translation_type=iamq source_ip=10.159.155.88 src_geo=uisa source_port=7034 source_user=iquipex translated_dest_ip=10.0.175.17 translated_dest_port=5236 translated_ip_protocol=tempori translated_route_domain=sedquian translated_source_ip=10.221.223.127 translated_source_port=2687 translated_vlan=ira vlan=3007", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "idolor umdo sequatu7142.internal.corp ipsaqu asun rsitam [F5@magn acl_policy_name=amcola acl_policy_type=eumiurer acl_rule_name=umf action=Established hostname=equu7361.www5.localdomain bigip_mgmt_ip=10.30.20.187 context_name=rsinto context_type=nonnumqu date_time=Jul 24 2019 08:58:48 dest_ip=10.103.47.100 dst_geo=chitect dest_port=5316 device_product=fug device_vendor=ulpaq device_version=1.6302 drop_reason=piscivel errdefs_msgno=ueporr errdefs_msg_name=udex flow_id=ipexeac ip_protocol=tcp severity=low partition_name=isci route_domain=archi sa_translation_pool=rsitame sa_translation_type=qui source_ip=10.7.212.201 src_geo=ion source_port=949 source_user=ugiat translated_dest_ip=10.252.136.130 translated_dest_port=5601 translated_ip_protocol=expl translated_route_domain=animi translated_source_ip=10.189.70.237 translated_source_port=1457 translated_vlan=tnul vlan=24", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "radip amremap dolorsit64.www.local uredo uamni nisi [F5@onsecte acl_policy_name=iono acl_policy_type=secillum acl_rule_name=sequatD action=Established hostname=tse2979.internal.localhost bigip_mgmt_ip=10.242.121.165 context_name=aut context_type=eriti date_time=Aug 07 2019 16:01:23 dest_ip=10.88.229.78 dst_geo=imadmi dest_port=2642 device_product=tevelite device_vendor=cto device_version=1.2037 drop_reason=mquiado errdefs_msgno=agn errdefs_msg_name=dip flow_id=urmag ip_protocol=tcp severity=high partition_name=laboreet route_domain=tutlabo sa_translation_pool=incid sa_translation_type=der source_ip=10.83.105.69 src_geo=usm source_port=2153 source_user=mni translated_dest_ip=10.102.109.194 translated_dest_port=2324 translated_ip_protocol=nor translated_route_domain=saut translated_source_ip=10.60.224.93 translated_source_port=1508 translated_vlan=deomnis vlan=354", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tla nimve edutpe1255.internal.lan nimadm cepte paquioff [F5@ictasun acl_policy_name=iumto acl_policy_type=ciun acl_rule_name=prehe action=Accept hostname=uisnostr2390.mail.domain bigip_mgmt_ip=10.251.167.219 context_name=eaco context_type=oremeu date_time=Aug 21 2019 23:03:57 dest_ip=10.14.251.18 dst_geo=tenbyCi dest_port=4371 device_product=citation device_vendor=spernatu device_version=1.7314 drop_reason=giatq errdefs_msgno=tion errdefs_msg_name=tNeque flow_id=uidolore ip_protocol=rdp severity=medium partition_name=usB route_domain=magnaali sa_translation_pool=istenatu sa_translation_type=roqui source_ip=10.17.20.93 src_geo=eritqu source_port=4368 source_user=Uteni translated_dest_ip=10.181.134.69 translated_dest_port=551 translated_ip_protocol=norum translated_route_domain=emUten translated_source_ip=10.219.174.45 translated_source_port=4055 translated_vlan=idolo vlan=968", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "mmodicon nisis edquia4523.www.host remap ntium veniamqu [F5@equat acl_policy_name=reeu acl_policy_type=atemacc acl_rule_name=rsitvolu action=Accept hostname=luptate4811.mail.example bigip_mgmt_ip=10.30.117.82 context_name=destlabo context_type=fficia date_time=Sep 05 2019 06:06:31 dest_ip=10.245.75.229 dst_geo=elaud dest_port=4916 device_product=eaqueip device_vendor=emUten device_version=1.596 drop_reason=itseddoe errdefs_msgno=iti errdefs_msg_name=evitaedi flow_id=ionulamc ip_protocol=tcp severity=high partition_name=culp route_domain=Ciceroin sa_translation_pool=aeco sa_translation_type=olores source_ip=10.223.99.90 src_geo=adminim source_port=4324 source_user=numqua translated_dest_ip=10.28.233.253 translated_dest_port=1159 translated_ip_protocol=mUten translated_route_domain=eursint translated_source_ip=10.37.14.20 translated_source_port=6531 translated_vlan=teurs vlan=4919", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "aaliq nos uaUteni562.www.test deF dutpe tseddoei [F5@byCi acl_policy_name=odic acl_policy_type=chitecto acl_rule_name=nimadm action=Closed hostname=lites1614.www.corp bigip_mgmt_ip=10.125.20.22 context_name=olu context_type=ectet date_time=Sep 19 2019 13:09:05 dest_ip=10.121.189.113 dst_geo=tess dest_port=4686 device_product=xeacom device_vendor=adminim device_version=1.95 drop_reason=henderi errdefs_msgno=rainc errdefs_msg_name=dminim flow_id=sse ip_protocol=tcp severity=high partition_name=umexe route_domain=Sedu sa_translation_pool=tetur sa_translation_type=ern source_ip=10.50.61.114 src_geo=nvento source_port=649 source_user=qua translated_dest_ip=10.57.85.113 translated_dest_port=1024 translated_ip_protocol=itquii translated_route_domain=psu translated_source_ip=10.8.32.17 translated_source_port=3788 translated_vlan=nem vlan=5883", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "sitasper agni ivelit1640.internal.lan iscive prehende volup [F5@nimi acl_policy_name=niamqu acl_policy_type=uioffi acl_rule_name=suntin action=Closed hostname=lorinrep7686.mail.corp bigip_mgmt_ip=10.200.28.55 context_name=ineavol context_type=abor date_time=Oct 03 2019 20:11:40 dest_ip=10.232.122.152 dst_geo=voluptat dest_port=1549 device_product=ipi device_vendor=lamcor device_version=1.3064 drop_reason=litesse errdefs_msgno=tam errdefs_msg_name=uovo flow_id=scivelit ip_protocol=icmp severity=low partition_name=empo route_domain=apa sa_translation_pool=colab sa_translation_type=sistenat source_ip=10.215.224.27 src_geo=Sedutper source_port=6726 source_user=ficiade translated_dest_ip=10.113.78.101 translated_dest_port=2707 translated_ip_protocol=amqua translated_route_domain=nsequatu translated_source_ip=10.181.63.82 translated_source_port=168 translated_vlan=tse vlan=4029", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ueip amvo dolorsi306.www5.local tten erit asiarch [F5@tob acl_policy_name=tiae acl_policy_type=imipsamv acl_rule_name=doeiu action=Established hostname=nderit6272.mail.example bigip_mgmt_ip=10.177.14.106 context_name=natuser context_type=olupt date_time=Oct 18 2019 03:14:14 dest_ip=10.239.142.115 dst_geo=nsec dest_port=6720 device_product=siarchi device_vendor=etq device_version=1.4522 drop_reason=archit errdefs_msgno=nde errdefs_msg_name=tNequepo flow_id=byCicer ip_protocol=ipv6 severity=medium partition_name=ipit route_domain=tdolorem sa_translation_pool=nderitin sa_translation_type=mquiado source_ip=10.169.95.128 src_geo=reeufugi source_port=7737 source_user=ofd translated_dest_ip=10.139.20.223 translated_dest_port=114 translated_ip_protocol=porincid translated_route_domain=tisetqu translated_source_ip=10.243.43.168 translated_source_port=2110 translated_vlan=ehenderi vlan=2215", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ipsu iden oreseo1541.mail.domain boriosam lites col [F5@litsedd acl_policy_name=mnis acl_policy_type=ainci acl_rule_name=aturve action=Established hostname=ntu1279.mail.lan bigip_mgmt_ip=10.92.168.198 context_name=rume context_type=uptate date_time=Nov 01 2019 10:16:48 dest_ip=10.115.225.57 dst_geo=orsit dest_port=3315 device_product=mnis device_vendor=tametco device_version=1.7456 drop_reason=inc errdefs_msgno=rroqui errdefs_msg_name=amr flow_id=mfug ip_protocol=tcp severity=low partition_name=mid route_domain=henderi sa_translation_pool=consec sa_translation_type=dquia source_ip=10.90.93.4 src_geo=rehe source_port=3382 source_user=adminima translated_dest_ip=10.39.100.88 translated_dest_port=5195 translated_ip_protocol=lup translated_route_domain=rsi translated_source_ip=10.18.176.44 translated_source_port=7284 translated_vlan=Utenimad vlan=4305", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Bon amquisno mullam6505.www.localhost siarch oloremi ididu [F5@uov acl_policy_name=ncidid acl_policy_type=audantiu acl_rule_name=lmolest action=Reject hostname=essequam1161.domain bigip_mgmt_ip=10.49.68.8 context_name=temUte context_type=idest date_time=Nov 15 2019 17:19:22 dest_ip=10.8.247.249 dst_geo=enimip dest_port=3957 device_product=ataevit device_vendor=ficiad device_version=1.2909 drop_reason=taspe errdefs_msgno=empori errdefs_msg_name=mipsum flow_id=tium ip_protocol=tcp severity=very-high partition_name=ota route_domain=boriosa sa_translation_pool=eprehen sa_translation_type=rehen source_ip=10.163.203.191 src_geo=exeacom source_port=2599 source_user=tlab translated_dest_ip=10.193.43.135 translated_dest_port=4650 translated_ip_protocol=iaeconse translated_route_domain=onevol translated_source_ip=10.173.13.179 translated_source_port=1211 translated_vlan=ptasn vlan=3791", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ctetur amqui itatise2264.invalid lup cipitla niam [F5@mullamc acl_policy_name=umtota acl_policy_type=ssecil acl_rule_name=xplic action=Closed hostname=cipitl2184.localdomain bigip_mgmt_ip=10.240.47.113 context_name=uisnost context_type=snul date_time=Nov 30 2019 00:21:57 dest_ip=10.191.241.249 dst_geo=Loremips dest_port=4361 device_product=tiset device_vendor=ciade device_version=1.7726 drop_reason=equ errdefs_msgno=rror errdefs_msg_name=Exce flow_id=uae ip_protocol=ggp severity=high partition_name=umdol route_domain=nseq sa_translation_pool=autodita sa_translation_type=loreme source_ip=10.84.64.28 src_geo=par source_port=3938 source_user=ull translated_dest_ip=10.209.226.7 translated_dest_port=7745 translated_ip_protocol=aeabi translated_route_domain=ore translated_source_ip=10.31.147.51 translated_source_port=7780 translated_vlan=ptate vlan=3154", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "fugit dantiu ntutla1447.invalid strude rautodi Loremips [F5@mestqui acl_policy_name=tect acl_policy_type=odtem acl_rule_name=ite action=Closed hostname=item3647.home bigip_mgmt_ip=10.32.20.4 context_name=olupta context_type=dents date_time=Dec 14 2019 07:24:31 dest_ip=10.166.40.137 dst_geo=oremipsu dest_port=5644 device_product=idolor device_vendor=tionem device_version=1.292 drop_reason=oinB errdefs_msgno=tateve errdefs_msg_name=rsitvo flow_id=enatuser ip_protocol=tcp severity=high partition_name=sistena route_domain=reetdolo sa_translation_pool=psam sa_translation_type=litseddo source_ip=10.225.189.229 src_geo=odtem source_port=2287 source_user=odtemp translated_dest_ip=10.86.1.244 translated_dest_port=7101 translated_ip_protocol=rinci translated_route_domain=uamestqu translated_source_ip=10.52.13.192 translated_source_port=4714 translated_vlan=remagna vlan=439", "tags": [ diff --git a/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml b/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml index 83abac1b4c9..a982bb37360 100644 --- a/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Big-IP Advanced Firewall Manager processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/f5/data_stream/bigipafm/sample_event.json b/packages/f5/data_stream/bigipafm/sample_event.json index 8fd740debdb..7a3a169d594 100644 --- a/packages/f5/data_stream/bigipafm/sample_event.json +++ b/packages/f5/data_stream/bigipafm/sample_event.json @@ -23,7 +23,7 @@ "port": 2288 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json b/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json index c7952fa52ed..68fd323f1ea 100644 --- a/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 2016/01/29 06:09:59 aliqu high equepor[6720]: 01490106: :dolore: sequa: AD module: authentication with 'abo' failed: Preauthentication failed, principal name: squira. success reeufugi", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2016/02/12 13:12:33 billoi medium orev[6153]: 01490504: :tatemU: deF: sist1803.mail.local can not be resolved.", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2016/02/26 20:15:08 aqui low sSMTP[1166]: isetq", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 2016/03/12 03:17:42 seq high crond[5738]: (ccaecat) veleumi", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 2016/03/26 10:20:16 ude very-high veri[5990]: 01490113: :tempo: inv: session.user.clientip is 10.134.175.248", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2016/04/09 17:22:51 lupta low rsitvolu[2044]: 01490128: :pori: occ: Webtop ect assigned", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2016/04/24 00:25:25 aedic high gni: [syslog-ng]", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 2016/05/08 07:27:59 labor low isqu: 01490167: :uis: Current snapshot ID: idolore updated inside session db for access profile: onse", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 2016/05/22 14:30:33 metcon low emeumfug[6823]: 01490505: :emporinc: untutlab: tem", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 2016/06/05 21:33:08 tessec very-high ali[6446]: sSMTP: ", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 2016/06/20 04:35:42 riat medium atvol[98]: 014d0044: :uames: tati", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 2016/07/04 11:38:16 sinto very-high CSed[2857]: 01490514: :utlabore: ecillu: Access encountered error: success. File: mnisist, Function: deny, Line: icons", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 2016/07/18 18:40:50 lum high CROND[1675]: (sitvolup) CMD (cancel)", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2016/08/02 01:43:25 uipe very-high siarchi[2289]: 01490500: :aliqu: olupta:mipsumd:eFinib: New session from client IP 10.204.123.107 (ST=saute/CC=ercit/C=usmodt) at VIP 10.225.160.182 Listener mque", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2016/08/16 08:45:59 dol high quiratio[3386]: 01490511: :tisetq: tevelite: Initializing Access profile orporiss with max concurrent user sessions limit: 4739", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2016/08/30 15:48:33 paquioff medium derit[4688]: 01490544: :hende: piscin: Received client info - https://mail.example.com/laboree/tfu.html?liqu=eporr#xeacomm", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 2016/09/13 22:51:07 fugiatnu high tobea[2364]: 014d0001: :tateve: ctx: itinvol, SERVER : eavolup", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 2016/09/28 05:53:42 remag very-high abor[5983]: 01490103: :tquiin: tse: Retry Username 'tenimad'", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 2016/10/12 12:56:16 niamqui low amcol[5625]: 01490113: :ipisci: gitsed: session.server.network.port is 4374", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 2016/10/26 19:58:50 nturma low cusant[4946]: 01490106: :etur: itecto: AD module: authentication with 'reetdol' failed: Preauthentication failed, principal name: totamre. success ercita", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2016/11/10 03:01:24 proiden medium mvele[5737]: 014d0044: :aco: tio", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2016/11/24 10:03:59 quaea very-high mvel[1188]: 01490520: :porinc: tetur: xce", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 2016/12/08 17:06:33 aincidu very-high uaeab[5960]: 01490008: :licabo: enimadmi: Connectivity resource utaliqu assigned", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 2016/12/23 00:09:07 cola high oremi[1485]: 01490128: :ineavol: iosa: Webtop boNemoe assigned", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 2017/01/06 07:11:41 Nequepor medium rem[5461]: 01490538: :esseq: adminima: Configuration snapshot deleted by Access.", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 2017/01/20 14:14:16 ptateve very-high miurerep: 01490165: :toccaec: Access profile: fugi initialized with configuration snapshot catalog: labo", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2017/02/03 21:16:50 sBono high equ[4808]: 01490005: :amvo: siuta: Following rule urmagn from item dquia to ending temporin", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2017/02/18 04:19:24 iruredol very-high derit[5270]: 01490106: :atquo: cupi: AD module: authentication with 'strude' failed in allow: Preauthentication failed, principal name: dunt. success yCic", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 2017/03/04 11:21:59 unte very-high ueipsa[748]: 011f0005: :cti: failure (Client side: vip=https://www5.example.com/olli/rever.html?rsp=oluptat#metco profile=ipv6-icmp pool=edolorin client_ip=10.104.110.134)", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 2017/03/18 18:24:33 ptasnula high syslog-ng[2638]: ill", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2017/04/02 01:27:07 caboNem medium laudan[7589]: 01490107: :oconse: mag: AD module: authentication with 'tob' failed: Client 'dolores2519.mail.host' not found in Kerberos database, principal name:deF itempo", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2017/04/16 08:29:41 meaque high mip[5899]: 01490107: :lamc: mvolupta: AD module: authentication with 'Utenima' failed: Clients credentials have been revoked, principal name: iqua@luptat2979.internal.local. unknown cididu", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2017/04/30 15:32:16 atDuis medium nisiut: 01490166: :rumwri: Current snapshot ID: velill retrieved from session db for access profile: ore", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 2017/05/14 22:34:50 uptat high amquisno: 0149016b: :uido: Completed snapshot creation: tla for access profile: mquiad", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 2017/05/29 05:37:24 atur very-high ditau[4727]: 01490514: :piscivel: hend: Access encountered error: success. File: cepteur, Function: accept, Line: maliqu", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 2017/06/12 12:39:58 acon very-high sun[5971]: 01490501: :labori: porai: umiure", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 2017/06/26 19:42:33 eufug low uido[4318]: 01490500: :ici: snulap: New session from client IP 10.122.204.151 (ST=writte/CC=sitvo/C=ine) at VIP 10.169.101.161 Listener itessequ", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 2017/07/11 02:45:07 udan low essequam[3682]: 01490113: :urQuis: etcon: session.server.network.protocol is onsequu", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 2017/07/25 09:47:41 gelitse very-high arc[2412]: 01490013: :radip: upta: AD agent: Retrieving AAA server: tetura", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2017/08/08 16:50:15 imavenia low mquido[5899]: 01490517: :rnat: rur: success", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2017/08/22 23:52:50 nonn high met[1580]: 01420002: : AUDIT - pid=2037 user=ptate folder=entsu module=conse status=failure cmd_data=ntut", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 2017/09/06 06:55:24 iconsequ high idunt[571]: 01490549: :siuta: atev: Assigned PPP Dynamic IPv4: 10.6.32.7 Tunnel Type: exerci inesciu Resource: quid Client IP: 10.198.70.58 - orem", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 2017/09/20 13:57:58 reetdo medium lup[5051]: 01260009: :eos: Connection error:ipitlabo", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 2017/10/04 21:00:32 reprehen very-high syslog-ng[6438]: imid", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 2017/10/19 04:03:07 sunt very-high aturQu[7083]: 01490128: :tDuis: iqu: Webtop oriosamn assigned", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2017/11/02 11:05:41 iquip very-high sedquian[4212]: 01490004: :etdolore: magnaa: Executed agent 'sumquiad', return value iusmodt", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2017/11/16 18:08:15 equam low eaqueip[5207]: 01490538: :aevitaed: byCic: Configuration snapshot deleted by Access.", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 2017/12/01 01:10:49 xerc high eturad[1760]: 01490506: :nvol: enimadmi: Received User-Agent header: mobmail android 2.1.3.3150", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 2017/12/15 08:13:24 sumdolo medium rors[1935]: 01490538: :oremque: quaU: Configuration snapshot deleted by Access.", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 2017/12/29 15:15:58 ioff medium quioff: 0149016a: :iuntN: Initiating snapshot creation: ipis for access profile: itautfu", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 2018/01/12 22:18:32 rchit medium roquisqu[5924]: 01490005: :iquid: evo: Following rule mcorpori from item mqu to ending pteursi", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 2018/01/27 05:21:06 itessequ low fdeFinib[2580]: 01490128: :sumd: sectetur: Webtop edquian assigned", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2018/02/10 12:23:41 quiav low rit: 0149016a: :eumfu: Initiating snapshot creation: lors for access profile: oluptat", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2018/02/24 19:26:15 oeiusmo very-high cusanti[5019]: 01420002: : AUDIT - pid=4996 user=rem folder=tseddoei module=teursint status=success cmd_data=remagnaa", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 2018/03/11 02:28:49 ore low ovolupta: 0149016b: :volup: Completed snapshot creation: macc for access profile: ria", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 2018/03/25 09:31:24 uisau high irat[2943]: 01490549: :emsequi: ueporroq: Assigned PPP Dynamic IPv4: 10.142.213.80 Tunnel Type: tationu gnaaliq Resource: olore Client IP: 10.16.181.60 - ameaquei", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2018/04/08 16:33:58 liq low mvolupta: syslog-ng: ", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2018/04/22 23:36:32 exe high illum[2625]: 01490101: :emi: reprehen: Access profile: tvol configuration has been applied. Newly active generation count is: 5959", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 2018/05/07 06:39:06 iumt medium nulapari[1973]: 01490500: :tsunt: rnat:oremi:ectobeat: New session from client IP 10.187.64.126 (ST=uasiarch/CC=Malor/C=boriosa) at VIP 10.47.99.72 Listener upt (Reputation=oremipsu)", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 2018/05/21 13:41:41 sint low auditd[3376]: ctobeat", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 2018/06/04 20:44:15 lorumw high tdolo[3872]: syslog-ng: ", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 2018/06/19 03:46:49 namaliqu medium aeca[4543]: 014d0044: :autemv: sciveli", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 2018/07/03 10:49:23 piciati medium ntin[4646]: 01260009: :rcitat: Connection error:cinge", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 2018/07/17 17:51:58 iqui low litani[3126]: 01490142: :itanimi: onoru: data", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2018/08/01 00:54:32 uptatem high ruredol: 01490079: :iadeseru: loremagn: Access policy 'acons' configuration has changed.Access profile 'nimadmi' configuration changes need to be applied for the new configuration", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2018/08/15 07:57:06 lupt very-high eavolupt: 01490167: :uipe: Current snapshot ID: ipsa updated inside session db for access profile: con", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2018/08/29 14:59:40 nesciu low ssequ[4877]: 01490008: :emse: emqui: Connectivity resource cipitla assigned", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 2018/09/12 22:02:15 ionevo high ptate[52]: 01490102: :uira: todita: Access policy result: failure", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 2018/09/27 05:04:49 iqu low tatis[7767]: 01490113: :reeufugi: sequines: session.server.network.protocol is minimve", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 2018/10/11 12:07:23 aborio low setquas: 014d0002: :nbyCi: runtmoll: SSOv2 Logon failed, config busBon form norumetM", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 2018/10/25 19:09:57 billoinv high deomn[904]: 01490113: :mali: roinBCSe: session.server.network.port is 3959", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2018/11/09 02:12:32 rch high sedd: 01490079: :atione: tvolup: Access policy 'oremeu' configuration has changed.Access profile 'lab' configuration changes need to be applied for the new configuration", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2018/11/23 09:15:06 urau medium upt[4762]: 01490538: :itaedict: eroi: Configuration snapshot deleted by Access.", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 2018/12/07 16:17:40 reetdo low nidol[4345]: 01490113: :writtenb: atevelit: session.server.listener.name is ugitsed", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 2018/12/21 23:20:14 uatDuisa high ano[4054]: 01490102: :uunturm: iatn: Access policy result: unknown", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 2019/01/05 06:22:49 psum very-high exerci[3923]: 01490113: :lumqu: moen: session.oinvento", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 2019/01/19 13:25:23 volup very-high crond[4071]: (iconsequ) CMD (block)", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2019/02/02 20:27:57 archite high rem[6473]: 01490008: :emp: inBC: Connectivity resource did assigned", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2019/02/17 03:30:32 etconse medium uinesci: 0149016a: :otamr: Initiating snapshot creation: tsed for access profile: rExc", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 2019/03/03 10:33:06 omnisis very-high uptatema[7023]: 01490501: :stiaec: Cicero: ven", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 2019/03/17 17:35:40 cons low ine[870]: 011f0005: :amquisn: success (Client side: vip=https://example.net/equamn/scipi.txt?eiu=maliquam#gnama profile=rdp pool=squamest client_ip=10.24.113.101)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2019/04/01 00:38:14 uelaudan low teiru[4918]: 014d0044: :orinrep: pta", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2019/04/15 07:40:49 sis very-high rchite[7405]: 01490521: :rvelill: rors: Session statistics - bytes in:6092, bytes out: 1363", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2019/04/29 14:43:23 Nequepo high CROND[2977]: (emac) CMD (cancel)", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 2019/05/13 21:45:57 isci high ugiatn: 0149016b: :squa: Completed snapshot creation: deseru for access profile: aquioff", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 2019/05/28 04:48:31 onsequat high giatq[7733]: 01490106: :imad: tura: AD module: authentication with 'equuntur' failed: Preauthentication failed, principal name: rve. success mqua", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 2019/06/11 11:51:06 utlabore very-high exea[2867]: 01490008: :amquisn: itquii: Connectivity resource imaven assigned", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 2019/06/25 18:53:40 lloinve low nim[7673]: 01490511: :edquiac: psamvolu: Initializing Access profile teturad with max concurrent user sessions limit: 7783", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 2019/07/10 01:56:14 tatemse low vitae[72]: 01490000: :samvolu: dip", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 2019/07/24 08:58:48 Dui medium nostrude[7057]: 01490007: :ione: ecillum: Session variable 'maccu' set to ame", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2019/08/07 16:01:23 reprehe medium enimipsa[2698]: 01490521: :samn: quisnos: Session statistics - bytes in:2132, bytes out: 2552", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2019/08/21 23:03:57 Nequepor low temseq[613]: 01490019: :ostrumex: suscipi: AD agent: Query: query with '(sAMAccountName=xplicabo)' successful", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 2019/09/05 06:06:31 ameaquei very-high uelaud[1306]: 01490544: :ameiu: utei: Received client info - https://internal.example.net/lumquid/oluptat.jpg?equepor=iosamn#erspicia", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 2019/09/19 13:09:05 psumqui high ncu: 01490079: :quaturve: ciad: Access policy 'diconseq' configuration has changed.Access profile 'utod' configuration changes need to be applied for the new configuration", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 2019/10/03 20:11:40 giatquo low dipisciv[5944]: 01490013: :atquo: umetMa: AD agent: Retrieving AAA server: ngelitse", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 2019/10/18 03:14:14 tem very-high giatnula[71]: Rule: enimadmi \u003c\u003cqui\u003e: APM_EVENT=deny | aecon | sedq ***failure***", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2019/11/01 10:16:48 erc low tasnu: [syslog-ng]", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2019/11/15 17:19:22 ationevo very-high datatno[3538]: 01490019: :siar: orisnis: AD agent: Query: query with '(sAMAccountName=texp)' successful", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2019/11/30 00:21:57 pidat very-high sSMTP[6673]: ptateve", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 2019/12/14 07:24:31 olupta medium oremagn[2121]: 01490106: :itseddo: uptatev: AD module: authentication with 'oditem' failed in allow: Preauthentication failed, principal name: inimaven. failure olor", "tags": [ diff --git a/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml b/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml index 18ba4c488a5..ffff66fbbf9 100644 --- a/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Big-IP Access Policy Manager processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/f5/data_stream/bigipapm/sample_event.json b/packages/f5/data_stream/bigipapm/sample_event.json index 9cc483e9154..671fb995a1e 100644 --- a/packages/f5/data_stream/bigipapm/sample_event.json +++ b/packages/f5/data_stream/bigipapm/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/f5/manifest.yml b/packages/f5/manifest.yml index 5293560f166..87ba8b8e9c7 100644 --- a/packages/f5/manifest.yml +++ b/packages/f5/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: f5 title: F5 Logs -version: 0.9.0 +version: "0.10.0" description: Collect and parse logs from F5 devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/fim/_dev/build/build.yml b/packages/fim/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/fim/_dev/build/build.yml +++ b/packages/fim/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/fim/changelog.yml b/packages/fim/changelog.yml index e07ad471d73..f235f4eee2d 100644 --- a/packages/fim/changelog.yml +++ b/packages/fim/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.0" changes: - description: "Make GA and compatible with 8.2" diff --git a/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 6f32ffadf52..ca371c9f2e4 100644 --- a/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing auditd events processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 on_failure: - set: field: error.message diff --git a/packages/fim/data_stream/event/sample_event.json b/packages/fim/data_stream/event/sample_event.json index cad238a1e24..77a47bdb8b5 100644 --- a/packages/fim/data_stream/event/sample_event.json +++ b/packages/fim/data_stream/event/sample_event.json @@ -8,7 +8,7 @@ "version": "8.3.0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7e061f66-bf86-41e2-858d-d5cbe22e06b1", diff --git a/packages/fim/docs/README.md b/packages/fim/docs/README.md index 085ddf82b7a..ec621972e13 100644 --- a/packages/fim/docs/README.md +++ b/packages/fim/docs/README.md @@ -34,7 +34,7 @@ An example event for `event` looks as following: "version": "8.3.0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7e061f66-bf86-41e2-858d-d5cbe22e06b1", diff --git a/packages/fim/manifest.yml b/packages/fim/manifest.yml index c3e5b35b589..8478863d11c 100644 --- a/packages/fim/manifest.yml +++ b/packages/fim/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fim title: "File Integrity Monitoring" -version: 1.0.0 +version: "1.1.0" license: basic release: ga description: "The File Integrity Monitoring integration reports filesystem changes in real time." diff --git a/packages/fireeye/_dev/build/build.yml b/packages/fireeye/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/fireeye/_dev/build/build.yml +++ b/packages/fireeye/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/fireeye/changelog.yml b/packages/fireeye/changelog.yml index 7acd6dcf3c2..79eb2dcab9b 100644 --- a/packages/fireeye/changelog.yml +++ b/packages/fireeye/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.5.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.4.0" changes: - description: Add JA3/JA3S to `related.hash` diff --git a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json index 221d5a84a86..8e247f84c94 100644 --- a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json +++ b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json @@ -10,7 +10,7 @@ "port": 10001 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -144,7 +144,7 @@ "port": 10001 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -217,7 +217,7 @@ "port": 5938 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -299,7 +299,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -370,7 +370,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -485,7 +485,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -593,7 +593,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml b/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml index 4e8f31ac8ed..c1d36cb4bbf 100644 --- a/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing FireEye NX logs processors: - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: observer.vendor value: "Fireeye" diff --git a/packages/fireeye/data_stream/nx/sample_event.json b/packages/fireeye/data_stream/nx/sample_event.json index 272ffcf6212..82e546ae4e2 100644 --- a/packages/fireeye/data_stream/nx/sample_event.json +++ b/packages/fireeye/data_stream/nx/sample_event.json @@ -20,7 +20,7 @@ "port": 10001 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2411eb51-1c57-41d1-962f-cd06ac57198b", diff --git a/packages/fireeye/docs/README.md b/packages/fireeye/docs/README.md index 81b7470f208..1ff07b82993 100644 --- a/packages/fireeye/docs/README.md +++ b/packages/fireeye/docs/README.md @@ -194,7 +194,7 @@ An example event for `nx` looks as following: "port": 10001 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2411eb51-1c57-41d1-962f-cd06ac57198b", diff --git a/packages/fireeye/manifest.yml b/packages/fireeye/manifest.yml index ff214315adc..e4af163560e 100644 --- a/packages/fireeye/manifest.yml +++ b/packages/fireeye/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fireeye title: "Fireeye" -version: 1.4.0 +version: "1.5.0" license: basic description: "This Elastic integration collects Fireeye NX logs." type: integration diff --git a/packages/fortinet/_dev/build/build.yml b/packages/fortinet/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/fortinet/_dev/build/build.yml +++ b/packages/fortinet/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/fortinet/changelog.yml b/packages/fortinet/changelog.yml index fb461917b25..91c7de1df03 100644 --- a/packages/fortinet/changelog.yml +++ b/packages/fortinet/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.6.2" changes: - description: Update readme diff --git a/packages/fortinet/data_stream/clientendpoint/_dev/test/pipeline/test-generated.log-expected.json b/packages/fortinet/data_stream/clientendpoint/_dev/test/pipeline/test-generated.log-expected.json index 9e78884bb0a..3be1dad933a 100644 --- a/packages/fortinet/data_stream/clientendpoint/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/fortinet/data_stream/clientendpoint/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 29 06:09:59 boNemoe4402.www.invalid proto=udp service=http status=deny src=10.150.92.220 dst=10.102.123.34 src_port=7178 dst_port=3994 server_app=reeufugi pid=7880 app_name=enderitq traff_direct=external block_count=5286 logon_user=sumdo@litesse6379.api.domain msg=failure", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 12 13:12:33 olupt4880.api.home proto=icmp service=https status=deny src=10.33.212.159 dst=10.149.203.46 src_port=2789 dst_port=5861 server_app=vol pid=4539 app_name=uidolor traff_direct=internal block_count=4402 logon_user=mipsumq@gnaali6189.internal.localhost msg=unknown", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 26 20:15:08 aqu1628.internal.domain proto=ipv6-icmp service=smtp status=deny src=10.173.116.41 dst=10.118.175.9 src_port=3710 dst_port=2802 server_app=aer pid=445 app_name=nse traff_direct=unknown block_count=7019 logon_user=uame@quis1130.internal.corp msg=success", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 12 03:17:42 tinculp2940.internal.local proto=ggp service=https status=deny src=10.134.137.177 dst=10.202.204.154 src_port=7868 dst_port=3587 server_app=amco pid=5712 app_name=psumquia traff_direct=unknown block_count=2458 logon_user=orsitame@reprehe189.internal.home msg=success", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 26 10:20:16 rad2103.api.domain proto=ipv6-icmp service=pop3 status=deny src=10.245.142.250 dst=10.70.0.60 src_port=5408 dst_port=4982 server_app=estqui pid=6557 app_name=magn traff_direct=inbound block_count=2638 logon_user=eos@enimad2283.internal.domain msg=failure", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 9 17:22:51 enim5316.www5.local proto=ipv6-icmp service=smtp status=deny src=10.202.72.124 dst=10.200.188.142 src_port=4665 dst_port=7143 server_app=omnis pid=2061 app_name=eip traff_direct=external block_count=513 logon_user=iusmodt@doloreeu3553.www5.home msg=unknown", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 24 00:25:25 reetdolo2770.www5.local proto=tcp service=pop3 status=deny src=10.12.44.169 dst=10.214.225.125 src_port=5710 dst_port=2121 server_app=inBCSedu pid=5722 app_name=tanimi traff_direct=outbound block_count=6071 logon_user=erep@iutal13.api.localdomain msg=failure", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 8 07:27:59 isiu1114.internal.corp proto=icmp service=http status=deny src=10.66.108.11 dst=10.198.136.50 src_port=6875 dst_port=2089 server_app=ipis pid=5037 app_name=ari traff_direct=unknown block_count=3856 logon_user=uptatev@uovol492.www.localhost msg=unknown", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 22 14:30:33 usmodte1296.www.corp proto=igmp service=ms-wbt-server status=deny src=10.178.244.31 dst=10.69.20.77 src_port=3857 dst_port=7579 server_app=nonnu pid=776 app_name=riat traff_direct=unknown block_count=5575 logon_user=umdolor@osquir6997.corp msg=failure", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 5 21:33:08 tatno4987.www5.localhost proto=ggp service=pop3 status=deny src=10.54.231.100 dst=10.203.5.162 src_port=5616 dst_port=7290 server_app=iam pid=6096 app_name=ciati traff_direct=unknown block_count=3162 logon_user=umdolore@eniam7007.api.invalid msg=success", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 20 04:35:42 tatno6787.internal.localhost proto=icmp service=pop3 status=deny src=10.65.83.160 dst=10.136.252.240 src_port=3592 dst_port=4105 server_app=uradi pid=7307 app_name=essequ traff_direct=outbound block_count=7148 logon_user=ender@snulapar3794.api.domain msg=failure", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 4 11:38:16 essecill2595.mail.local proto=ggp service=http status=deny src=10.57.40.29 dst=10.210.213.18 src_port=7616 dst_port=3970 server_app=atuse pid=2703 app_name=uis traff_direct=internal block_count=6179 logon_user=onse@liq5883.localdomain msg=unknown", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 18 18:40:50 ali6446.localhost proto=udp service=smtp status=deny src=10.144.82.69 dst=10.200.156.102 src_port=2896 dst_port=6061 server_app=rporis pid=5166 app_name=par traff_direct=outbound block_count=7041 logon_user=rveli@rsint7026.test msg=success", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2 01:43:25 torev7118.internal.domain proto=ipv6 service=smtp status=deny src=10.109.232.112 dst=10.72.58.135 src_port=5160 dst_port=2382 server_app=fugit pid=7668 app_name=rsitamet traff_direct=internal block_count=1112 logon_user=xea@qua2945.www.local msg=failure", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 16 08:45:59 dolore6103.www5.example proto=udp service=http status=deny src=10.38.22.45 dst=10.72.29.73 src_port=1493 dst_port=203 server_app=piscing pid=1044 app_name=entsu traff_direct=unknown block_count=4979 logon_user=onproide@luptat6494.www.example msg=failure", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 30 15:48:33 errorsi6996.www.domain proto=tcp service=smtp status=deny src=10.70.95.74 dst=10.76.72.111 src_port=6119 dst_port=7388 server_app=emaperi pid=7183 app_name=sumquiad traff_direct=internal block_count=2362 logon_user=ivelits@moenimi6317.internal.invalid msg=failure", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 13 22:51:07 lumquido5839.api.corp proto=ipv6 service=https status=deny src=10.19.201.13 dst=10.73.69.75 src_port=5006 dst_port=6218 server_app=nsec pid=6907 app_name=estqu traff_direct=unknown block_count=2655 logon_user=tat@tion1761.home msg=unknown", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 28 05:53:42 aperia4409.www5.invalid proto=rdp service=ms-wbt-server status=deny src=10.78.151.178 dst=10.84.105.75 src_port=1846 dst_port=98 server_app=uames pid=499 app_name=msequi traff_direct=external block_count=4085 logon_user=iquaUten@santium4235.api.local msg=unknown", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 12 12:56:16 tem2496.api.lan proto=rdp service=ms-wbt-server status=deny src=10.135.233.146 dst=10.25.192.202 src_port=4181 dst_port=6462 server_app=ents pid=1531 app_name=Loremip traff_direct=internal block_count=4610 logon_user=emeumfu@CSed2857.www5.example msg=failure", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 26 19:58:50 eme6710.mail.invalid proto=rdp service=https status=deny src=10.121.219.204 dst=10.104.134.200 src_port=3611 dst_port=2508 server_app=reetd pid=6051 app_name=quae traff_direct=outbound block_count=7084 logon_user=uptat@equep5085.mail.domain msg=failure", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 10 03:01:24 ihilm1669.mail.invalid proto=tcp service=https status=deny src=10.191.105.82 dst=10.225.160.182 src_port=3361 dst_port=4810 server_app=uovolup pid=6994 app_name=llu traff_direct=external block_count=3936 logon_user=eirure@conseq557.mail.lan msg=unknown", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 24 10:03:59 umexerci1284.internal.localdomain proto=rdp service=smtp status=deny src=10.141.44.153 dst=10.161.57.8 src_port=3750 dst_port=2716 server_app=oei pid=5200 app_name=snostrud traff_direct=inbound block_count=3333 logon_user=quisnos@ite2026.www.invalid msg=failure", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 8 17:06:33 adol485.example proto=udp service=https status=deny src=10.153.111.103 dst=10.6.167.7 src_port=4977 dst_port=2022 server_app=taevit pid=3365 app_name=nsecte traff_direct=internal block_count=7424 logon_user=eumfug@lit5929.test msg=success", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 23 00:09:07 evita5008.www.localdomain proto=ggp service=pop3 status=deny src=10.248.204.182 dst=10.134.148.219 src_port=1331 dst_port=4430 server_app=tmo pid=1835 app_name=abi traff_direct=inbound block_count=4168 logon_user=uioffi@oru6938.invalid msg=success", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 6 07:11:41 tsedqu2456.www5.invalid proto=ipv6 service=smtp status=deny src=10.178.77.231 dst=10.163.5.243 src_port=5294 dst_port=4129 server_app=xerc pid=2019 app_name=hitecto traff_direct=unknown block_count=1123 logon_user=liquide@etdol5473.local msg=success", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 20 14:14:16 ris3314.mail.invalid proto=ggp service=smtp status=deny src=10.177.194.18 dst=10.221.89.228 src_port=766 dst_port=2447 server_app=uamei pid=2493 app_name=aera traff_direct=outbound block_count=1747 logon_user=aliquam@nimid893.mail.corp msg=success", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 3 21:16:50 reme622.mail.example proto=icmp service=ms-wbt-server status=deny src=10.241.65.49 dst=10.32.239.1 src_port=3027 dst_port=3128 server_app=dictasu pid=3022 app_name=catc traff_direct=unknown block_count=3522 logon_user=idata@rumwritt6003.host msg=failure", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 18 04:19:24 non3341.mail.invalid proto=ggp service=http status=deny src=10.168.90.81 dst=10.101.57.120 src_port=6866 dst_port=6501 server_app=laboree pid=2328 app_name=intocc traff_direct=internal block_count=5516 logon_user=eporr@xeacomm6855.api.corp msg=success", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 4 11:21:59 ris727.api.local proto=tcp service=ms-wbt-server status=deny src=10.14.211.43 dst=10.130.14.60 src_port=4456 dst_port=2051 server_app=autfu pid=1156 app_name=tessec traff_direct=external block_count=7200 logon_user=litse@icabo4125.mail.domain msg=unknown", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 18 18:24:33 stquido5705.api.host proto=icmp service=http status=deny src=10.60.129.15 dst=10.248.101.25 src_port=106 dst_port=5740 server_app=Nequepo pid=6003 app_name=pora traff_direct=unknown block_count=6437 logon_user=evolup@ionofdeF5643.www.localhost msg=success", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2 01:27:07 etcons7378.api.lan proto=tcp service=https status=deny src=10.72.93.28 dst=10.111.187.12 src_port=3577 dst_port=3994 server_app=aper pid=5651 app_name=tur traff_direct=inbound block_count=3427 logon_user=niamqui@orem6702.invalid msg=failure", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 16 08:29:41 vita2681.www5.local proto=icmp service=ms-wbt-server status=deny src=10.27.14.168 dst=10.66.2.232 src_port=2224 dst_port=5764 server_app=fugiatn pid=3470 app_name=ipsumd traff_direct=outbound block_count=6708 logon_user=uirati@oin6780.mail.domain msg=unknown", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 30 15:32:16 tnulapa7592.www.local proto=ggp service=ms-wbt-server status=deny src=10.75.99.127 dst=10.195.2.130 src_port=1766 dst_port=202 server_app=mporin pid=6932 app_name=nisiuta traff_direct=internal block_count=3828 logon_user=inibusB@eprehen3224.www5.localdomain msg=failure", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 14 22:34:50 lup2134.www.localhost proto=ipv6 service=pop3 status=deny src=10.201.238.90 dst=10.245.104.182 src_port=3759 dst_port=55 server_app=ccaecat pid=6945 app_name=onsequ traff_direct=outbound block_count=4198 logon_user=ovol@ptasn6599.www.localhost msg=success", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 29 05:37:24 tanimid3337.mail.corp proto=ipv6-icmp service=http status=deny src=10.217.150.196 dst=10.105.91.31 src_port=2056 dst_port=5987 server_app=loreme pid=853 app_name=psumquia traff_direct=external block_count=4444 logon_user=con@nisist2752.home msg=unknown", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 12 12:39:58 eumiu765.api.lan proto=ipv6-icmp service=https status=deny src=10.4.157.1 dst=10.184.18.202 src_port=52 dst_port=205 server_app=ofdeFini pid=4153 app_name=molli traff_direct=outbound block_count=725 logon_user=oditem@gitsedqu2649.mail.lan msg=unknown", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 26 19:42:33 mquelau5326.mail.lan proto=icmp service=https status=deny src=10.255.39.252 dst=10.113.95.59 src_port=863 dst_port=4367 server_app=fugitsed pid=1693 app_name=idolo traff_direct=internal block_count=3147 logon_user=persp@entsunt3962.www.example msg=success", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 11 02:45:07 idestlab2631.www.lan proto=tcp service=http status=deny src=10.27.16.118 dst=10.83.177.2 src_port=18 dst_port=1827 server_app=iat pid=337 app_name=rinre traff_direct=internal block_count=1300 logon_user=borios@tut2703.www.host msg=success", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 25 09:47:41 inesci6789.test proto=udp service=http status=deny src=10.38.54.72 dst=10.167.227.44 src_port=6595 dst_port=5736 server_app=lillum pid=7041 app_name=its traff_direct=outbound block_count=7644 logon_user=riamea@entorev160.test msg=failure", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 8 16:50:15 ccaeca7077.internal.corp proto=tcp service=http status=deny src=10.216.54.184 dst=10.215.205.216 src_port=1495 dst_port=647 server_app=riat pid=3854 app_name=psaquaea traff_direct=external block_count=7536 logon_user=ameiusm@proide3714.mail.localdomain msg=unknown", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 22 23:52:50 ima2031.api.corp proto=igmp service=smtp status=deny src=10.9.12.248 dst=10.9.18.237 src_port=765 dst_port=2486 server_app=tpersp pid=55 app_name=seosqui traff_direct=internal block_count=6379 logon_user=uradi@tot5313.mail.invalid msg=success", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 6 06:55:24 ian867.internal.corp proto=rdp service=https status=deny src=10.83.130.226 dst=10.41.123.102 src_port=1542 dst_port=2300 server_app=odoconse pid=228 app_name=quatu traff_direct=external block_count=7661 logon_user=tenim@rumet3801.internal.domain msg=unknown", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 20 13:57:58 lorin4249.corp proto=tcp service=pop3 status=deny src=10.175.112.197 dst=10.80.152.108 src_port=1749 dst_port=2742 server_app=exeacom pid=4253 app_name=rita traff_direct=outbound block_count=6984 logon_user=tametcon@liqua2834.www5.lan msg=failure", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 4 21:00:32 gnaaliqu3935.api.test proto=udp service=smtp status=deny src=10.134.18.114 dst=10.142.25.100 src_port=2761 dst_port=5770 server_app=mdol pid=2200 app_name=nby traff_direct=internal block_count=624 logon_user=osqui@sequat7273.api.host msg=failure", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 19 04:03:07 nsequat1859.internal.localhost proto=udp service=http status=deny src=10.28.118.160 dst=10.223.119.218 src_port=6247 dst_port=300 server_app=umexerc pid=5717 app_name=intocc traff_direct=internal block_count=4387 logon_user=ntsunt@uidol4575.localhost msg=failure", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2 11:05:41 ritin2495.api.corp proto=ggp service=https status=deny src=10.110.114.175 dst=10.47.28.48 src_port=4986 dst_port=3032 server_app=tatem pid=4469 app_name=luptat traff_direct=unknown block_count=4488 logon_user=plicab@oremq2000.api.corp msg=unknown", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 16 18:08:15 tetur2694.mail.local proto=ggp service=pop3 status=deny src=10.40.251.202 dst=10.90.33.138 src_port=5733 dst_port=7876 server_app=enimadmi pid=5524 app_name=lupta traff_direct=external block_count=6847 logon_user=nvolupt@oremi1485.api.localhost msg=success", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 1 01:10:49 rem7043.localhost proto=ipv6 service=ms-wbt-server status=deny src=10.65.2.106 dst=10.227.173.252 src_port=5410 dst_port=5337 server_app=nisiut pid=3624 app_name=teturad traff_direct=external block_count=7576 logon_user=itation@sequatD5469.www5.lan msg=unknown", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 15 08:13:24 emqu2846.internal.home proto=udp service=https status=deny src=10.193.233.229 dst=10.28.84.106 src_port=2859 dst_port=4844 server_app=eaqu pid=1609 app_name=uptatemU traff_direct=inbound block_count=3096 logon_user=tla@item2738.test msg=success", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 29 15:15:58 dqu6144.api.localhost proto=ggp service=ms-wbt-server status=deny src=10.150.245.88 dst=10.210.89.183 src_port=3642 dst_port=2589 server_app=ulpa pid=6248 app_name=iusmodte traff_direct=external block_count=2700 logon_user=sequa@iosamnis1047.internal.localdomain msg=success", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 12 22:18:32 giatquov1918.internal.example proto=udp service=ms-wbt-server status=deny src=10.180.195.43 dst=10.85.185.13 src_port=4540 dst_port=7793 server_app=gnaal pid=7224 app_name=proident traff_direct=outbound block_count=1867 logon_user=voluptas@orroq6677.internal.example msg=failure", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 27 05:21:06 estl5804.internal.local proto=udp service=ms-wbt-server status=deny src=10.207.211.230 dst=10.210.28.247 src_port=3449 dst_port=7257 server_app=ssecil pid=430 app_name=iuntNe traff_direct=unknown block_count=7672 logon_user=tate@onevo4326.internal.local msg=failure", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 10 12:23:41 Sedut1775.www.domain proto=rdp service=ms-wbt-server status=deny src=10.86.11.48 dst=10.248.165.185 src_port=3436 dst_port=5460 server_app=olorsi pid=3589 app_name=exeaco traff_direct=external block_count=4801 logon_user=dquiac@itaedict7233.mail.localdomain msg=unknown", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 24 19:26:15 mac7484.www5.test proto=ipv6-icmp service=http status=deny src=10.118.6.177 dst=10.47.125.38 src_port=6977 dst_port=3896 server_app=isn pid=4814 app_name=omm traff_direct=outbound block_count=1844 logon_user=quunt@numquam5869.internal.example msg=unknown", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 11 02:28:49 oin1140.mail.localhost proto=icmp service=pop3 status=deny src=10.50.233.155 dst=10.60.142.127 src_port=1081 dst_port=5112 server_app=urExce pid=276 app_name=nturm traff_direct=outbound block_count=2241 logon_user=atv@onu6137.api.home msg=success", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 25 09:31:24 naaliq3710.api.local proto=rdp service=http status=deny src=10.28.82.189 dst=10.120.10.211 src_port=3916 dst_port=7661 server_app=odt pid=2452 app_name=inv traff_direct=internal block_count=7705 logon_user=rcit@aecatcup2241.www5.test msg=failure", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 8 16:33:58 volupta3552.internal.localhost proto=ipv6 service=pop3 status=deny src=10.31.237.225 dst=10.6.38.163 src_port=6153 dst_port=4059 server_app=oreveri pid=3453 app_name=avolu traff_direct=inbound block_count=2820 logon_user=olup@labor6360.mail.local msg=failure", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 22 23:36:32 onse380.internal.localdomain proto=ggp service=https status=deny src=10.226.5.189 dst=10.125.165.144 src_port=3371 dst_port=7889 server_app=dexerc pid=2302 app_name=tatem traff_direct=inbound block_count=5407 logon_user=mvolu@mveleum4322.www5.host msg=success", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 7 06:39:06 queips4947.mail.example proto=udp service=smtp status=deny src=10.97.149.97 dst=10.46.56.204 src_port=2463 dst_port=5070 server_app=uela pid=7079 app_name=umf traff_direct=unknown block_count=2441 logon_user=dolorsit@archite1843.mail.home msg=unknown", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 21 13:41:41 oloreseo5039.test proto=ggp service=https status=deny src=10.218.0.197 dst=10.28.105.124 src_port=7581 dst_port=4797 server_app=eritin pid=5773 app_name=litsedq traff_direct=outbound block_count=5749 logon_user=ntNe@itanim4024.api.example msg=success", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 4 20:44:15 minim459.mail.local proto=rdp service=https status=deny src=10.123.199.198 dst=10.17.87.79 src_port=6332 dst_port=3414 server_app=tionula pid=1586 app_name=ate traff_direct=outbound block_count=5006 logon_user=ratvolu@nreprehe715.api.home msg=unknown", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 19 03:46:49 eratv211.api.host proto=rdp service=https status=deny src=10.38.86.177 dst=10.115.68.40 src_port=5768 dst_port=5483 server_app=boNem pid=5137 app_name=ssusci traff_direct=internal block_count=2841 logon_user=mpo@unte893.internal.host msg=success", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 3 10:49:23 aparia1179.www.localdomain proto=tcp service=https status=deny src=10.193.118.163 dst=10.115.174.107 src_port=548 dst_port=5597 server_app=acom pid=5704 app_name=dolorem traff_direct=internal block_count=10 logon_user=exeacomm@aspe951.mail.domain msg=success", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 17 17:51:58 iatqu6203.mail.corp proto=icmp service=http status=deny src=10.37.128.49 dst=10.77.77.208 src_port=625 dst_port=1101 server_app=esci pid=2310 app_name=essecill traff_direct=external block_count=2653 logon_user=moles@dipiscin4957.www.home msg=unknown", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 1 00:54:32 ptasnula6576.api.invalid proto=tcp service=ms-wbt-server status=deny src=10.54.73.158 dst=10.1.96.93 src_port=5752 dst_port=428 server_app=docon pid=5398 app_name=ntium traff_direct=internal block_count=4392 logon_user=lloinven@econs2687.internal.localdomain msg=unknown", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 15 07:57:06 mag1506.internal.domain proto=igmp service=smtp status=deny src=10.131.126.109 dst=10.182.152.242 src_port=1877 dst_port=6998 server_app=rcitat pid=2465 app_name=ecillum traff_direct=inbound block_count=3208 logon_user=dolor@tiumto5834.api.lan msg=success", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 29 14:59:40 fugits1163.host proto=icmp service=http status=deny src=10.181.247.224 dst=10.77.229.168 src_port=260 dst_port=3777 server_app=atatnon pid=6064 app_name=abor traff_direct=external block_count=329 logon_user=adol@iutal6032.www.test msg=failure", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 12 22:02:15 gitse2463.www5.invalid proto=ipv6-icmp service=http status=deny src=10.235.116.121 dst=10.72.162.6 src_port=1 dst_port=5516 server_app=emp pid=2861 app_name=luptas traff_direct=outbound block_count=1444 logon_user=oinv@inculp2078.host msg=unknown", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 27 05:04:49 temse6953.www.example proto=ipv6-icmp service=https status=deny src=10.149.193.117 dst=10.28.124.236 src_port=5343 dst_port=3434 server_app=atcupi pid=3559 app_name=edquia traff_direct=internal block_count=3176 logon_user=mullam@mexerc2757.internal.home msg=failure", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 11 12:07:23 deriti6952.mail.domain proto=ipv6-icmp service=http status=deny src=10.34.131.224 dst=10.196.96.162 src_port=649 dst_port=6378 server_app=equatDu pid=1710 app_name=aconse traff_direct=outbound block_count=7174 logon_user=tnonproi@squira4455.api.domain msg=failure", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 25 19:09:57 abor1370.www.domain proto=ipv6-icmp service=https status=deny src=10.97.236.123 dst=10.77.78.180 src_port=5159 dst_port=5380 server_app=reetdol pid=4984 app_name=ugi traff_direct=inbound block_count=4782 logon_user=nisi@emveleum3661.localhost msg=unknown", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 9 02:12:32 emullamc5418.mail.test proto=ipv6 service=ms-wbt-server status=deny src=10.82.133.66 dst=10.45.54.107 src_port=7229 dst_port=3593 server_app=nse pid=3421 app_name=quira traff_direct=unknown block_count=5362 logon_user=olorem@sedquiac6517.internal.localhost msg=failure", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 23 09:15:06 squirati7050.www5.lan proto=rdp service=pop3 status=deny src=10.180.180.230 dst=10.170.252.219 src_port=4147 dst_port=2454 server_app=tesseci pid=4020 app_name=radipis traff_direct=external block_count=7020 logon_user=nse@veniam3148.www5.home msg=failure", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 7 16:17:40 venia2079.mail.example proto=rdp service=http status=deny src=10.5.11.205 dst=10.65.144.51 src_port=4901 dst_port=2283 server_app=lumqu pid=617 app_name=autf traff_direct=outbound block_count=5050 logon_user=uptat@unt3559.www.home msg=failure", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 21 23:20:14 snostrum3450.www5.localhost proto=udp service=smtp status=deny src=10.195.223.82 dst=10.76.122.196 src_port=3128 dst_port=5325 server_app=atu pid=487 app_name=iame traff_direct=external block_count=593 logon_user=umiurer@rere5274.mail.domain msg=success", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 5 06:22:49 gelitsed3249.corp proto=icmp service=ms-wbt-server status=deny src=10.138.210.116 dst=10.225.255.211 src_port=5595 dst_port=3369 server_app=rum pid=2442 app_name=eursinto traff_direct=external block_count=956 logon_user=fugiatn@uaeabi3728.www5.invalid msg=failure", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 19 13:25:23 dolor7082.internal.localhost proto=icmp service=smtp status=deny src=10.250.81.189 dst=10.219.1.151 src_port=5404 dst_port=4323 server_app=redo pid=6311 app_name=ditautf traff_direct=external block_count=3262 logon_user=ori@uamqu2804.test msg=unknown", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2 20:27:57 totam6886.api.localhost proto=ggp service=https status=deny src=10.54.23.133 dst=10.76.125.70 src_port=3258 dst_port=756 server_app=oluptat pid=7128 app_name=eseruntm traff_direct=internal block_count=1916 logon_user=oloreeu@olor5201.host msg=unknown", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 17 03:30:32 laborum5749.www.example proto=igmp service=http status=deny src=10.36.110.69 dst=10.189.42.62 src_port=4187 dst_port=4262 server_app=duntut pid=2780 app_name=ullamc traff_direct=unknown block_count=170 logon_user=eque@eufug3348.www.lan msg=success", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 3 10:33:06 lup3313.api.home proto=tcp service=https status=deny src=10.47.179.68 dst=10.183.202.82 src_port=5107 dst_port=2208 server_app=usmod pid=3284 app_name=amni traff_direct=unknown block_count=2645 logon_user=umfugi@stquidol239.www5.invalid msg=failure", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 17 17:35:40 edq5397.www.test proto=ipv6-icmp service=pop3 status=deny src=10.73.28.165 dst=10.221.206.74 src_port=3668 dst_port=1480 server_app=ihilmole pid=2314 app_name=litanim traff_direct=inbound block_count=5572 logon_user=quas@gia6531.mail.invalid msg=success", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 1 00:38:14 udan6536.www5.test proto=ipv6 service=ms-wbt-server status=deny src=10.85.104.146 dst=10.14.204.36 src_port=3442 dst_port=4887 server_app=qua pid=5284 app_name=ents traff_direct=inbound block_count=973 logon_user=emp@lamcola4879.www5.localdomain msg=success", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 15 07:40:49 rumet6923.www5.lan proto=rdp service=https status=deny src=10.208.18.210 dst=10.30.246.132 src_port=3601 dst_port=388 server_app=texplica pid=3990 app_name=ore traff_direct=outbound block_count=5624 logon_user=veniam@edquian330.mail.local msg=unknown", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 29 14:43:23 itse522.internal.localdomain proto=udp service=pop3 status=deny src=10.106.249.91 dst=10.19.119.17 src_port=1732 dst_port=3822 server_app=veleumi pid=4337 app_name=tvol traff_direct=unknown block_count=2783 logon_user=lit@santi837.api.domain msg=success", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 13 21:45:57 amc3059.local proto=igmp service=http status=deny src=10.29.109.126 dst=10.181.41.154 src_port=6261 dst_port=866 server_app=itseddo pid=5275 app_name=seos traff_direct=unknown block_count=6721 logon_user=labo@lpaquiof804.internal.invalid msg=failure", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 28 04:48:31 enbyCi3813.api.domain proto=ipv6-icmp service=https status=deny src=10.164.207.42 dst=10.164.120.197 src_port=1901 dst_port=2304 server_app=itametco pid=2286 app_name=remip traff_direct=external block_count=3116 logon_user=pta@nonn4478.host msg=unknown", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 11 11:51:06 liquipex1155.mail.corp proto=ipv6-icmp service=smtp status=deny src=10.183.189.133 dst=10.154.191.225 src_port=5347 dst_port=7856 server_app=Loremip pid=2990 app_name=tur traff_direct=unknown block_count=6105 logon_user=ita@amquaer3985.www5.example msg=success", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 25 18:53:40 isn3991.local proto=igmp service=smtp status=deny src=10.29.120.226 dst=10.103.189.199 src_port=1296 dst_port=767 server_app=exerci pid=226 app_name=eserun traff_direct=outbound block_count=5452 logon_user=emu@orem6317.local msg=failure", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 10 01:56:14 iumtotam1010.www5.corp proto=icmp service=https status=deny src=10.133.254.23 dst=10.210.153.7 src_port=6251 dst_port=7030 server_app=nofdeFi pid=4691 app_name=sautei traff_direct=external block_count=2088 logon_user=voluptas@velill3230.www.corp msg=success", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 24 08:58:48 onsecte91.www5.localdomain proto=tcp service=pop3 status=deny src=10.126.245.73 dst=10.91.2.135 src_port=180 dst_port=2141 server_app=ender pid=5647 app_name=rumSecti traff_direct=outbound block_count=4680 logon_user=olore@orumS757.www5.corp msg=success", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 7 16:01:23 abori7686.internal.host proto=rdp service=https status=deny src=10.183.243.246 dst=10.137.85.123 src_port=218 dst_port=7073 server_app=ntsunti pid=2313 app_name=magnam traff_direct=internal block_count=6402 logon_user=cid@emi4534.www.localdomain msg=failure", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 21 23:03:57 reprehen3513.test proto=ipv6 service=smtp status=deny src=10.61.225.196 dst=10.10.86.55 src_port=4720 dst_port=5132 server_app=isiu pid=1585 app_name=mmodi traff_direct=external block_count=3034 logon_user=eniamqu@inimav1576.mail.example msg=failure", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 5 06:06:31 orroquis284.api.domain proto=udp service=http status=deny src=10.125.143.153 dst=10.79.73.195 src_port=2657 dst_port=457 server_app=umf pid=3141 app_name=moll traff_direct=outbound block_count=7645 logon_user=emip@aturQu7083.mail.host msg=failure", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 19 13:09:05 tionula2060.www5.localhost proto=ipv6 service=ms-wbt-server status=deny src=10.240.216.85 dst=10.64.139.17 src_port=2046 dst_port=2438 server_app=ice pid=6331 app_name=aal traff_direct=external block_count=4982 logon_user=nimadmin@lumqui7769.mail.local msg=unknown", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 3 20:11:40 rumSecti111.www5.domain proto=ipv6 service=ms-wbt-server status=deny src=10.87.90.49 dst=10.222.245.80 src_port=1486 dst_port=4017 server_app=itaedict pid=4474 app_name=byCic traff_direct=inbound block_count=3380 logon_user=ptatemse@siarc6339.internal.corp msg=success", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 18 03:14:14 olores7881.local proto=udp service=pop3 status=deny src=10.143.53.214 dst=10.87.144.208 src_port=3310 dst_port=2440 server_app=ipsumq pid=4855 app_name=psaquaea traff_direct=unknown block_count=5772 logon_user=psumq@ptatev6552.www.test msg=success", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 1 10:16:48 tDuis3281.www5.localdomain proto=ipv6-icmp service=pop3 status=deny src=10.204.178.19 dst=10.105.97.134 src_port=616 dst_port=1935 server_app=oremque pid=1729 app_name=inimve traff_direct=unknown block_count=6564 logon_user=mexercit@byC5766.internal.home msg=success", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 15 17:19:22 uptasnul2751.www5.corp proto=rdp service=smtp status=deny src=10.161.64.168 dst=10.194.67.223 src_port=7154 dst_port=5767 server_app=tatemse pid=4493 app_name=amqui traff_direct=inbound block_count=3673 logon_user=tion@hender6628.local msg=unknown", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 30 00:21:57 upt6017.api.localdomain proto=tcp service=smtp status=deny src=10.100.154.220 dst=10.120.148.241 src_port=5535 dst_port=1655 server_app=eeufug pid=6094 app_name=modt traff_direct=external block_count=5150 logon_user=rsitam@xercit7649.www5.home msg=failure", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 14 07:24:31 tpers2217.internal.lan proto=udp service=ms-wbt-server status=deny src=10.116.153.19 dst=10.180.90.112 src_port=6610 dst_port=1936 server_app=olu pid=5012 app_name=dexercit traff_direct=outbound block_count=2216 logon_user=itessequ@porissu1470.domain msg=success", "tags": [ diff --git a/packages/fortinet/data_stream/clientendpoint/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet/data_stream/clientendpoint/elasticsearch/ingest_pipeline/default.yml index cf996f98184..3c72187ebc8 100644 --- a/packages/fortinet/data_stream/clientendpoint/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet/data_stream/clientendpoint/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Fortinet FortiClient Endpoint Security processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/fortinet/data_stream/clientendpoint/sample_event.json b/packages/fortinet/data_stream/clientendpoint/sample_event.json index f10a0048c61..9cc3f40941d 100644 --- a/packages/fortinet/data_stream/clientendpoint/sample_event.json +++ b/packages/fortinet/data_stream/clientendpoint/sample_event.json @@ -19,7 +19,7 @@ "port": 3994 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/fortinet/data_stream/firewall/_dev/test/pipeline/test-fortinet.log-expected.json b/packages/fortinet/data_stream/firewall/_dev/test/pipeline/test-fortinet.log-expected.json index 5f20d28c1fb..36251654da1 100644 --- a/packages/fortinet/data_stream/firewall/_dev/test/pipeline/test-fortinet.log-expected.json +++ b/packages/fortinet/data_stream/firewall/_dev/test/pipeline/test-fortinet.log-expected.json @@ -20,7 +20,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ftgd_blk", @@ -133,7 +133,7 @@ "port": 161 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -235,7 +235,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ftgd_allow", @@ -347,7 +347,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "signature", @@ -467,7 +467,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "signature", @@ -598,7 +598,7 @@ ] }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dns-response", @@ -707,7 +707,7 @@ ] }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dns-response", @@ -804,7 +804,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "signature", @@ -926,7 +926,7 @@ ] }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dns-response", @@ -1031,7 +1031,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dns-query", @@ -1122,7 +1122,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ssl-anomalies", @@ -1207,7 +1207,7 @@ { "@timestamp": "2020-04-23T12:32:48.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1284,7 +1284,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1371,7 +1371,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1449,7 +1449,7 @@ { "@timestamp": "2020-04-23T14:32:09.000-03:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1503,7 +1503,7 @@ { "@timestamp": "2020-04-23T12:32:09.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1581,7 +1581,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1660,7 +1660,7 @@ { "@timestamp": "2020-04-23T14:24:13.000-03:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0100041006", @@ -1698,7 +1698,7 @@ { "@timestamp": "2020-04-23T12:23:47.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0107045057", @@ -1769,7 +1769,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1835,7 +1835,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1899,7 +1899,7 @@ { "@timestamp": "2020-04-23T14:16:42.000-03:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1960,7 +1960,7 @@ { "@timestamp": "2020-04-23T12:16:02.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0100022915", @@ -1999,7 +1999,7 @@ { "@timestamp": "2020-04-23T12:16:02.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0100022913", @@ -2055,7 +2055,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dns", @@ -2157,7 +2157,7 @@ "port": 6000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", @@ -2278,7 +2278,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", @@ -2388,7 +2388,7 @@ "packets": 40 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", @@ -2490,7 +2490,7 @@ "port": 1235 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ip-conn", @@ -2599,7 +2599,7 @@ "port": 442 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "close", @@ -2746,7 +2746,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "app-ctrl-all", @@ -2857,7 +2857,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -2922,7 +2922,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0112053203", @@ -2961,7 +2961,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0112053203", @@ -3000,7 +3000,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0112053203", @@ -3039,7 +3039,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0112053203", @@ -3078,7 +3078,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0112053203", @@ -3117,7 +3117,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0112053203", @@ -3156,7 +3156,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0112053203", @@ -3195,7 +3195,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "0112053203", diff --git a/packages/fortinet/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index 30892ee32fe..6678c6670d3 100644 --- a/packages/fortinet/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing fortinet firewall logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/fortinet/data_stream/firewall/sample_event.json b/packages/fortinet/data_stream/firewall/sample_event.json index c783c2938fd..3b8fb803443 100644 --- a/packages/fortinet/data_stream/firewall/sample_event.json +++ b/packages/fortinet/data_stream/firewall/sample_event.json @@ -33,7 +33,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7cc48d16-ebf0-44b1-9094-fe2082d8f5a4", diff --git a/packages/fortinet/data_stream/fortimail/_dev/test/pipeline/test-generated.log-expected.json b/packages/fortinet/data_stream/fortimail/_dev/test/pipeline/test-generated.log-expected.json index d68523b4fd7..483c57dd082 100644 --- a/packages/fortinet/data_stream/fortimail/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/fortinet/data_stream/fortimail/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-1-29 time=06:09:59 device_id=pexe log_id=nes log_part=eab type=event subtype=update pri=high msg=\"boNemoe\"", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-2-12 time=13:12:33 device_id=ehend log_id=ritquiin log_part=umqui type=virus subtype=infected pri=very-high from=\"mest\" to=enderitq client_name=\"sperna884.internal.domain\" client_ip=\"10.165.201.71\" session_id=\"pisciv\" msg=\"uii\"", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-2-26 time=20:15:08 device_id=doeiu log_id=nia log_part=olupt type=event subtype=config pri=low user=quipexe ui=alo(10.212.18.145) module=umdo submodule=itessequ msg=vol", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-3-12 time=03:17:42 device_id=uipexea log_id=tatio log_part=minim type=event subtype=pop3 pri=high user=ceroinBC ui=ratvolup action=deny status=iatu msg=\"ionofde\"", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-3-26 time=10:20:16 device_id=itati log_id=mfu log_part=uid type=event subtype=pop3 pri=very-high user=obeataev ui=lor action=block status=autfu msg=\"natura\"", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-4-9 time=17:22:51 device_id=llamcorp log_id=ari log_part=eataevit type=event subtype=system pri=high user=iam ui=mqua action=allow status=olab msg=mquisnos", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-4-24 time=00:25:25 device_id=enimad log_id=incididu log_part=eci type=virus pri=very-high from=tenbyCic to=boree src=10.98.69.43 session_id=\"iinea\" msg=ipit", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-5-8 time=07:27:59 device_id=taliqu log_id=temUten log_part=ccusan type=virus subtype=infected pri=low from=\"Ciceroi\" to=\"aveniam\" client_name=\"uradi7307.internal.corp\" client_ip=\"10.118.96.139\" session_id=\"sitas\" msg=ehenderi", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-5-22 time=14:30:33 device_id=smo log_id=litessec log_part=emporinc type=event subtype=pop3 pri=very-high user=ipsumq ui=atcu action=allow status=tessec msg=\"remipsum\"", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-6-5 time=21:33:08 device_id=ntutl log_id=caecatc log_part=onsequat type=event subtype=update pri=low msg=\"edquiano\"", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-6-20 time=04:35:42 device_id=idestla log_id=Nemoeni log_part=uradi type=statistics pri=very-high session_id=\"lup\" from=\"remeumf\" mailer=antiumto client_name=\"10.241.165.37\" MSISDN=aUteni resolved=ittenbyC to=\"aperi\" direction=\"inbound\" message_length=ita virus=\"ipi\" disposition=rsitamet classifier=\"lupt\" subject=\"xea\"", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-7-4 time=11:38:16 device_id=amvolup log_id=sequi log_part=rehend type=event subtype=webmail pri=high user=eme ui=numqu(10.232.149.140) action=allow status=lum msg=utali", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-7-18 time=18:40:50 device_id=estiae log_id=sci log_part=oei type=virus_file-signature pri=low snostrud to=nama src=\"10.24.67.250\" session_id=\"dolor\" msg=\"nnum\"", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-8-2 time=01:43:25 device_id=oluptas log_id=tNequepo log_part=lup type=event subtype=update pri=medium msg=equat", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-8-16 time=08:45:59 device_id=abi log_id=sectetur log_part=uioffi type=event subtype=update pri=high msg=veniamq", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-8-30 time=15:48:33 device_id=orem log_id=beata log_part=hitecto type=statistics pri=very-high session_id=\"texp\" client_name=\"[10.179.124.125]\"dst_ip=\"10.177.36.38\" from=\"sequine\" to=\"ectio\" polid=\"dutper\" domain=\"lamcolab3252.www.invalid\" subject=\"gel\" mailer=\"lorsitam\" resolved=\"mpo\" direction=\"inbound\" virus=\"ris\" disposition=\"uamqu\" classifier=\"lor\" message_length=oide", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-9-13 time=22:51:07 device_id=didunt log_id=uptatema log_part=intocc type=virus subtype=file-signature pri=very-high from=\"orema\" to=invento src=[10.164.39.248] session_id=\"nofdeFin\" msg=sequam", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-9-28 time=05:53:42 device_id=tvolu log_id=ecte log_part=tinvolu type=virus_file-signature pri=high from=\"ntiumdo\" to=\"autfu\" src=gnaaliq [10.52.135.156] session_id=\"litse\" msg=\"icabo\"", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-10-12 time=12:56:16 device_id=stru log_id=tectobe log_part=Nequepo type=event subtype=config pri=very-high user=pora ui=boree module=evolup submodule=ionofdeF msg=\"evelit\"", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-10-26 time=19:58:50 device_id=uatD log_id=ariatu log_part=edquiac type=event subtype=smtp pri=high user=atno ui=tani action=allow status=ntocca session_id=ostru log_part=ntoccae msg=autf", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-11-10 time=03:01:24 device_id=tenimad log_id=minimav log_part=udexerci type=spam pri=very-high session_id=\"itam\" client_name=\"str976.internal.localhost [10.166.225.26]\" from=tanimid to=umdo subject=\"natuse\" msg=\"gnamal\"", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-11-24 time=10:03:59 device_id=intoc log_id=rQuisau log_part=itess type=virus subtype=infected pri=high from=evit to=\"runtm\" client_name=\"molli4306.www5.home\" client_ip=\"10.218.243.47\" session_id=\"borios\" msg=rsitvolu", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-12-8 time=17:06:33 device_id=quamqua log_id=eacommod log_part=ctetura type=event subtype=imap pri=high user=tpersp ui=stla action=allow status=sequamni msg=uradi", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-12-23 time=00:09:07 device_id=dolore log_id=onsecte log_part=nBCSedut type=virus subtype=file-signature pri=high from=\"modocons\" to=gitsed src=\"10.16.177.212\" session_id=\"emp\" msg=\"Attachment file (pisciv) has sha1 hash value: lumdolor\"", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-1-6 time=07:11:41 device_id=uaUten log_id=nby log_part=mve type=event subtype=config pri=low user=isau ui=rautodi(10.96.97.81) module=pis submodule=nsequat msg=doloreme", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-1-20 time=14:14:16 device_id=aec log_id=fdeF log_part=iquidexe type=spam pri=low session_id=\"niamq\" client_name= \"lapariat7287.internal.host\" client_ip=\"10.140.7.83\" dst_ip=\"10.68.246.187\" from=\"icabo\" to=\"gna\" subject=\"con\" msg=\"preh\"", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-2-3 time=21:16:50 device_id=amcor log_id=ica log_part=lillum type=event subtype=admin pri=very-high user=dicta ui=taedicta action=accept status=poriss reason=failure msg=equaturv", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-2-18 time=04:19:24 device_id=tpersp log_id=llamc log_part=nte type=event subtype=pop3 pri=very-high user=utali ui=porinc(10.48.204.44) action=accept status=dat msg=aincidu", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-3-4 time=11:21:59 device_id=dipisci log_id=spernatu log_part=admi type=event subtype=pop3 pri=very-high user=quunt ui=olori action=allow status=autodit msg=elit", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-3-18 time=18:24:33 device_id=nte log_id=ulpa log_part=sitam type=virus subtype=file-signature pri=low enderit to=sequa src=\"[10.111.233.194]\" session_id=eirure msg=deserun", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-4-2 time=01:27:07 device_id=ptateve log_id=enderi log_part=ptatem type=event subtype=smtp pri=very-high user=fugi ui=labo action=block status=ullamcor session_id=itationu msg=proident", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-4-16 time=08:29:41 device_id=atione log_id=lores log_part=ritati type=statistics pri=very-high session_id=uii client_name=estl5804.internal.local client_ip=10.73.207.70 dst_ip=10.179.210.218 from=taut hfrom=tanimi to=rumSecti polid=iuntNe domain=atise3421.www5.localdomain mailer=oluptas resolved=emvele src_type=isnost direction=inbound virus=Sedut disposition=yCiceroi classifier=quunt message_length=acommod subject=sitvol", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-4-30 time=15:32:16 device_id=liquide log_id=odt log_part=Sedutpe type=event subtype=admin pri=medium user=rroq ui=rcit(10.43.62.246) action=accept status=estl reason=success msg=citatio", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-5-14 time=22:34:50 device_id=taedict log_id=edquian log_part=loremeu type=event subtype=admin pri=very-high user=volupta ui=dmi action=allow status=aaliq reason=unknown msg=lupta", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-5-29 time=05:37:24 device_id=occ log_id=oloreseo log_part=iruredol type=virus subtype=file-signature pri=very-high derit to=orese src=\"[10.28.105.124]\" session_id=\"strude\" msg=eritin", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-6-12 time=12:39:58 device_id=temUten log_id=dutper log_part=sitamet type=event subtype=admin pri=very-high user=illumqui ui=saq action=block status=ritqu reason=unknown msg=\"idolor\"", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-6-26 time=19:42:33 device_id=quide log_id=quaU log_part=undeomni type=virus_file-signature pri=medium acomm to=iutali src=\"[10.219.13.150]\" session_id=Finibus msg=radi", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-7-11 time=02:45:07 device_id=inrepr log_id=mol log_part=umdolors type=event subtype=pop3 pri=medium user=imad ui=oriosam(10.163.114.215) action=deny status=sitametc msg=onsequa", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-7-25 time=09:47:41 device_id=riosa log_id=tNe log_part=pisc type=event subtype=webmail pri=very-high user=caecat ui=rautod(10.124.32.120) action=accept status=atcupi msg=atem", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-8-8 time=16:50:15 device_id=undeom log_id=emullamc log_part=tec type=event subtype=imap pri=medium user=eetdo ui=tlab action=cancel status=liq msg=seddoeiu", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-8-22 time=23:52:50 device_id=edictasu log_id=mdolors log_part=oremi type=event subtype=imap pri=medium user=atis ui=atDuis action=accept status=nisiut msg=\"rumwri\"", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-9-6 time=06:55:24 device_id=lumqu log_id=onulamco log_part=ons type=event subtype=pop3 pri=low user=uptat ui=unt action=accept status=uido msg=tla", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-9-20 time=13:57:58 device_id=uamqu log_id=olori log_part=ido type=spam pri=low session_id=\"sunt\" from=\"autfugit\" to=\"emUte\" msg=iusmodi", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-10-4 time=21:00:32 device_id=umS log_id=iciadese log_part=riatur type=event subtype=webmail pri=very-high user=xeacommo ui=Cicero(10.247.53.179) action=cancel status=ditau msg=atemaccu", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-10-19 time=04:03:07 device_id=urau log_id=etur log_part=rsitvol type=event subtype=config pri=low user=laborum ui=ostr(10.70.91.185) module=lumdo submodule=acom msg=\"eFini\"", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-11-2 time=11:05:41 device_id=upta log_id=itessequ log_part=iusmodit type=event subtype=update pri=very-high msg=exerci", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-11-16 time=18:08:15 device_id=mmodoco log_id=amni log_part=atnul type=event subtype=webmail pri=medium user=iquidexe ui=illumq(10.215.65.52) action=accept status=tasnul msg=\"tuserr\"", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-12-1 time=01:10:49 device_id=porinc log_id=riame log_part=riat type=event subtype=admin pri=medium user=rumSec ui=orp action=deny status=udan reason=unknown msg=\"essequam\"", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-12-15 time=08:13:24 device_id=itse log_id=ilm log_part=mvel type=virus subtype=infected pri=high from=seos to=exercita client_name=\"edolori3822.api.home\" client_ip=\"10.63.177.46\" session_id=\"oluptate\" msg=lit", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-12-29 time=15:15:58 device_id=iciade log_id=uis log_part=amc type=event subtype=webmail pri=medium user=Ute ui=ptassita action=allow status=runtm msg=\"eturadip\"", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-1-12 time=22:18:32 device_id=colabori log_id=imidestl log_part=piscing type=virus subtype=file-signature pri=high from=\"isn\" to=smod src=\"idunt [10.29.120.226]\" session_id=\"atev\" msg=\"ectio\"", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-1-27 time=05:21:06 device_id=atcupid log_id=onse log_part=psa type=virus_file-signature pri=high destla to=\"fugitse\" src=[10.12.86.130] session_id=dese msg=\"Attachment file (duntutla) has sha1 hash value: lamco\"", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-2-10 time=12:23:41 device_id=gna log_id=ici log_part=quamnih type=event subtype=pop3 pri=low user=iameaque ui=identsun action=deny status=aquio msg=\"rspicia\"", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-2-24 time=19:26:15 device_id=uiineavo log_id=sistena log_part=uidexeac type=virus subtype=infected pri=high from=\"amquisno\" to=modoc client_name=\"magnam3267.corp\" client_ip=\"10.95.32.86\" session_id=\"Bonorum\" msg=lesti", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-3-11 time=02:28:49 device_id=lupta log_id=byC log_part=imadm type=spam pri=low session_id=\"nci\" from=\"orroquis\" to=\"ulapa\" subject=\"iumdo\" msg=\"iusmodit\"", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-3-25 time=09:31:24 device_id=obeataev log_id=umf log_part=olesti type=event subtype=config pri=low user=quaeabil ui=emip module=aturQu submodule=itesse msg=\"iamqui\"", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-4-8 time=16:33:58 device_id=inim log_id=etdol log_part=Sed type=event subtype=pop3 pri=very-high user=tten ui=etur action=allow status=mipsumqu msg=\"eprehen\"", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-4-22 time=23:36:32 device_id=itaedict log_id=olorema log_part=rep type=event subtype=update pri=low msg=ptatemse", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-5-7 time=06:39:06 device_id=eleumi log_id=edic log_part=udexerc type=event subtype=pop3 pri=low user=olabori ui=odic action=block status=lica msg=secil", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-5-21 time=13:41:41 device_id=nimadmin log_id=midest log_part=modt type=event subtype=update pri=very-high msg=tocca", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-6-4 time=20:44:15 device_id=usant log_id=mipsumq log_part=ident type=event subtype=config pri=very-high user=sequatD ui=ercitati(10.40.89.185) module=temse submodule=caecat msg=\"cusanti\"", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-6-19 time=03:46:49 device_id=conseq log_id=itame log_part=tenat type=virus subtype=infected pri=very-high from=\"yCiceroi\" to=\"nostrum\" client_name=\"orroquis5179.local\" client_ip=\"10.252.96.71\" session_id=\"tvolu\" msg=\"dutper\"", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-7-3 time=10:49:23 device_id=ugiatqu log_id=eruntmo log_part=nimve type=virus subtype=infected pri=very-high from=natus to=boreet client_name=\"luptasnu757.www.home\" client_ip=\"10.174.210.232\" session_id=ovolupta msg=\"volup\"", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-7-17 time=17:51:58 device_id=Bonoru log_id=rcitati log_part=nula type=event subtype=imap pri=medium user=deomni ui=adipi(10.120.232.62) action=block status=ntutl msg=\"volupt\"", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-8-1 time=00:54:32 device_id=mquameiu log_id=loremq log_part=turmagni type=event subtype=imap pri=very-high user=emUtenim ui=ende action=block status=amnis msg=rvelil", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-8-15 time=07:57:06 device_id=rumetMa log_id=mexerci log_part=urEx type=virus subtype=file-signature pri=medium liq to=abore src=10.200.225.45 session_id=dol msg=exe", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-8-29 time=14:59:40 device_id=audant log_id=rspicia log_part=pitl type=statistics pri=high session_id=mmod client_name=taevit4968.mail.local client_ip=10.144.111.42 dst_ip=10.62.61.1 from=lam hfrom=asnu to=com polid=rep domain=mveni5084.internal.local mailer=num resolved=ctetura src_type=quaerat direction=inbound virus=umexer disposition=amnih classifier=tper message_length=pisciv subject=tconsect", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-9-12 time=22:02:15 device_id=emipsumq log_id=culpaq log_part=quamq type=event subtype=pop3 pri=medium user=emvel ui=pta(10.183.213.223) action=block status=hend msg=remagna", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-9-27 time=05:04:49 device_id=lauda log_id=plicaboN log_part=dolo type=virus subtype=file-signature pri=medium from=\"elit\" to=sam src=\"tMal [10.52.190.18]\" session_id=isni msg=quid", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-10-11 time=12:07:23 device_id=inibus log_id=secte log_part=ctobeat type=event subtype=config pri=low user=iqui ui=animide module=pid submodule=itanimi msg=\"onoru\"", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-10-25 time=19:09:57 device_id=naaliq log_id=plica log_part=asiarc type=event subtype=imap pri=low user=seq ui=snula(10.203.110.206) action=deny status=dipi msg=ecatc", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-11-9 time=02:12:32 device_id=dolo log_id=velites log_part=oloremi type=virus_file-signature pri=high apari to=tsunt src=\"caecat [10.108.10.197]\" session_id=enim msg=\"Attachment file (umq) has sha1 hash value: sistena\"", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-11-23 time=09:15:06 device_id=imipsam log_id=eumiu log_part=tatevel type=event subtype=smtp pri=high user=quisnostui=sequines(10.115.154.104) action=cancelstatus=lorumsession_id=\"suntexpl\" msg=\"DSN: to \u003c\u003ciqu\u003e; reason:success; sessionid:tatis\"", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-12-7 time=16:17:40 device_id=econ log_id=aborio log_part=rve type=event subtype=smtp pri=medium user=nbyCiui=runtmollaction=blockstatus=velillumsession_id=\"ionev\" msg=\"to=\u003c\u003cvitaedi\u003e, delay=rna, xdelay=cons, mailer=ipv6-icmp, pri=lupta, relay=olaboris3175.internal.home[10.250.94.95], dsn=tno, stat=imvenia\"", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-12-21 time=23:20:14 device_id=atevelit log_id=ugitsed log_part=dminimve type=virus subtype=file-signature pri=very-high from=\"onse\" to=uiac src=tquii [10.164.49.95] session_id=emeumfu msg=\"inBCSedu\"", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-1-5 time=06:22:49 device_id=ddo log_id=emp log_part=inBC type=event subtype=smtp pri=low user=eacommui=aboNem(10.11.45.141) action=allowstatus=remasession_id=\"mcol\"msg=\"STARTTLS=tion, cert-subject=umquia, cert-issuer=lorsita, verifymsg=spici\"", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-1-19 time=13:25:23 device_id=odit log_id=vol log_part=epteurs type=statistics pri=very-high session_id=\"cteturad\" client_name=\"modi6930.internal.test[10.60.164.100]\"dst_ip=\"10.161.1.146\" from=\"etconse\" to=\"nproiden\" polid=\"ionem\" domain=\"taevitae6868.www.corp\" subject=\"ehende\" mailer=\"rep\" resolved=\"nostru\" direction=\"internal\" virus=\"ipiscin\" disposition=\"trudexe\" classifier=\"qua\" message_length=modit", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-2-2 time=20:27:57 device_id=orsit log_id=deFinibu log_part=iaecons type=event subtype=admin pri=very-high user=rautod ui=onorumet(10.157.118.41) action=cancel status=chit reason=unknown msg=\"erspici\"", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-2-17 time=03:30:32 device_id=quidol log_id=tinv log_part=Utenima type=statistics pri=high session_id=temqu client_name=uradip7802.mail.example client_ip=10.44.35.57 dst_ip=10.93.239.216 from=vento hfrom=litsed to=ciun polid=rehender domain=tetura7106.www5.corp mailer=eosquir resolved=tqu src_type=emips direction=internal virus=tinvolu disposition=ptat classifier=amquisn message_length=Finibus subject=nsequat", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-3-3 time=10:33:06 device_id=evelite log_id=remquela log_part=toreve type=event subtype=update pri=high msg=\"dolor\"", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-3-17 time=17:35:40 device_id=itse log_id=lapari log_part=Bonor type=event subtype=update pri=medium msg=exeaco", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-4-1 time=00:38:14 device_id=emvele log_id=tNeq log_part=olorsita type=virus_file-signature pri=medium eleumiu to=etdol src=\"imadmin [10.123.154.140]\" session_id=liqu msg=dolor", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-4-15 time=07:40:49 device_id=aliq log_id=utem log_part=oreetd type=event subtype=imap pri=very-high user=mremape ui=ude action=deny status=emac msg=rmagnido", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-4-29 time=14:43:23 device_id=pariatur log_id=cita log_part=tvo type=event subtype=admin pri=high user=rve ui=atemacc(10.141.108.1) action=deny status=ciunt reason=success msg=\"beataevi\"", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-5-13 time=21:45:57 device_id=imaven log_id=dmin log_part=sum type=event subtype=system pri=low user=lore ui=nim action=cancel status=edquiac msg=psamvolu", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-5-28 time=04:48:31 device_id=iade log_id=tae log_part=obe type=event subtype=admin pri=medium user=ulapari ui=rittenby(10.31.31.193) action=deny status=nvol reason=unknown msg=\"luptatem\"", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-6-11 time=11:51:06 device_id=conse log_id=ruredolo log_part=ati type=event subtype=system pri=low user=olors ui=roid(10.234.156.8) action=block status=uteiru msg=\"xer\"", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-6-25 time=18:53:40 device_id=nvol log_id=uame log_part=quia type=event subtype=update pri=very-high msg=\"labor\"", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-7-10 time=01:56:14 device_id=mwritte log_id=modit log_part=quamnih type=event subtype=config pri=medium user=itanimid ui=uiin module=nibusBo submodule=iusm msg=\"nostru\"", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-7-24 time=08:58:48 device_id=vel log_id=preh log_part=madmini type=event subtype=update pri=high msg=edutpers", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-8-7 time=16:01:23 device_id=sBonoru log_id=everi log_part=squ type=virus subtype=file-signature pri=medium from=\"utla\" to=nse src=10.160.236.78 session_id=nostrude msg=\"Attachment file (rinc) has sha1 hash value: tno\"", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-8-21 time=23:03:57 device_id=cid log_id=nonproi log_part=dolor type=event subtype=admin pri=medium user=molli ui=oeiusm(10.244.19.62) action=accept status=nnumquam reason=unknown msg=\"tdolore\"", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-9-5 time=06:06:31 device_id=icta log_id=epteu log_part=nvent type=event subtype=webmail pri=high user=mquiavol ui=odiconse(10.147.52.164) action=allow status=untutl msg=ugiatnul", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-9-19 time=13:09:05 device_id=quaturve log_id=elaudant log_part=olup type=spam pri=high session_id=\"iacon\" client_name= \"ncu3839.www.localhost\" client_ip=\"10.201.105.58\" dst_ip=\"10.251.183.113\" from=\"ent\" to=\"ionemu\" subject=\"eseosqu\" msg=\"uptatem\"", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-10-3 time=20:11:40 device_id=eprehen log_id=oinB log_part=lor type=statistics pri=low session_id=\"citatio\" client_name=\"[10.209.203.156]\"dst_ip=\"10.132.139.98\" from=\"pariat\" to=\"borisnis\" direction=\"unknown\" virus=\"oremagn\" disposition=\"emagna\" classifier=\"uidolor\" message_length=remag", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-10-18 time=03:14:14 device_id=tiumtot log_id=ulamcola log_part=epr type=event subtype=admin pri=low user=nculpa ui=enbyCice(10.152.196.145) action=block status=uptas reason=success msg=\"iadeseru\"", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-11-1 time=10:16:48 device_id=equ log_id=turadip log_part=ataev type=virus_file-signature pri=medium from=\"oree\" to=\"nimadmi\" src=\"utaliq [10.78.38.143]\" session_id=qui msg=\"Attachment file (epteurs) has sha1 hash value: did\"", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-11-15 time=17:19:22 device_id=sunt log_id=orumSe log_part=olupta type=event subtype=update pri=very-high msg=pta", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-11-30 time=00:21:57 device_id=ntutlabo log_id=leumiure log_part=tasnu type=event subtype=smtp pri=high user=amquaui=tionevol(10.209.124.81) action=allowstatus=tobesession_id=\"ssequa\" log_part=emp msg=\"to=\u003c\u003cemoeni, delay=officiad, xdelay=veniam, mailer=igmp, pri=entoreve, relay=ion3339.www.localdomain\"", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-12-14 time=07:24:31 device_id=int log_id=oremagn log_part=rnatur type=virus pri=medium from=uptatev to=\"oditem\" src=\"10.176.31.145\" session_id=\"ineavo\" msg=reseo", "tags": [ diff --git a/packages/fortinet/data_stream/fortimail/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet/data_stream/fortimail/elasticsearch/ingest_pipeline/default.yml index 56700b8b634..77a803998d6 100644 --- a/packages/fortinet/data_stream/fortimail/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet/data_stream/fortimail/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Fortinet FortiMail processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/fortinet/data_stream/fortimail/sample_event.json b/packages/fortinet/data_stream/fortimail/sample_event.json index c9970b456a7..d67dd2e4f36 100644 --- a/packages/fortinet/data_stream/fortimail/sample_event.json +++ b/packages/fortinet/data_stream/fortimail/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/fortinet/data_stream/fortimanager/_dev/test/pipeline/test-generated.log-expected.json b/packages/fortinet/data_stream/fortimanager/_dev/test/pipeline/test-generated.log-expected.json index 5c1b12e38b2..b346887d072 100644 --- a/packages/fortinet/data_stream/fortimanager/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/fortinet/data_stream/fortimanager/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=iusm devname=\"modtempo\" devid=\"olab\" vd=nto date=2016-1-29 time=6:09:59 logid=sse type=exercita subtype=der level=very-high eventtime=odoco logtime=ria srcip=10.20.234.169 srcport=1001 srcintf=eth5722 srcintfrole=vol dstip=10.44.173.44 dstport=6125 dstintf=enp0s3068 dstintfrole=nseq poluuid=itinvol sessionid=psa proto=21 action=allow policyid=ntium policytype=psaq crscore=13.800000 craction=eab crlevel=aliqu appcat=Ute service=lupt srccountry=dolore dstcountry=sequa trandisp=abo tranip=10.189.58.145 tranport=5273 duration=14.119000 sentbyte=7880 rcvdbyte=449 sentpkt=mqui app=nci", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-2-12 time=1:12:33 logver=litesse devid=orev devname=pisciv logid=uii type=umexe subtype=estlabo level=high vd=iatnu srcip=10.182.84.248 srcport=4880 srcintf=enp0s208 dstip=10.162.33.193 dstport=7200 dstintf=enp0s2581 poluuid=nulapari sessionid=mwritten proto=prm action=accept policyid=uidolor trandisp=nibus duration=72.226000 sentbyte=6378 rcvdbyte=3879 devtype=riosam osname=anonnu osversion=1.410 mastersrcmac=ameaqu srcmac=01:00:5e:84:66:6c crscore=145.047000 craction=squame crlevel=ntex eventtype=eius user=luptat service=emape hostname=aer445.host profile=eumiu reqtype=uame url=https://www.example.net/orisn/cca.htm?ofdeF=metcons#roinBCS direction=external msg=com method=eataevi cat=byC catdesc=tinculp device_id=tur log_id=atio pri=high userfrom=atemsequ adminprof=nci timezone=CEST main_type=eFini trigger_policy=amco sub_type=exe severity_level=iatu policy=ionofde src=10.62.4.246 src_port=189 dst=10.171.204.166 dst_port=6668 http_method=mol http_url=taspe http_host=mvolu http_agent=radip http_session_id=tNequ signature_subclass=gelit signature_id=6728 srccountry=tconsec content_switch_name=nsequat server_pool_name=taev false_positive_mitigation=roidents user_name=oluptas monitor_status=llu http_refer=https://api.example.org/tamremap/tur.html?radipis=isetq#estqui http_version=uasiarch dev_id=emaper threat_weight=ssitasp history_threat_weight=eum threat_level=sum ftp_mode=uaerat ftp_cmd=boreet cipher_suite=onev msg_id=tenima", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=seq dtime=2016-02-26 20:15:08.252538723 +0000 UTC devid=olorema devname=ccaecat vd=veleumi date=2016-2-26 time=8:15:08 logid=tia type=enim subtype=dqu level=medium eventtime=uian logtime=tempo srcip=10.200.188.142 srcport=4665 srcintf=eth4496 srcintfrole=eetd dstip=10.94.103.117 dstport=513 dstintf=enp0s3491 dstintfrole=doloreeu poluuid=pori sessionid=occ proto=icmp action=allow policyid=reetdolo policytype=nrepreh crscore=18.839000 craction=uiano crlevel=mrema appcat=autfu service=natura srccountry=aboris dstcountry=ima trandisp=tanimi tranip=10.15.159.80 tranport=6378 duration=121.916000 sentbyte=6517 rcvdbyte=13 sentpkt=ugiatqu app=eacomm", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=liqu devname=\"lorem\" devid=\"emq\" vd=isiu date=2016-3-12 time=3:17:42 logid=nimadmi type=iatisu subtype=iat level=low eventtime=suntinc logtime=elits srcip=10.131.233.27 srcport=5037 srcintf=eth3676 srcintfrole=eataevit dstip=10.50.112.141 dstport=7303 dstintf=eth3391 dstintfrole=olab poluuid=mquisnos sessionid=loremagn proto=1 action=cancel policyid=tsed policytype=orai crscore=61.614000 craction=incididu crlevel=eci appcat=aali service=ametcons srccountry=porainc dstcountry=amquisno trandisp=iinea tranip=10.27.88.95 tranport=776 duration=5.911000 sentbyte=1147 rcvdbyte=3269 sentpkt=tvol app=moll", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-3-26 time=10:20:16 logver=inim devid=ema devname=roinBCSe logid=onse type=tae subtype=tatno level=very-high vd=oluptate srcip=10.52.54.178 srcport=4427 srcintf=lo1567 dstip=10.37.58.155 dstport=2430 dstintf=eth6096 poluuid=ciati sessionid=ercit proto=3 action=allow policyid=eniam trandisp=reetdolo duration=165.411000 sentbyte=7651 rcvdbyte=3982 devtype=rumet osname=oll osversion=1.5670 mastersrcmac=nido srcmac=01:00:5e:c3:0a:41 crscore=71.955000 craction=itlabori crlevel=Ciceroi eventtype=aveniam user=uradi service=nimadmin hostname=olo7148.mail.home profile=snulapar reqtype=aedic url=https://api.example.com/iumto/aboreetd.gif?dun=enim#saute direction=internal msg=eriame method=lorema cat=avol catdesc=labor device_id=atuse log_id=ddoeiu pri=high userfrom=idolore adminprof=onse timezone=PST main_type=tation trigger_policy=ips sub_type=emeumfug severity_level=upta policy=omn src=10.87.212.179 src_port=1758 dst=10.157.213.15 dst_port=3539 http_method=ali http_url=nsect http_host=ntutl http_agent=caecatc http_session_id=onsequat signature_subclass=siuta signature_id=2896 srccountry=loru content_switch_name=ema server_pool_name=par false_positive_mitigation=itaut user_name=rveli monitor_status=rsint http_refer=https://example.com/idestla/Nemoeni.htm?taed=lup#remeumf http_version=antiumto dev_id=strude threat_weight=ctetura history_threat_weight=usmod threat_level=edqui ftp_mode=mquidol ftp_cmd=ita cipher_suite=ipi msg_id=rsitamet", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-4-9 time=5:22:51 logver=eseru devid=remeum devname=orain logid=quip type=oin subtype=uisquam level=high vd=tinvol srcip=10.19.68.92 srcport=1409 srcintf=enp0s33 dstip=10.38.22.45 dstport=7036 dstintf=lo1120 poluuid=ditautfu sessionid=piscing proto=icmp action=accept policyid=ostr trandisp=rudexerc duration=135.013000 sentbyte=3369 rcvdbyte=927 devtype=itaut osname=imaven osversion=1.152 mastersrcmac=umdolo srcmac=01:00:5e:f7:4a:fd crscore=169.252000 craction=tfug crlevel=icab eventtype=mwr user=fugi service=inculpaq hostname=agna7678.internal.host profile=equa reqtype=mexercit url=https://www.example.net/tasuntex/sunt.txt?ume=incidi#picia direction=unknown msg=olupt method=dit cat=sumquiad catdesc=dexeaco device_id=ivelits log_id=moenimi pri=medium userfrom=etdolo adminprof=inv timezone=CEST main_type=ommod trigger_policy=sequatur sub_type=uidolo severity_level=lumquido policy=nihi src=10.114.150.67 src_port=1407 dst=10.76.73.140 dst_port=3075 http_method=uines http_url=nsec http_host=onse http_agent=emips http_session_id=imadmi signature_subclass=ostrume signature_id=6051 srccountry=eataev content_switch_name=liquide server_pool_name=uasia false_positive_mitigation=emp user_name=aperia monitor_status=ofdeFini http_refer=https://example.org/vol/riat.htm?atvol=umiur#imad http_version=msequi dev_id=isnostru threat_weight=iquaUten history_threat_weight=santium threat_level=iciatisu ftp_mode=rehender ftp_cmd=eporroqu cipher_suite=uat msg_id=tem", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=suntinc date=2016-4-24 time=12:25:25 log_id=xeac devid=nidolo devname=tatn logid=eli type=nnu subtype=dolo level=low vd=nse srcip=10.202.204.239 srcport=7783 srcintf=lo2857 dstip=10.147.28.176 dstport=7432 dstintf=enp0s1462 poluuid=mporain sessionid=icons proto=0 action=accept policyid=sequi trandisp=rehend duration=3.138000 sentbyte=6354 rcvdbyte=3605 devtype=numqu osname=qui osversion=1.4059 mastersrcmac=equi srcmac=01:00:5e:68:86:a1 crscore=72.701000 craction=tat crlevel=ipitla eventtype=quae user=maccusa service=uptat hostname=equep5085.mail.domain profile=aqu reqtype=rpo url=https://www.example.org/inesci/serror.html?mqu=apariat#tlabore direction=internal msg=ihilm method=atDu cat=eav catdesc=ionevo device_id=remagn log_id=run pri=very-high userfrom=iamquis adminprof=quirat timezone=CET main_type=ittenbyC trigger_policy=isc sub_type=aturve severity_level=emulla policy=mpori src=10.195.36.51 src_port=3905 dst=10.95.64.124 dst_port=7042 http_method=iadese http_url=nsectet http_host=utla http_agent=utei http_session_id=laborum signature_subclass=tionof signature_id=7613 srccountry=oin content_switch_name=lapari server_pool_name=data false_positive_mitigation=dolor user_name=nnum monitor_status=eritqu http_refer=https://internal.example.net/wri/bor.jpg?hitect=dol#leumiu http_version=namali dev_id=taevit threat_weight=rinrepre history_threat_weight=etconse threat_level=tincu ftp_mode=ari ftp_cmd=exercit cipher_suite=sci msg_id=quamnih", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=occae dtime=2016-05-08 07:27:59.552538723 +0000 UTC devid=ctetura devname=labore vd=texp date=2016-5-8 time=7:27:59 logid=tMalor type=acc subtype=amc level=very-high eventtime=amest logtime=corp srcip=10.176.216.90 srcport=2428 srcintf=eth2591 srcintfrole=dantiumt dstip=10.186.85.3 dstport=5366 dstintf=lo821 dstintfrole=ento poluuid=pic sessionid=evita proto=prm action=allow policyid=duntut policytype=magni crscore=102.339000 craction=uptat crlevel=uam appcat=boris service=nti srccountry=abi dstcountry=sectetur trandisp=uioffi tranip=10.114.16.155 tranport=1608 duration=62.941000 sentbyte=5110 rcvdbyte=3818 sentpkt=ipi app=reseos", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=mcolab date=2016-5-22 time=2:30:33 log_id=neav devid=oquisqu devname=sperna logid=eabilloi type=estia subtype=tper level=very-high vd=volupt srcip=10.188.169.107 srcport=2138 srcintf=eth6448 dstip=10.214.7.83 dstport=1696 dstintf=lo1616 poluuid=tenatu sessionid=uun proto=HOPOPT action=cancel policyid=ectio trandisp=dutper duration=4.781000 sentbyte=3423 rcvdbyte=3252 devtype=radi osname=gel osversion=1.3917 mastersrcmac=iduntu srcmac=01:00:5e:21:f5:0a crscore=57.435000 craction=uamqu crlevel=lor eventtype=oide user=dolore service=amvolu hostname=eturadi6608.mail.host profile=aera reqtype=ate url=https://api.example.com/nimid/itatione.htm?umwr=oluptate#issus direction=inbound msg=uaUteni method=udantium cat=pre catdesc=xeacom device_id=stlabo log_id=dictasu pri=low userfrom=catc adminprof=nsect timezone=GMT-07:00 main_type=asia trigger_policy=econs sub_type=uir severity_level=dol policy=essecil src=10.23.62.94 src_port=4368 dst=10.61.163.4 dst_port=1232 http_method=luptatem http_url=atem http_host=gnido http_agent=ratvolu http_session_id=olup signature_subclass=numqua signature_id=1411 srccountry=inculpa content_switch_name=abo server_pool_name=veniamqu false_positive_mitigation=nse user_name=non monitor_status=paquioff http_refer=https://www5.example.org/maven/hende.jpg?labor=didunt#uptatema http_version=intocc dev_id=liqu threat_weight=eporr history_threat_weight=xeacomm threat_level=mveleu ftp_mode=nofdeFin ftp_cmd=sequam cipher_suite=temvel msg_id=ris", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-6-5 time=9:33:08 logver=nisiuta devid=tvolu devname=ecte logid=tinvolu type=iurer subtype=iciadese level=medium vd=gnaaliq srcip=10.52.135.156 srcport=2660 srcintf=eth4502 dstip=10.133.89.11 dstport=1098 dstintf=lo4901 poluuid=sintoc sessionid=volupt proto=1 action=deny policyid=uiinea trandisp=Utenima duration=111.502000 sentbyte=1871 rcvdbyte=5074 devtype=ptatem osname=Nequepor osversion=1.2580 mastersrcmac=ugiatnu srcmac=01:00:5e:4a:7f:b8 crscore=103.738000 craction=mnisi crlevel=scivelit eventtype=tDuisaut user=oinBC service=quameius hostname=ipsumdol4488.api.localdomain profile=ommodico reqtype=ptas url=https://example.com/tetu/stru.htm?tlabore=Exc#pora direction=unknown msg=uteirure method=nevo cat=ide catdesc=aali device_id=adip log_id=tium pri=very-high userfrom=iusmodi adminprof=uamest timezone=PST main_type=uiac trigger_policy=epte sub_type=idolo severity_level=quinesc policy=madmi src=10.28.76.42 src_port=3427 dst=10.106.31.86 dst_port=4198 http_method=sno http_url=atno http_host=tani http_agent=volu http_session_id=nonn signature_subclass=inventor signature_id=6088 srccountry=autf content_switch_name=quamni server_pool_name=iatisu false_positive_mitigation=sec user_name=cons monitor_status=sBon http_refer=https://www.example.com/tae/ccaec.htm?aperiame=isc#ullamcor http_version=tobea dev_id=tor threat_weight=qui history_threat_weight=ntmollit threat_level=tenatus ftp_mode=cipitlab ftp_cmd=ipsumd cipher_suite=antiu msg_id=uirati", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=ersp dtime=2016-06-20 04:35:42.332538723 +0000 UTC devid=tquov devname=diconseq vd=inven date=2016-6-20 time=4:35:42 logid=osquira type=tes subtype=mquame level=medium eventtime=tnulapa logtime=orain srcip=10.238.164.74 srcport=2201 srcintf=lo4249 srcintfrole=madmi dstip=10.106.162.153 dstport=341 dstintf=lo7114 dstintfrole=amvo poluuid=qui sessionid=tasn proto=1 action=accept policyid=squirati policytype=Sedutp crscore=92.058000 craction=nbyCic crlevel=utlabor appcat=itessequ service=porro srccountry=ine dstcountry=lup trandisp=tatemUt tranip=10.58.214.16 tranport=508 duration=166.566000 sentbyte=2715 rcvdbyte=7130 sentpkt=pici app=abor", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=tquiin dtime=2016-07-04 11:38:16.592538723 +0000 UTC devid=tse devname=tenimad vd=minimav date=2016-7-4 time=11:38:16 logid=udexerci type=naal subtype=lore level=high eventtime=idolore logtime=pid srcip=10.225.141.20 srcport=2282 srcintf=enp0s4046 srcintfrole=natuse dstip=10.217.150.196 dstport=4639 dstintf=lo2438 dstintfrole=archite poluuid=loreme sessionid=untu proto=6 action=cancel policyid=datatno policytype=siutali crscore=49.988000 craction=usmodte crlevel=msequi appcat=tau service=exercita srccountry=ris dstcountry=eumiu trandisp=orumSe tranip=10.110.31.190 tranport=945 duration=12.946000 sentbyte=248 rcvdbyte=5300 sentpkt=eeufugia app=evit", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-7-18 time=6:40:50 devname=molli device_id=velitse log_id=oditem type=generic subtype=gitsedqu pri=very-high devid=oremi devname=mestq logid=temUt type=olor subtype=ineavo level=very-high vd=mquelau srcip=10.168.236.85 srcport=6846 srcintf=eth651 dstip=10.140.113.244 dstport=4374 dstintf=lo4367 poluuid=fugitsed sessionid=quam proto=tcp action=deny policyid=fugiat trandisp=atisun duration=101.653000 sentbyte=3962 rcvdbyte=7741 devtype=dmin osname=fugi osversion=1.3319 mastersrcmac=inci srcmac=01:00:5e:e6:ad:ae crscore=39.291000 craction=avol crlevel=icero eventtype=xer user=emipsumd service=isisten hostname=cusant4946.www.domain profile=itecto reqtype=reetdol url=https://api.example.com/isnostr/umqu.htm?emquia=inesci#isnisi direction=unknown msg=aquioffi method=tamet cat=quatur catdesc=uisa device_id=eFi log_id=mexe pri=high userfrom=rpori adminprof=ice timezone=GMT+02:00 main_type=entorev trigger_policy=commodo sub_type=conseq severity_level=ame policy=tatn src=10.137.56.173 src_port=3932 dst=10.69.103.176 dst_port=1229 http_method=umdolo http_url=uptate http_host=amc http_agent=cusant http_session_id=orumSe signature_subclass=ratv signature_id=5227 srccountry=dutp content_switch_name=psaquaea server_pool_name=taevita false_positive_mitigation=ameiusm user_name=proide monitor_status=ano http_refer=https://www5.example.org/tvol/velitess.htm?edqui=nre#veli http_version=volupta dev_id=rnatu threat_weight=elitse history_threat_weight=ima threat_level=quasia ftp_mode=adi ftp_cmd=umwrit cipher_suite=uptate msg_id=mac", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=dolore devname=\"onsecte\" devid=\"nBCSedut\" vd=ugiat date=2016-8-2 time=1:43:25 logid=onulam type=ate subtype=odoconse level=high eventtime=quatu logtime=veli srcip=10.30.47.165 srcport=631 srcintf=eth267 srcintfrole=sectet dstip=10.5.235.217 dstport=3689 dstintf=lo5047 dstintfrole=pitl poluuid=por sessionid=quidexea proto=tcp action=deny policyid=runtmol policytype=texpli crscore=57.772000 craction=ptass crlevel=rita appcat=esseci service=tametcon srccountry=liqua dstcountry=mvele trandisp=isis tranip=10.25.212.118 tranport=1190 duration=179.686000 sentbyte=238 rcvdbyte=7122 sentpkt=dantium app=lor", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-8-16 time=8:45:59 logver=onemulla devid=dolorem devname=tvolu logid=nreprehe type=tetu subtype=mdol level=high vd=nby srcip=10.20.26.210 srcport=2791 srcintf=eth5968 dstip=10.85.96.153 dstport=5286 dstintf=eth4392 poluuid=nsequat sessionid=doloreme proto=0 action=deny policyid=reprehe trandisp=tincu duration=93.111000 sentbyte=2826 rcvdbyte=6247 devtype=lor osname=oraincid osversion=1.225 mastersrcmac=emeumfug srcmac=01:00:5e:1d:39:39 crscore=114.626000 craction=liqua crlevel=olo eventtype=psumqu user=untincul service=iduntu hostname=ccaeca5504.internal.example profile=reseo reqtype=oreetd url=https://example.org/tiaec/rumwrit.txt?oconsequ=edquiac#urerepr direction=external msg=ercit method=etMal cat=qua catdesc=rsita device_id=ate log_id=ipsamvo pri=low userfrom=adeseru adminprof=tdol timezone=CET main_type=rem trigger_policy=asper sub_type=idunt severity_level=luptat policy=eveli src=10.149.13.76 src_port=7809 dst=10.40.152.253 dst_port=1478 http_method=ritt http_url=iaeco http_host=equaturv http_agent=siu http_session_id=snost signature_subclass=tpersp signature_id=2624 srccountry=quaea content_switch_name=ametcons server_pool_name=utali false_positive_mitigation=porinc user_name=tetur monitor_status=xce http_refer=https://example.com/aincidu/nimadmin.jpg?itinv=eumfugi#etdolor http_version=lupta dev_id=xeaco threat_weight=nvolupt history_threat_weight=oremi threat_level=elites ftp_mode=nbyCi ftp_cmd=tevel cipher_suite=usc msg_id=rem", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=cab dtime=2016-08-30 15:48:33.632538723 +0000 UTC devid=atisund devname=xea vd=ites date=2016-8-30 time=3:48:33 logid=isetq type=iutali subtype=velite level=high eventtime=avolupt logtime=ariatur srcip=10.98.194.212 srcport=5469 srcintf=lo1208 srcintfrole=atisetqu dstip=10.51.213.42 dstport=988 dstintf=enp0s3449 dstintfrole=ilmol poluuid=eri sessionid=quunt proto=HOPOPT action=deny policyid=mquae policytype=eriti crscore=96.729000 craction=cidunt crlevel=plica appcat=ore service=quidolor srccountry=inven dstcountry=eufugi trandisp=accusant tranip=10.233.120.207 tranport=136 duration=171.844000 sentbyte=2859 rcvdbyte=4844 sentpkt=eaqu app=nvol", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=leumiu devname=\"tla\" devid=\"item\" vd=nimid date=2016-9-13 time=10:51:07 logid=dat type=periam subtype=dqu level=high eventtime=dminima logtime=dutpers srcip=10.245.187.229 srcport=4953 srcintf=lo3642 srcintfrole=prehen dstip=10.67.132.242 dstport=2340 dstintf=enp0s2700 dstintfrole=sequa poluuid=iosamnis sessionid=volupt proto=6 action=allow policyid=idid policytype=tesse crscore=64.509000 craction=boru crlevel=ptateve appcat=enderi service=ptatem srccountry=ptatevel dstcountry=tenatuse trandisp=psaqua tranip=10.241.132.176 tranport=7224 duration=167.705000 sentbyte=6595 rcvdbyte=7301 sentpkt=tame app=atione", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-9-28 time=5:53:42 logver=vitaedic devid=orin devname=uii logid=estl type=sitam subtype=orem level=very-high vd=uuntur srcip=10.210.28.247 srcport=3449 srcintf=eth4185 dstip=10.237.180.17 dstport=3023 dstintf=lo7672 poluuid=tate sessionid=onevo proto=6 action=allow policyid=aeconseq trandisp=lor duration=96.560000 sentbyte=2760 rcvdbyte=1775 devtype=emqu osname=riss osversion=1.1847 mastersrcmac=sitvol srcmac=01:00:5e:a5:5a:54 crscore=129.120000 craction=olorsi crlevel=aliq eventtype=mes user=mven service=olorsit hostname=tore7088.www.invalid profile=ruredo reqtype=mac url=https://mail.example.org/ptassita/its.gif?risnis=uov#itlab direction=outbound msg=sBono method=loremqu cat=tetur catdesc=amvo device_id=siuta log_id=urmagn pri=low userfrom=uptat adminprof=idex timezone=GMT+02:00 main_type=tatione trigger_policy=nimveni sub_type=idi severity_level=ore policy=quid src=10.212.214.4 src_port=6040 dst=10.199.47.220 dst_port=4084 http_method=oin http_url=hil http_host=cingel http_agent=modocon http_session_id=ipsu signature_subclass=ntNeq signature_id=1081 srccountry=aUt content_switch_name=boNem server_pool_name=nturm false_positive_mitigation=emips user_name=atv monitor_status=onu http_refer=https://www5.example.net/alorum/obeataev.gif?atDu=nsec#quidolor http_version=oqu dev_id=naaliq threat_weight=remeu history_threat_weight=osquir threat_level=mod ftp_mode=col ftp_cmd=mve cipher_suite=liquide msg_id=odt", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-10-12 time=12:56:16 logver=inv devid=rroq devname=rcit logid=aecatcup type=olabor subtype=estl level=very-high vd=citatio srcip=10.168.40.197 srcport=7699 srcintf=enp0s3071 dstip=10.206.69.135 dstport=6396 dstintf=eth3862 poluuid=utfug sessionid=aturQu proto=udp action=deny policyid=mipsamvo trandisp=eiusmod duration=91.147000 sentbyte=6153 rcvdbyte=4059 devtype=oreveri osname=ehende osversion=1.760 mastersrcmac=Except srcmac=01:00:5e:bf:07:ee crscore=45.760000 craction=dol crlevel=sciun eventtype=metcons user=itasper service=uae hostname=mve1890.internal.home profile=tatemU reqtype=mad url=https://www.example.org/redol/gnaa.htm?aliquamq=dtempori#toditaut direction=unknown msg=dexerc method=strumex cat=eprehend catdesc=asnu device_id=hitec log_id=henderit pri=medium userfrom=perspici adminprof=ationul timezone=PST main_type=itsedq trigger_policy=uto sub_type=emUte severity_level=molestia policy=quir src=10.46.56.204 src_port=2463 dst=10.234.165.130 dst_port=7079 http_method=umf http_url=quames http_host=dolorsit http_agent=archite http_session_id=remq signature_subclass=veniamq signature_id=1236 srccountry=uta content_switch_name=emo server_pool_name=itq false_positive_mitigation=derit user_name=orese monitor_status=dolor http_refer=https://mail.example.com/ntexpl/dunt.jpg?yCic=nder#mdolore http_version=Cic dev_id=olorema threat_weight=mollita history_threat_weight=tatem threat_level=iae ftp_mode=quido ftp_cmd=emip cipher_suite=inBC msg_id=mol", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=turadipi date=2016-10-26 time=7:58:50 log_id=usmodi devid=ree devname=saquaea logid=ation type=luptas subtype=minim level=very-high vd=lorsi srcip=10.61.123.159 srcport=754 srcintf=eth7713 dstip=10.141.158.225 dstport=4690 dstintf=lo1586 poluuid=ate sessionid=idolor proto=1 action=block policyid=nreprehe trandisp=onse duration=71.505000 sentbyte=4010 rcvdbyte=4527 devtype=duntutla osname=ntium osversion=1.4450 mastersrcmac=asuntexp srcmac=01:00:5e:26:56:73 crscore=5.843000 craction=nse crlevel=modoc eventtype=boNem user=iumt service=tsed hostname=eturad6143.www.home profile=uamnihil reqtype=llam url=https://example.net/aparia/tatnon.jpg?rever=ore#offici direction=outbound msg=metco method=acom cat=ceroinB catdesc=nim device_id=utaliqu log_id=rsi pri=high userfrom=imadmi adminprof=isnis timezone=CEST main_type=olupta trigger_policy=tsuntinc sub_type=inrepreh severity_level=quovo policy=urExcep src=10.128.46.70 src_port=5269 dst=10.95.117.134 dst_port=1723 http_method=acommodi http_url=essecill http_host=billoi http_agent=moles http_session_id=dipiscin signature_subclass=olup signature_id=5976 srccountry=undeomni content_switch_name=accusa server_pool_name=natu false_positive_mitigation=liquid user_name=enim monitor_status=Finibus http_refer=https://www.example.org/xeacom/des.gif?umdolo=ntiu#radipisc http_version=Cice dev_id=taedi threat_weight=tquido history_threat_weight=ptasnula threat_level=oru ftp_mode=ill ftp_cmd=mporinc cipher_suite=onsectet msg_id=idolo", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2016-11-10 time=3:01:24 logver=edolo devid=ugiatquo devname=ntium logid=uptate type=lloinven subtype=econs level=medium vd=tetura srcip=10.135.106.42 srcport=6602 srcintf=lo154 dstip=10.224.30.160 dstport=5302 dstintf=eth1247 poluuid=etconsec sessionid=caboNem proto=21 action=cancel policyid=rumetMal trandisp=oconse duration=2.970000 sentbyte=7685 rcvdbyte=1506 devtype=sequam osname=oditempo osversion=1.7544 mastersrcmac=taliqui srcmac=01:00:5e:98:79:a3 crscore=78.248000 craction=rcitat crlevel=dolorema eventtype=emagn user=radipis service=ctetu hostname=orinrep5386.www.corp profile=stenatus reqtype=equep url=https://www.example.com/tali/BCS.txt?iqu=niamqu#equamnih direction=inbound msg=autemv method=emq cat=plicaboN catdesc=amc device_id=vol log_id=admi pri=medium userfrom=culpaq adminprof=saute timezone=GMT+02:00 main_type=ende trigger_policy=abor sub_type=magnid severity_level=adol policy=iutal src=10.208.21.135 src_port=2721 dst=10.253.228.140 dst_port=6748 http_method=ugitse http_url=quiineav http_host=billoinv http_agent=sci http_session_id=col signature_subclass=obea signature_id=5700 srccountry=tatev content_switch_name=luptas server_pool_name=uptatem false_positive_mitigation=oinv user_name=inculp monitor_status=onofd http_refer=https://internal.example.org/nisiu/imad.html?ptatem=itasp#dexe http_version=tat dev_id=onproide threat_weight=ntmo history_threat_weight=loreeu threat_level=temse ftp_mode=aspernat ftp_cmd=ume cipher_suite=caecat msg_id=rautod", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=ercitat date=2016-11-24 time=10:03:59 log_id=lapar devid=ritati devname=edquia logid=itesse type=mullam subtype=mexerc level=medium vd=amvolu srcip=10.120.231.161 srcport=1129 srcintf=lo653 dstip=10.210.62.203 dstport=4381 dstintf=lo3057 poluuid=ataevita sessionid=oremqu proto=6 action=cancel policyid=velitsed trandisp=magnaali duration=92.900000 sentbyte=3984 rcvdbyte=4009 devtype=ulla osname=equatDu osversion=1.1710 mastersrcmac=aconse srcmac=01:00:5e:92:c2:23 crscore=20.350000 craction=squira crlevel=aliqui eventtype=ess user=uide service=scivel hostname=henderi724.www5.home profile=tquas reqtype=aquio url=https://www.example.com/iame/orroquis.htm?tiumd=ntmoll#mexer direction=internal msg=isnostru method=nofdeFi cat=aquioff catdesc=saqu device_id=remips log_id=illoi pri=medium userfrom=abori adminprof=uisnostr timezone=GMT+02:00 main_type=ilmole trigger_policy=ugi sub_type=niamquis severity_level=nisi policy=emveleum src=10.243.226.122 src_port=3512 dst=10.3.23.172 dst_port=7332 http_method=emullamc http_url=tec http_host=Nemo http_agent=tutlabo http_session_id=mveleum signature_subclass=liq signature_id=7229 srccountry=sBonorum content_switch_name=atems server_pool_name=quira false_positive_mitigation=tassita user_name=olorem monitor_status=sedquiac http_refer=https://www.example.com/atDuis/asnulapa.html?rumwri=velill#ore http_version=tation dev_id=loinve threat_weight=tatevel history_threat_weight=iumdolo threat_level=untu ftp_mode=ict ftp_cmd=squirati cipher_suite=tem msg_id=mestq", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=luptate date=2016-12-8 time=5:06:33 log_id=llamc devid=eleumiu devname=uei logid=Nequepo type=radipis subtype=cive level=low vd=orumSec srcip=10.56.74.7 srcport=6149 srcintf=eth2940 dstip=10.73.10.215 dstport=2079 dstintf=lo3472 poluuid=oeni sessionid=untutlab proto=0 action=cancel policyid=consecte trandisp=pteurs duration=26.872000 sentbyte=617 rcvdbyte=1651 devtype=ons osname=tiaecon osversion=1.5380 mastersrcmac=unt srcmac=01:00:5e:99:7b:4a crscore=124.392000 craction=queporro crlevel=uid eventtype=snostrum user=psa service=nculpaq hostname=reseosqu1629.mail.lan profile=utemvel reqtype=epteur url=https://www.example.net/iame/laudanti.htm?stquido=rsitvolu#mnisi direction=external msg=uameiusm method=adm cat=gelitsed catdesc=tiumto device_id=cor log_id=odoco pri=high userfrom=labore adminprof=ianonnu timezone=PST main_type=rum trigger_policy=erc sub_type=ehende severity_level=tutla policy=licaboNe src=10.94.242.80 src_port=2724 dst=10.106.85.174 dst_port=307 http_method=atiset http_url=serror http_host=onse http_agent=umquam http_session_id=emagn signature_subclass=emulla signature_id=1963 srccountry=iquaUt content_switch_name=mnihilm server_pool_name=redo false_positive_mitigation=etMaloru user_name=lmo monitor_status=iquidex http_refer=https://www.example.org/remipsu/tan.html?mcorpor=doconse#etdol http_version=dolorsi dev_id=nturmag threat_weight=tura history_threat_weight=osquirat threat_level=equat ftp_mode=aliquid ftp_cmd=usantiu cipher_suite=idunt msg_id=atqu", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=liquam dtime=2016-12-23 00:09:07.712538723 +0000 UTC devid=min devname=oluptat vd=odt date=2016-12-23 time=12:09:07 logid=rspici type=snisi subtype=magnaal level=low eventtime=etquasia logtime=nula srcip=10.117.63.181 srcport=5299 srcintf=lo7416 srcintfrole=Cicero dstip=10.247.53.179 dstport=6493 dstintf=lo3706 dstintfrole=atemaccu poluuid=veritat sessionid=aliquipe proto=3 action=block policyid=aer policytype=osquira crscore=171.144000 craction=minim crlevel=scipi appcat=tur service=acon srccountry=Nemoenim dstcountry=usm trandisp=labori tranip=10.168.20.20 tranport=68 duration=167.038000 sentbyte=7188 rcvdbyte=5749 sentpkt=xeac app=umdolors", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=uiadolo date=2017-1-6 time=7:11:41 log_id=empor devid=umexerci devname=duntut logid=uovol type=prehend subtype=eufug level=low vd=eufug srcip=10.100.53.8 srcport=4318 srcintf=eth5767 dstip=10.163.17.172 dstport=854 dstintf=enp0s3903 poluuid=upta sessionid=atc proto=3 action=block policyid=upta trandisp=itessequ duration=165.935000 sentbyte=4211 rcvdbyte=405 devtype=exerci osname=idata osversion=1.2208 mastersrcmac=usmod srcmac=01:00:5e:c0:47:f3 crscore=135.374000 craction=isiutali crlevel=iquidexe eventtype=illumq user=luptatem service=ite hostname=tasnul4179.internal.host profile=amvo reqtype=tnul url=https://www.example.org/ess/quiad.jpg?ten=litanim#rQuisaut direction=inbound msg=modico method=metco cat=cillu catdesc=iuntNeq device_id=eddoei log_id=rsin pri=very-high userfrom=eriam adminprof=pernat timezone=CEST main_type=imve trigger_policy=essequam sub_type=ueporro severity_level=aliqu policy=upt src=10.141.156.217 src_port=2700 dst=10.53.168.187 dst_port=73 http_method=emacc http_url=emp http_host=lamcola http_agent=veli http_session_id=venia signature_subclass=risni signature_id=1535 srccountry=uat content_switch_name=onemulla server_pool_name=riaturEx false_positive_mitigation=deri user_name=amqu monitor_status=lorsitam http_refer=https://api.example.org/onpr/litseddo.gif?oremqu=idex#radip http_version=upta dev_id=tetura threat_weight=rumet history_threat_weight=uptasnul threat_level=antiumdo ftp_mode=ecill ftp_cmd=iduntu cipher_suite=pisci msg_id=sunt", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-1-20 time=2:14:16 devname=oco device_id=aboree log_id=ainci type=generic subtype=osqu pri=very-high devid=sus devname=imavenia logid=expli type=ugiat subtype=rnat level=low vd=orem srcip=10.37.174.58 srcport=3193 srcintf=lo2990 dstip=10.249.60.66 dstport=4859 dstintf=enp0s1732 poluuid=eve sessionid=tco proto=3 action=accept policyid=oluptate trandisp=lit duration=70.988000 sentbyte=6327 rcvdbyte=837 devtype=oquisqu osname=turadip osversion=1.3402 mastersrcmac=amc srcmac=01:00:5e:dd:dc:44 crscore=160.379000 craction=apar crlevel=runtm eventtype=eturadip user=olorsi service=itseddo hostname=bore5546.www.local profile=labo reqtype=lpaquiof url=https://example.com/xeac/llitanim.txt?oreverit=scip#Finibus direction=inbound msg=eufugia method=ncididun cat=hen catdesc=periamea device_id=itametco log_id=vel pri=high userfrom=rere adminprof=pta timezone=CEST main_type=equeporr trigger_policy=met sub_type=volup severity_level=ptate policy=entsu src=10.44.198.184 src_port=5695 dst=10.189.82.19 dst_port=4267 http_method=odoc http_url=atura http_host=tur http_agent=tur http_session_id=atnonpr signature_subclass=ita signature_id=7570 srccountry=colabori content_switch_name=imidestl server_pool_name=piscing false_positive_mitigation=ceroi user_name=iconsequ monitor_status=iat http_refer=https://www.example.net/siuta/atev.htm?CSe=exerci#inesciu http_version=quid dev_id=atcupid threat_weight=onse history_threat_weight=psa threat_level=ate ftp_mode=con ftp_cmd=tqu cipher_suite=eirur msg_id=dese", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=mquisnos date=2017-2-3 time=9:16:50 log_id=lore devid=isci devname=Dui logid=reetdo type=ever subtype=civelits level=high vd=quiav srcip=10.154.34.15 srcport=5986 srcintf=enp0s4064 dstip=10.153.172.249 dstport=7030 dstintf=enp0s3067 poluuid=henderit sessionid=remq proto=21 action=cancel policyid=tla trandisp=arch duration=52.795000 sentbyte=5453 rcvdbyte=3097 devtype=ror osname=onsecte osversion=1.91 mastersrcmac=aecatcup srcmac=01:00:5e:58:7e:f5 crscore=133.560000 craction=quas crlevel=occaeca eventtype=eturadip user=ent service=rumSecti hostname=Utenima260.mail.invalid profile=cept reqtype=aedictas url=https://api.example.org/orio/gna.gif?aaliquaU=olu#iameaque direction=external msg=essequa method=aquio cat=rspicia catdesc=deom device_id=oluptat log_id=roinBCSe pri=medium userfrom=onproide adminprof=uamnih timezone=GMT+02:00 main_type=tatisetq trigger_policy=uidolo sub_type=umdolore severity_level=dmi policy=tam src=10.151.170.207 src_port=1400 dst=10.181.183.104 dst_port=5554 http_method=amni http_url=tatio http_host=amquisno http_agent=modoc http_session_id=magnam signature_subclass=uinesc signature_id=4248 srccountry=idatat content_switch_name=onev server_pool_name=orsi false_positive_mitigation=ntsunt user_name=iosamni monitor_status=idu http_refer=https://example.net/idolo/reet.txt?its=umdolor#isiu http_version=assi dev_id=eserun threat_weight=rvelill history_threat_weight=lupta threat_level=byC ftp_mode=imadm ftp_cmd=uta cipher_suite=tisu msg_id=remagnam", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=iumdo date=2017-2-18 time=4:19:24 log_id=iusmodit devid=aturv devname=ectetura logid=obeataev type=umf subtype=olesti level=low vd=quaeabil srcip=10.19.99.129 srcport=956 srcintf=eth62 dstip=10.205.132.218 dstport=1643 dstintf=enp0s5908 poluuid=inim sessionid=etdol proto=17 action=deny policyid=oremeumf trandisp=lesti duration=49.961000 sentbyte=3376 rcvdbyte=6209 devtype=enima osname=tnulapar osversion=1.7278 mastersrcmac=sequ srcmac=01:00:5e:4a:1d:f8 crscore=84.522000 craction=tionula crlevel=accus eventtype=uatu user=mquis service=lab hostname=uido2046.mail.lan profile=tena reqtype=aal url=https://mail.example.org/nimadmin/lumqui.txt?iquip=tinculpa#umtota direction=external msg=rumSecti method=riamea cat=eca catdesc=oluptate device_id=Duisa log_id=consequa pri=low userfrom=iaecon adminprof=aevitaed timezone=PT main_type=rep trigger_policy=remap sub_type=deri severity_level=quaeratv policy=involu src=10.70.7.23 src_port=2758 dst=10.130.240.11 dst_port=6515 http_method=odic http_url=iuta http_host=liquaUte http_agent=scivelit http_session_id=Nequ signature_subclass=quid signature_id=1044 srccountry=lloinve content_switch_name=borisnis server_pool_name=onorumet false_positive_mitigation=ptatema user_name=eavolup monitor_status=ipsumq http_refer=https://www.example.org/tno/iss.gif?ptatev=atu#teturad http_version=eturad dev_id=tDuis threat_weight=mwritten history_threat_weight=tat threat_level=equ ftp_mode=sumdolo ftp_cmd=idolorem cipher_suite=temvele msg_id=oremque", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=inimve devname=\"uio\" devid=\"mexercit\" vd=byC date=2017-3-4 time=11:21:59 logid=uae type=oremip subtype=its level=very-high eventtime=iavol logtime=natuserr srcip=10.37.161.101 srcport=1552 srcintf=enp0s6659 srcintfrole=evit dstip=10.111.182.212 dstport=4493 dstintf=lo6533 dstintfrole=lamco poluuid=tion sessionid=hender proto=icmp action=deny policyid=seq policytype=rumSe crscore=88.660000 craction=madmi crlevel=tlabore appcat=idunt service=expl srccountry=olore dstcountry=uian trandisp=atuserro tranip=10.17.209.252 tranport=2119 duration=135.770000 sentbyte=313 rcvdbyte=6509 sentpkt=oinBCS app=itsedd", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=ipis devname=\"itautfu\" devid=\"nesci\" vd=tam date=2017-3-18 time=6:24:33 logid=sin type=idexeac subtype=nimadmin level=medium eventtime=edutper logtime=tevelite srcip=10.158.175.98 srcport=1491 srcintf=enp0s7649 srcintfrole=oinBCSed dstip=10.170.196.181 dstport=6994 dstintf=enp0s5873 dstintfrole=obeatae poluuid=iquid sessionid=evo proto=udp action=allow policyid=mqu policytype=pteursi crscore=98.596000 craction=expl crlevel=essecill appcat=totamre service=rpo srccountry=velites dstcountry=nonpro trandisp=nula tranip=10.153.166.133 tranport=4638 duration=39.506000 sentbyte=6610 rcvdbyte=1936 sentpkt=olu app=imide", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-4-2 time=1:27:07 logver=amn devid=itessequ devname=porissu logid=umd type=sumd subtype=sectetur level=low vd=aUtenima srcip=10.62.10.137 srcport=5596 srcintf=lo6539 dstip=10.138.249.251 dstport=630 dstintf=eth1576 poluuid=deritinv sessionid=evelite proto=6 action=accept policyid=stiaecon trandisp=usBono duration=155.835000 sentbyte=3942 rcvdbyte=5360 devtype=ttenb osname=olor osversion=1.5978 mastersrcmac=lapa srcmac=01:00:5e:b0:3e:44 crscore=105.845000 craction=lors crlevel=oluptat eventtype=enimad user=tis service=qua hostname=con6049.internal.lan profile=quelaud reqtype=luptat url=https://internal.example.com/temse/caecat.jpg?emeu=tatemac#quisn direction=inbound msg=teursint method=etMa cat=llita catdesc=ntsunt device_id=nturmag log_id=uredol pri=high userfrom=temsequi adminprof=mquia timezone=ET main_type=enbyCic trigger_policy=iveli sub_type=conseq severity_level=itame policy=tenat src=10.63.171.91 src_port=4396 dst=10.48.25.200 dst_port=5179 http_method=nse http_url=mveniam http_host=tuser http_agent=mmo http_session_id=eve signature_subclass=nbyCicer signature_id=6129 srccountry=ciad content_switch_name=ugiatqu server_pool_name=eruntmo false_positive_mitigation=nimve user_name=usanti monitor_status=ion http_refer=https://mail.example.org/gelits/iavo.txt?udexerc=ovolupta#volup http_version=macc dev_id=ria threat_weight=beat history_threat_weight=rro threat_level=tuser ftp_mode=ctasu ftp_cmd=irat cipher_suite=sitame msg_id=oinven", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=ute dtime=2017-04-16 08:29:41.792538723 +0000 UTC devid=mexer devname=iam vd=Bonoru date=2017-4-16 time=8:29:41 logid=rcitati type=nula subtype=ameaquei level=low eventtime=adipi logtime=mquis srcip=10.174.17.46 srcport=2743 srcintf=eth6814 srcintfrole=ine dstip=10.77.105.81 dstport=4455 dstintf=enp0s7799 dstintfrole=orem poluuid=giatqu sessionid=rsint proto=udp action=allow policyid=paq policytype=uianon crscore=60.762000 craction=uisautem crlevel=mquameiu appcat=loremq service=turmagni srccountry=ores dstcountry=ddoe trandisp=uid tranip=10.38.168.190 tranport=7260 duration=129.140000 sentbyte=368 rcvdbyte=7791 sentpkt=incidi app=aedictas", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=temaccus devname=\"ons\" devid=\"unt\" vd=liq date=2017-4-30 time=3:32:16 logid=abore type=iumdo subtype=oreeu level=high eventtime=exe logtime=tis srcip=10.36.99.207 srcport=4829 srcintf=lo497 srcintfrole=tvol dstip=10.225.37.73 dstport=5630 dstintf=eth1882 dstintfrole=eniamqu poluuid=iumt sessionid=porissus proto=udp action=cancel policyid=tsunt policytype=rnat crscore=88.508000 craction=ured crlevel=ctetu appcat=oreeu service=uasiarch srccountry=Malor dstcountry=boriosa trandisp=cillumdo tranip=10.166.142.198 tranport=4151 duration=1.040000 sentbyte=465 rcvdbyte=7663 sentpkt=oreetd app=lor", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=etc devname=\"eturadip\" devid=\"nost\" vd=atus date=2017-5-14 time=10:34:50 logid=tassitas type=obea subtype=velite level=medium eventtime=litse logtime=san srcip=10.66.90.225 srcport=4846 srcintf=lo4891 srcintfrole=moenimi dstip=10.214.156.161 dstport=3854 dstintf=eth1188 dstintfrole=ati poluuid=rauto sessionid=doloreeu proto=6 action=block policyid=eumfu policytype=docons crscore=3.408000 craction=eumf crlevel=roquisq appcat=uasi service=maveniam srccountry=uis dstcountry=lill trandisp=remeum tranip=10.145.194.12 tranport=1001 duration=25.398000 sentbyte=6452 rcvdbyte=6820 sentpkt=aturE app=umto", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=pariat devname=\"iutal\" devid=\"teturad\" vd=ese date=2017-5-29 time=5:37:24 logid=eddoei type=lorumw subtype=eca level=medium eventtime=nimve logtime=duntut srcip=10.6.242.108 srcport=3373 srcintf=lo3230 srcintfrole=qua dstip=10.156.208.5 dstport=7612 dstintf=lo1800 dstintfrole=quisn poluuid=pteu sessionid=uatD proto=0 action=cancel policyid=antiu policytype=velillum crscore=166.389000 craction=iatquovo crlevel=lapari appcat=Mal service=itinvo srccountry=snulap dstcountry=cidu trandisp=hilmol tranip=10.163.36.101 tranport=253 duration=72.488000 sentbyte=1880 rcvdbyte=4638 sentpkt=ident app=scip", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-6-12 time=12:39:58 devname=uamqu device_id=iusmodi log_id=esciun type=generic subtype=tasnul pri=medium devid=ccusant devname=epteurs logid=rmag type=quisquam subtype=eporroqu level=very-high vd=dit srcip=10.25.134.171 srcport=7867 srcintf=eth4543 dstip=10.43.235.230 dstport=2198 dstintf=lo4581 poluuid=BCSe sessionid=rem proto=0 action=allow policyid=eeufug trandisp=ntin duration=6.686000 sentbyte=5763 rcvdbyte=1048 devtype=cinge osname=tatem osversion=1.4713 mastersrcmac=eritqu srcmac=01:00:5e:ed:6b:57 crscore=10.603000 craction=nimip crlevel=iutaliq eventtype=olore user=onemul service=trudexe hostname=remeum2641.www5.corp profile=Quisa reqtype=quiav url=https://www5.example.com/elit/sam.htm?nevolu=unt#isni direction=outbound msg=ecillum method=olor cat=amei catdesc=doconseq device_id=conseq log_id=emve pri=very-high userfrom=tiu adminprof=wri timezone=GMT-07:00 main_type=asper trigger_policy=dictasun sub_type=psa severity_level=lorese policy=olupta src=10.220.148.127 src_port=6681 dst=10.68.233.163 dst_port=3126 http_method=itanimi http_url=onoru http_host=data http_agent=ugits http_session_id=ittenb signature_subclass=tobeatae signature_id=5617 srccountry=quis content_switch_name=exe server_pool_name=naa false_positive_mitigation=equat user_name=estiaec monitor_status=pitlabo http_refer=https://example.net/rcitat/ree.htm?ionofdeF=rsp#imipsa http_version=nostrum dev_id=autodita threat_weight=ntut history_threat_weight=temveleu threat_level=itametco ftp_mode=etcons ftp_cmd=etco cipher_suite=iuntN msg_id=utfugi", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=isnostru date=2017-6-26 time=7:42:33 log_id=nul devid=ntocca devname=trudex logid=tvol type=lup subtype=mipsamv level=medium vd=qua srcip=10.249.194.7 srcport=4987 srcintf=enp0s2282 dstip=10.57.116.17 dstport=90 dstintf=enp0s7442 poluuid=xcep sessionid=gnidol proto=0 action=allow policyid=uaeab trandisp=ptat duration=136.310000 sentbyte=1078 rcvdbyte=6196 devtype=eturadip osname=amquaera osversion=1.4481 mastersrcmac=equ srcmac=01:00:5e:00:fd:79 crscore=18.750000 craction=olesti crlevel=edquia eventtype=ihi user=undeomn service=ape hostname=itaspe3216.localdomain profile=onsecte reqtype=prehende url=https://example.org/porro/issu.htm?inculpa=ruredol#iadeseru direction=unknown msg=numq method=quae cat=periam catdesc=ain device_id=umiurer log_id=mquido pri=very-high userfrom=onorume adminprof=abill timezone=GMT+02:00 main_type=uov trigger_policy=mini sub_type=mve severity_level=tionev policy=uasiarch src=10.116.82.108 src_port=7276 dst=10.94.177.125 dst_port=6683 http_method=nimides http_url=olorsit http_host=naaliq http_agent=plica http_session_id=asiarc signature_subclass=lor signature_id=5152 srccountry=snula content_switch_name=pici server_pool_name=bori false_positive_mitigation=dipi user_name=ecatc monitor_status=quovolu http_refer=https://example.net/itse/sse.gif?lupt=quatur#dminim http_version=ptatevel dev_id=aperiame threat_weight=stenat history_threat_weight=uianonnu threat_level=tatiset ftp_mode=quira ftp_cmd=ciatisun cipher_suite=duntutl msg_id=nven", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-7-11 time=2:45:07 devname=saq device_id=asiarch log_id=ssuscipi type=generic subtype=utla pri=medium devid=tquovo devname=fugi logid=nse type=nesciu subtype=todit level=very-high vd=inrepreh srcip=10.14.192.162 srcport=2536 srcintf=enp0s4429 dstip=10.179.128.6 dstport=3375 dstintf=enp0s4580 poluuid=ptate sessionid=volupta proto=3 action=cancel policyid=utla trandisp=emi duration=171.651000 sentbyte=3313 rcvdbyte=7131 devtype=velites osname=oloremi osversion=1.4442 mastersrcmac=apari srcmac=01:00:5e:0c:fb:2b crscore=140.065000 craction=uel crlevel=fficiad eventtype=teirured user=nostru service=rcit hostname=mea6298.api.example profile=eumiu reqtype=tatevel url=https://mail.example.org/uamquaer/texplica.gif?sequa=lorum#suntexpl direction=inbound msg=Sedut method=tatis cat=audant catdesc=obeata device_id=uredol log_id=uptat pri=low userfrom=entorev adminprof=quuntur timezone=GMT+02:00 main_type=exercit trigger_policy=dexer sub_type=idolor severity_level=onpr policy=uira src=10.115.121.243 src_port=550 dst=10.113.152.241 dst_port=2330 http_method=ali http_url=udexerci http_host=uae http_agent=imveni http_session_id=econ signature_subclass=aborio signature_id=1122 srccountry=setquas content_switch_name=nbyCi server_pool_name=runtmoll false_positive_mitigation=busBon user_name=norumetM monitor_status=isno http_refer=https://internal.example.com/ameaq/Quis.html?lestiae=iav#umiure http_version=isiut dev_id=tin threat_weight=rporiss history_threat_weight=billoinv threat_level=etconse ftp_mode=nesciu ftp_cmd=mali cipher_suite=roinBCSe msg_id=eetdolor", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-7-25 time=9:47:41 logver=upt devid=equamni devname=atcupi logid=enima type=uptateve subtype=fugitsed level=medium vd=lorem srcip=10.68.159.207 srcport=3320 srcintf=enp0s7206 dstip=10.139.195.188 dstport=893 dstintf=enp0s6960 poluuid=lits sessionid=tvolu proto=17 action=accept policyid=ollitan trandisp=temseq duration=0.684000 sentbyte=3045 rcvdbyte=6863 devtype=edictasu osname=eturadi osversion=1.3804 mastersrcmac=edquiano srcmac=01:00:5e:09:79:f2 crscore=11.231000 craction=taevitae crlevel=tevel eventtype=tatemse user=gitsed service=agn hostname=iqu7510.internal.corp profile=equeporr reqtype=amremap url=https://www5.example.org/aqu/utemvele.gif?serrorsi=tsedquia#rsit direction=unknown msg=ntutlabo method=idex cat=nihilmo catdesc=reetdo device_id=xeaco log_id=taliqu pri=medium userfrom=hite adminprof=umfugi timezone=CT main_type=dminimve trigger_policy=remips sub_type=laboreet severity_level=uptate policy=tot src=10.49.82.45 src_port=435 dst=10.179.153.97 dst_port=1908 http_method=ade http_url=nihilmol http_host=nder http_agent=ano http_session_id=rumexer signature_subclass=eab signature_id=2387 srccountry=saquaeab content_switch_name=eli server_pool_name=rissusci false_positive_mitigation=ectetur user_name=dictasun monitor_status=inimv http_refer=https://api.example.org/volup/untNeq.htm?mremaper=uteirur#ntium http_version=ide dev_id=quunturm threat_weight=quovo history_threat_weight=quaturve threat_level=ntiumdol ftp_mode=conse ftp_cmd=aturve cipher_suite=edqui msg_id=tvolu", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=ore devname=\"lors\" devid=\"saute\" vd=ecillumd date=2017-8-8 time=4:50:15 logid=iumto type=sequatu subtype=tiumtot level=medium eventtime=mdoloree logtime=que srcip=10.98.52.184 srcport=7402 srcintf=eth3784 srcintfrole=ita dstip=10.99.55.115 dstport=1537 dstintf=eth855 dstintfrole=isnostru poluuid=iad sessionid=ngelits proto=tcp action=accept policyid=billoi policytype=reseo crscore=158.047000 craction=uov crlevel=pariat appcat=icaboNe service=boreetd srccountry=uir dstcountry=rumex trandisp=ectobea tranip=10.205.83.138 tranport=6239 duration=170.113000 sentbyte=3290 rcvdbyte=722 sentpkt=ibus app=lumdol", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=onnu devname=\"reprehe\" devid=\"metMa\" vd=emoen date=2017-8-22 time=11:52:50 logid=ptate type=mipsumqu subtype=turad level=high eventtime=billo logtime=doloremi srcip=10.197.128.162 srcport=2052 srcintf=lo6750 srcintfrole=ionof dstip=10.90.189.248 dstport=1293 dstintf=lo2402 dstintfrole=roi poluuid=reh sessionid=volup proto=prm action=allow policyid=iconsequ policytype=ueporr crscore=127.832000 craction=archite crlevel=tur appcat=ddo service=emp srccountry=inBC dstcountry=did trandisp=atcupi tranip=10.228.11.50 tranport=984 duration=3.401000 sentbyte=6907 rcvdbyte=422 sentpkt=mcol app=tion", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-9-6 time=6:55:24 devname=moll device_id=roinBCS log_id=odit type=event subtype=vol pri=low desc=aloru user=cteturad userfrom=modi msg=cip action=deny adom=ntoccae2859.www.test session_id=incididu", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-9-20 time=1:57:58 devname=uinesci device_id=otamr log_id=tsed type=generic subtype=rExc pri=medium devid=saute devname=umdol logid=rerepr type=ipiscin subtype=trudexe level=high vd=ineavol srcip=10.29.34.211 srcport=5638 srcintf=eth1805 dstip=10.161.15.82 dstport=6598 dstintf=enp0s5799 poluuid=aco sessionid=eFini proto=17 action=cancel policyid=mipsa trandisp=uas duration=118.122000 sentbyte=1737 rcvdbyte=6283 devtype=umexe osname=xce osversion=1.7318 mastersrcmac=suntex srcmac=01:00:5e:5b:68:89 crscore=29.865000 craction=rcitati crlevel=siutali eventtype=uiratio user=ficia service=orsit hostname=deFinibu3940.internal.lan profile=rautod reqtype=onorumet url=https://www5.example.com/etcon/chit.txt?erspici=itinvolu#adeserun direction=unknown msg=tinv method=Utenima cat=nse catdesc=umq device_id=enim log_id=oreve pri=low userfrom=snisiu adminprof=atem timezone=ET main_type=vento trigger_policy=litsed sub_type=ciun severity_level=rehender policy=tetura src=10.124.71.88 src_port=7540 dst=10.22.248.52 dst_port=6566 http_method=cons http_url=tinvolu http_host=ptat http_agent=amquisn http_session_id=Finibus signature_subclass=nsequat signature_id=3661 srccountry=scipi content_switch_name=rem server_pool_name=reh false_positive_mitigation=rsitame user_name=tcons monitor_status=squamest http_refer=https://mail.example.com/emveleum/siuta.html?ate=epteur#onproi http_version=usmodit dev_id=orese threat_weight=umdolore history_threat_weight=umqui threat_level=adipisci ftp_mode=eir ftp_cmd=ull cipher_suite=tlabor msg_id=itecto", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-10-4 time=9:00:32 logver=ametcons devid=velite devname=ipexeac logid=explicab type=samvolu subtype=teiru level=low vd=orinrep srcip=10.228.213.136 srcport=7247 srcintf=lo1719 dstip=10.185.107.27 dstport=2257 dstintf=enp0s4999 poluuid=iduntutl sessionid=mipsumd proto=udp action=block policyid=quelauda trandisp=rcit duration=166.303000 sentbyte=7229 rcvdbyte=6230 devtype=orese osname=evelite osversion=1.4895 mastersrcmac=oremipsu srcmac=01:00:5e:cd:f6:0e crscore=37.237000 craction=equunt crlevel=mto eventtype=iae user=dent service=Uten hostname=tatiset4191.localdomain profile=aconseq reqtype=mquamei url=https://api.example.org/fug/liquid.txt?ptate=lloi#nseq direction=external msg=isetqua method=ianonn cat=oluptas catdesc=doe device_id=quipex log_id=rchitect pri=very-high userfrom=Bonor adminprof=ipex timezone=PT main_type=upta trigger_policy=ivel sub_type=tmollita severity_level=tionofd policy=iatnula src=10.185.37.176 src_port=1859 dst=10.26.58.20 dst_port=2809 http_method=essequam http_url=undeo http_host=ficiade http_agent=uiinea http_session_id=uianonn signature_subclass=eavolupt signature_id=784 srccountry=elitsedq content_switch_name=liquam server_pool_name=sinto false_positive_mitigation=edi user_name=eumiure monitor_status=ore http_refer=https://internal.example.com/mSe/sis.gif?rchite=rcit#orumwri http_version=tiae dev_id=giat threat_weight=nculpa history_threat_weight=olupt threat_level=tvol ftp_mode=ostru ftp_cmd=mea cipher_suite=tuserror msg_id=agnama", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=deritq dtime=2017-10-19 04:03:07.172538723 +0000 UTC devid=boreetdo devname=teni vd=iin date=2017-10-19 time=4:03:07 logid=nostr type=luptatem subtype=tNequepo level=low eventtime=eumfug logtime=sper srcip=10.200.12.126 srcport=2347 srcintf=enp0s7374 srcintfrole=liqu dstip=10.14.145.107 dstport=4362 dstintf=enp0s7861 dstintfrole=aliq poluuid=utem sessionid=oreetd proto=HOPOPT action=block policyid=Nequepo policytype=edictas crscore=55.933000 craction=tur crlevel=borisnis appcat=elitsedd service=hitecto srccountry=loremi dstcountry=nven trandisp=isci tranip=10.250.231.196 tranport=5863 duration=4.105000 sentbyte=2763 rcvdbyte=5047 sentpkt=aquioff app=cip", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=onsequat dtime=2017-11-02 11:05:41.432538723 +0000 UTC devid=tiumd devname=atuse vd=imad date=2017-11-2 time=11:05:41 logid=tura type=equuntur subtype=rve level=high eventtime=mqua logtime=xer srcip=10.225.34.176 srcport=5569 srcintf=lo2867 srcintfrole=amquisn dstip=10.21.203.112 dstport=5930 dstintf=enp0s1294 dstintfrole=sum poluuid=lloinve sessionid=eni proto=HOPOPT action=cancel policyid=edquiac policytype=psamvolu crscore=80.314000 craction=unturma crlevel=iavol appcat=psumdol service=urautodi srccountry=equamni dstcountry=fugia trandisp=uptate tranip=10.103.36.192 tranport=1974 duration=129.001000 sentbyte=2801 rcvdbyte=2565 sentpkt=imidest app=citation", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=nof devname=\"usantiu\" devid=\"periam\" vd=remip date=2017-11-16 time=6:08:15 logid=dexea type=aturExc subtype=antiumto level=low eventtime=obe logtime=niamqu srcip=10.140.59.161 srcport=3599 srcintf=eth575 srcintfrole=tev dstip=10.5.67.140 dstport=5687 dstintf=enp0s6143 dstintfrole=intoc poluuid=obeataev sessionid=rrorsit proto=udp action=accept policyid=umquid policytype=olabo crscore=79.046000 craction=dolor crlevel=rsp appcat=quir service=giatqu srccountry=olors dstcountry=roid trandisp=lorum tranip=10.118.111.183 tranport=5410 duration=96.462000 sentbyte=6821 rcvdbyte=6222 sentpkt=mipsu app=nvol", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-12-1 time=1:10:49 logver=llu devid=quaUt devname=labor logid=oris type=tatemse subtype=uta level=very-high vd=tse srcip=10.170.104.148 srcport=5722 srcintf=lo259 dstip=10.60.92.40 dstport=5836 dstintf=enp0s4446 poluuid=dicons sessionid=BCSedutp proto=udp action=accept policyid=ritatise trandisp=nihilm duration=104.607000 sentbyte=6659 rcvdbyte=5351 devtype=isauteir osname=eritquii osversion=1.4493 mastersrcmac=uisno srcmac=01:00:5e:e9:ec:d5 crscore=34.736000 craction=itaed crlevel=invol eventtype=Loremips user=cidun service=tassitas hostname=nimadmi4084.api.home profile=eufugia reqtype=nor url=https://example.net/aturQui/tquii.html?uiac=squ#litess direction=unknown msg=involupt method=itempo cat=upt catdesc=rve device_id=amq log_id=abillo pri=high userfrom=ationem adminprof=Nem timezone=OMST main_type=ollita trigger_policy=dipisci sub_type=amnisiu severity_level=ptat policy=epr src=10.7.70.169 src_port=2514 dst=10.28.212.191 dst_port=1997 http_method=nostru http_url=Loremip http_host=veleumiu http_agent=rcita http_session_id=turad signature_subclass=sequamni signature_id=4799 srccountry=ollita content_switch_name=ectetu server_pool_name=radi false_positive_mitigation=ula user_name=itsed monitor_status=rad http_refer=https://internal.example.com/ididu/autodit.gif?seru=oriss#imadmin http_version=suntexpl dev_id=urve threat_weight=sBonoru history_threat_weight=everi threat_level=squ ftp_mode=emagnaal ftp_cmd=nih cipher_suite=ncididu msg_id=itati", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2017-12-15 time=8:13:24 logver=estla devid=ione devname=ecillum logid=maccu type=ame subtype=pitlabo level=very-high vd=urExc srcip=10.37.124.214 srcport=6919 srcintf=lo7727 dstip=10.37.111.228 dstport=7082 dstintf=enp0s20 poluuid=dmini sessionid=tquid proto=17 action=block policyid=iatisun trandisp=cto duration=144.899000 sentbyte=2372 rcvdbyte=7417 devtype=imadmini osname=iatisund osversion=1.6506 mastersrcmac=aUtenim srcmac=01:00:5e:28:0c:11 crscore=172.422000 craction=etdol crlevel=sed eventtype=uep user=ametco service=nde hostname=reprehe3525.www5.example profile=mquisno reqtype=eaco url=https://mail.example.org/mvele/teveli.htm?Nequepor=luptate#aturvel direction=internal msg=dexea method=sedquia cat=litesse catdesc=ntmo device_id=aliqu log_id=iqu pri=very-high userfrom=ationula adminprof=doconse timezone=CEST main_type=oreeufug trigger_policy=ptatems sub_type=tenima severity_level=emagnam policy=iaco src=10.148.197.60 src_port=5711 dst=10.143.144.52 dst_port=974 http_method=nvo http_url=lab http_host=sedqui http_agent=iuntNe http_session_id=tdolor signature_subclass=Ute signature_id=2191 srccountry=uepor content_switch_name=umSecti server_pool_name=eabil false_positive_mitigation=ibusB user_name=rporis monitor_status=etco http_refer=https://example.org/ereprehe/olu.html?liqu=ipsu#siarch http_version=itautfu dev_id=rrorsi threat_weight=ole history_threat_weight=odi threat_level=tper ftp_mode=olor ftp_cmd=corpo cipher_suite=commod msg_id=iumd", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=aborisn dtime=2017-12-29 15:15:58.472538723 +0000 UTC devid=onproid devname=sitv vd=equam date=2017-12-29 time=3:15:58 logid=bor type=ameaquei subtype=aeca level=very-high eventtime=aperiam logtime=ngelit srcip=10.217.145.137 srcport=5242 srcintf=enp0s6940 srcintfrole=orema dstip=10.22.149.132 dstport=7725 dstintf=lo7156 dstintfrole=neavolup poluuid=lits sessionid=Nemoen proto=0 action=block policyid=rur policytype=quaturve crscore=166.007000 craction=oeiusmod crlevel=uidolore appcat=iacon service=ncu srccountry=quaturve dstcountry=ciad trandisp=diconseq tranip=10.251.183.113 tranport=2604 duration=161.433000 sentbyte=5697 rcvdbyte=7299 sentpkt=eseosqu app=uptatem", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=uamnihil devname=\"nisi\" devid=\"imadm\" vd=siutali date=2018-1-12 time=10:18:32 logid=mfugi type=ceroinBC subtype=lorumw level=low eventtime=squir logtime=commod srcip=10.183.16.252 srcport=3150 srcintf=lo6718 srcintfrole=eabillo dstip=10.203.66.175 dstport=3904 dstintf=enp0s3868 dstintfrole=dipisciv poluuid=nsequun sessionid=hen proto=icmp action=accept policyid=velillum policytype=itamet crscore=123.013000 craction=hil crlevel=itl appcat=idolo service=ncidid srccountry=oid dstcountry=iarchit trandisp=volupt tranip=10.51.60.203 tranport=5315 duration=165.955000 sentbyte=7551 rcvdbyte=1519 sentpkt=ten app=Utenim", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-1-27 time=5:21:06 logver=uasiarch devid=iamquisn devname=magnama logid=reprehe type=citatio subtype=dolo level=medium vd=esciunt srcip=10.133.245.26 srcport=1727 srcintf=enp0s2674 dstip=10.76.87.30 dstport=2858 dstintf=enp0s2918 poluuid=remag sessionid=roinBCSe proto=HOPOPT action=accept policyid=labori trandisp=ditau duration=39.920000 sentbyte=5413 rcvdbyte=6650 devtype=tam osname=olu osversion=1.409 mastersrcmac=iut srcmac=01:00:5e:5c:c2:50 crscore=69.137000 craction=boris crlevel=ris eventtype=nisiuta user=utper service=uipexe hostname=ursint411.www.lan profile=gnamali reqtype=iumdo url=https://example.org/tem/iadeseru.jpg?olorsita=odoco#etc direction=internal msg=lamco method=natuser cat=Excepteu catdesc=omnis device_id=tati log_id=orinc pri=very-high userfrom=eturadi adminprof=cinge timezone=PT main_type=ira trigger_policy=niamq sub_type=quatD severity_level=nevol policy=lumquid src=10.157.14.165 src_port=7170 dst=10.61.200.105 dst_port=2813 http_method=tquov http_url=natu http_host=doei http_agent=acomm http_session_id=veleumi signature_subclass=volupt signature_id=6822 srccountry=itatise content_switch_name=ure server_pool_name=userro false_positive_mitigation=oree user_name=nimadmi monitor_status=utaliq http_refer=https://example.com/tinvolu/uredol.txt?did=lamcol#idolor http_version=tutlabor dev_id=nse threat_weight=rauto history_threat_weight=rese threat_level=nonproi ftp_mode=doconse ftp_cmd=henderi cipher_suite=tisunde msg_id=ende", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-2-10 time=12:23:41 logver=commod devid=oris devname=rcita logid=ataev type=oris subtype=incidi level=high vd=tutlabo srcip=10.32.66.161 srcport=881 srcintf=lo4523 dstip=10.134.238.8 dstport=2976 dstintf=enp0s1238 poluuid=edquiac sessionid=sit proto=HOPOPT action=allow policyid=olo trandisp=laboris duration=163.866000 sentbyte=7328 rcvdbyte=5375 devtype=tutl osname=nevolu osversion=1.5475 mastersrcmac=ostru srcmac=01:00:5e:e9:5f:84 crscore=157.516000 craction=aven crlevel=idolore eventtype=psaqu user=psa service=pta hostname=ididunt7607.mail.localhost profile=ntutlabo reqtype=leumiure url=https://mail.example.net/epteurs/usmodtem.gif?itvo=asi#tobe direction=internal msg=Lore method=oin cat=eritquii catdesc=taliqui device_id=ecatcu log_id=entoreve pri=high userfrom=umquam adminprof=onev timezone=CET main_type=tionev trigger_policy=ali sub_type=ionu severity_level=perna policy=moll src=10.242.178.15 src_port=3948 dst=10.217.111.77 dst_port=7309 http_method=datatno http_url=equepor http_host=antium http_agent=ugiatn http_session_id=utpe signature_subclass=hend signature_id=1170 srccountry=agnamali content_switch_name=ptateve server_pool_name=aliqua false_positive_mitigation=officiad user_name=nimadmin monitor_status=iavol http_refer=https://example.net/iumtota/qui.jpg?quel=ugitsed#ritatis http_version=olor dev_id=emoenim threat_weight=turadipi history_threat_weight=umSec threat_level=onsecte ftp_mode=inibusBo ftp_cmd=tqui cipher_suite=sequun msg_id=nimadm", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-2-24 time=7:26:15 logver=vitaedic devid=remip devname=rsita logid=rehe type=aper subtype=gnaa level=low vd=uta srcip=10.161.128.235 srcport=6280 srcintf=eth2121 dstip=10.84.29.117 dstport=1245 dstintf=eth7500 poluuid=errorsi sessionid=umwr proto=HOPOPT action=cancel policyid=cupida trandisp=rinc duration=5.709000 sentbyte=289 rcvdbyte=6059 devtype=dquia osname=ommod osversion=1.142 mastersrcmac=dico srcmac=01:00:5e:06:53:8a crscore=35.836000 craction=imipsa crlevel=iscinge eventtype=ora user=meumfug service=inimve hostname=mco2906.domain profile=sitvolu reqtype=eratv url=https://www.example.com/iadolo/cidu.txt?aliquide=redolori#eav direction=inbound msg=nse method=turQuis cat=tat catdesc=pta device_id=henderi log_id=onsec pri=high userfrom=itaspern adminprof=tau timezone=GMT+02:00 main_type=rsintoc trigger_policy=boreetd sub_type=rehende severity_level=sitamet policy=xerc src=10.199.119.251 src_port=7286 dst=10.86.152.227 dst_port=850 http_method=ant http_url=tiu http_host=ommodoco http_agent=rehe http_session_id=eseosqu signature_subclass=oeius signature_id=641 srccountry=eaqueip content_switch_name=laud server_pool_name=uido false_positive_mitigation=uis user_name=msequin monitor_status=autem http_refer=https://internal.example.org/ipi/qua.htm?itat=adipisc#omnisist http_version=orroqui dev_id=sci threat_weight=psamvolu history_threat_weight=itsedqui threat_level=oreve ftp_mode=omn ftp_cmd=onevol cipher_suite=ese msg_id=reprehen", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-3-11 time=2:28:49 logver=eumfugia devid=nimvenia devname=dol logid=rissusc type=lit subtype=quin level=low vd=eddoei srcip=10.35.73.208 srcport=7081 srcintf=eth6552 dstip=10.216.120.61 dstport=6389 dstintf=eth2068 poluuid=dolor sessionid=emUteni proto=tcp action=deny policyid=illoin trandisp=rinre duration=166.295000 sentbyte=5988 rcvdbyte=3374 devtype=olorem osname=mquae osversion=1.1789 mastersrcmac=rQuis srcmac=01:00:5e:b5:9a:3e crscore=5.250000 craction=enimadmi crlevel=elit eventtype=uia user=tem service=unt hostname=ntex5135.corp profile=mqua reqtype=equa url=https://internal.example.com/isc/umdol.jpg?atn=sectet#boreetd direction=outbound msg=olorin method=oluptat cat=olors catdesc=mSecti device_id=ius log_id=quian pri=low userfrom=urExce adminprof=upt timezone=PST main_type=pteurs trigger_policy=intocc sub_type=abo severity_level=orisnis policy=reseo src=10.239.194.105 src_port=3629 dst=10.234.171.117 dst_port=4488 http_method=tenatus http_url=odic http_host=ono http_agent=umtota http_session_id=consequ signature_subclass=ine signature_id=3409 srccountry=dex content_switch_name=ipis server_pool_name=nsecte false_positive_mitigation=miurere user_name=tat monitor_status=pitlabor http_refer=https://example.com/olupta/ape.jpg?mnisiut=eabil#olu http_version=uaUte dev_id=empor threat_weight=ate history_threat_weight=eca threat_level=inre ftp_mode=aliqu ftp_cmd=orem cipher_suite=dquian msg_id=isaute", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=emagnaal dtime=2018-03-25 09:31:24.032538723 +0000 UTC devid=uunturm devname=nonnumq vd=tqu date=2018-3-25 time=9:31:24 logid=ntocca type=emquelau subtype=adolorsi level=medium eventtime=maliquam logtime=ovol srcip=10.34.41.75 srcport=4436 srcintf=enp0s7638 srcintfrole=eseosqu dstip=10.249.16.201 dstport=4293 dstintf=lo5084 dstintfrole=mvele poluuid=qui sessionid=etMa proto=3 action=accept policyid=aspe policytype=uradipi crscore=22.220000 craction=atu crlevel=amremape appcat=illoinve service=uis srccountry=itanimi dstcountry=rinc trandisp=isistena tranip=10.107.168.208 tranport=1864 duration=45.477000 sentbyte=1067 rcvdbyte=2855 sentpkt=ctionofd app=uianonnu", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=nisiste date=2018-4-8 time=4:33:58 log_id=sedqu devid=itautfu devname=aaliq logid=tDui type=ernatur subtype=itsed level=low vd=xeacomm srcip=10.112.57.220 srcport=5803 srcintf=enp0s1897 dstip=10.19.151.236 dstport=884 dstintf=enp0s4144 poluuid=estiaeco sessionid=vele proto=HOPOPT action=allow policyid=yCiceroi trandisp=loremeu duration=156.263000 sentbyte=3719 rcvdbyte=7292 devtype=colab osname=itte osversion=1.6905 mastersrcmac=orumS srcmac=01:00:5e:c1:b8:93 crscore=60.950000 craction=uptat crlevel=incidun eventtype=agnaaliq user=aturQuis service=cepteurs hostname=tat1845.internal.invalid profile=rumetMal reqtype=tiumtot url=https://www.example.com/imadm/ugiat.txt?Nequepor=nisiu#ptat direction=inbound msg=eddoe method=seq cat=uae catdesc=tobeata device_id=ctas log_id=vol pri=high userfrom=gna adminprof=itautf timezone=ET main_type=eprehe trigger_policy=ariatu sub_type=aqueip severity_level=aqueip policy=rautod src=10.96.168.24 src_port=6206 dst=10.109.106.194 dst_port=5356 http_method=Sedut http_url=stiaec http_host=rveli http_agent=serr http_session_id=umdolo signature_subclass=iduntut signature_id=4281 srccountry=rorsitv content_switch_name=caboNemo server_pool_name=cididun false_positive_mitigation=iamqu user_name=ommodoc monitor_status=mwrit http_refer=https://www5.example.com/madminim/onse.txt?reeuf=orinrepr#tinvo http_version=oru dev_id=ainc threat_weight=aeab history_threat_weight=iat threat_level=acom ftp_mode=olo ftp_cmd=eipsaq cipher_suite=enatu msg_id=mfu", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=aliqui date=2018-4-22 time=11:36:32 log_id=uipexea devid=sauteiru devname=nibusB logid=eetdolo type=issuscip subtype=iduntu level=high vd=rinc srcip=10.109.224.208 srcport=1769 srcintf=enp0s3638 dstip=10.31.34.96 dstport=4651 dstintf=enp0s390 poluuid=atis sessionid=edol proto=icmp action=deny policyid=adip trandisp=ugiatq duration=128.795000 sentbyte=4249 rcvdbyte=6693 devtype=atemUte osname=emag osversion=1.1353 mastersrcmac=ecatcup srcmac=01:00:5e:63:85:d2 crscore=62.286000 craction=oin crlevel=isautem eventtype=eiusm user=assit service=ulpaq hostname=ulamc767.internal.lan profile=iades reqtype=mremape url=https://mail.example.net/ionemu/nul.jpg?volupt=ori#sed direction=inbound msg=maveniam method=ctobeat cat=emoenim catdesc=oqui device_id=olab log_id=remagnam pri=high userfrom=mSecti adminprof=volupt timezone=OMST main_type=ela trigger_policy=fugits sub_type=litseddo severity_level=idestl policy=ptasn src=10.112.155.228 src_port=5011 dst=10.47.191.95 dst_port=6242 http_method=velillu http_url=radipi http_host=iatn http_agent=aturE http_session_id=beat signature_subclass=pern signature_id=7568 srccountry=itvolupt content_switch_name=uradip server_pool_name=perspi false_positive_mitigation=uaer user_name=aed monitor_status=tectobe http_refer=https://example.org/scingeli/uatDuis.gif?apari=itesseci#utali http_version=ofdeFin dev_id=siutaliq threat_weight=urvel history_threat_weight=turE threat_level=ntium ftp_mode=imadmi ftp_cmd=dquiac cipher_suite=liquide msg_id=uatD", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=gnidolor dtime=2018-05-07 06:39:06.812538723 +0000 UTC devid=BCSedut devname=metco vd=vel date=2018-5-7 time=6:39:06 logid=tmol type=acommodi subtype=ccaecat level=low eventtime=mqu logtime=mips srcip=10.103.169.94 srcport=2174 srcintf=lo5821 srcintfrole=osqu dstip=10.140.137.17 dstport=446 dstintf=enp0s4444 dstintfrole=iono poluuid=atcupi sessionid=dexe proto=0 action=allow policyid=exerci policytype=ems crscore=15.728000 craction=nulapa crlevel=tess appcat=eroi service=enby srccountry=riatur dstcountry=amrema trandisp=illum tranip=10.62.241.218 tranport=7444 duration=5.969000 sentbyte=4832 rcvdbyte=6033 sentpkt=urere app=involu", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=tem devname=\"litsedq\" devid=\"amre\" vd=orpori date=2018-5-21 time=1:41:41 logid=sistena type=iam subtype=saquae level=low eventtime=itanimid logtime=ianonnum srcip=10.90.229.92 srcport=6796 srcintf=lo1752 srcintfrole=inculp dstip=10.251.212.166 dstport=3925 dstintf=eth1592 dstintfrole=aboNemo poluuid=tsedquia sessionid=ididun proto=21 action=cancel policyid=enim policytype=gnido crscore=85.453000 craction=erepr crlevel=tsedqu appcat=uisa service=uptat srccountry=siutal dstcountry=umetMalo trandisp=onevolu tranip=10.77.105.160 tranport=5541 duration=155.903000 sentbyte=5294 rcvdbyte=2687 sentpkt=ira app=umfu", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-6-4 time=8:44:15 logver=uamq devid=mnisist devname=dutp logid=ecillu type=ipsaqu subtype=asun level=very-high vd=llumd srcip=10.100.223.157 srcport=1307 srcintf=eth5742 dstip=10.232.243.87 dstport=4546 dstintf=lo299 poluuid=atisetq sessionid=mSectio proto=0 action=cancel policyid=nonnumqu trandisp=atis duration=63.050000 sentbyte=3508 rcvdbyte=205 devtype=uam osname=tisunde osversion=1.4261 mastersrcmac=rured srcmac=01:00:5e:8a:c1:2a crscore=19.243000 craction=meumfug crlevel=iam eventtype=animi user=porainc service=nsectetu hostname=spici5547.internal.test profile=tate reqtype=sintocca url=https://mail.example.org/asuntex/uovolup.html?amali=uiav#henderi direction=internal msg=tnul method=ons cat=radip catdesc=amremap device_id=dolorsit log_id=atisund pri=very-high userfrom=uredo adminprof=uamni timezone=CT main_type=quisqua trigger_policy=sedquian sub_type=lamcorpo severity_level=rem policy=apariat src=10.216.49.112 src_port=4521 dst=10.112.242.68 dst_port=3105 http_method=aut http_url=eriti http_host=ipsum http_agent=com http_session_id=uptate signature_subclass=tevelite signature_id=5880 srccountry=nimadmi content_switch_name=mquiado server_pool_name=agn false_positive_mitigation=dip user_name=urmag monitor_status=nim http_refer=https://www5.example.net/tutlabo/incid.gif?ptate=tconsect#usm http_version=uunturma dev_id=namaliqu threat_weight=tatemacc history_threat_weight=licab threat_level=roidents ftp_mode=volupta ftp_cmd=stiaeco cipher_suite=tanim msg_id=osam", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-6-19 time=3:46:49 logver=tla devid=nimve devname=edutpe logid=tenb type=billoinv subtype=asia level=medium vd=paquioff srcip=10.252.175.174 srcport=1995 srcintf=enp0s1531 dstip=10.196.226.219 dstport=545 dstintf=lo2390 poluuid=uaera sessionid=nsequa proto=tcp action=accept policyid=orporis trandisp=oluptate duration=28.731000 sentbyte=2397 rcvdbyte=1768 devtype=itvolu osname=citation osversion=1.491 mastersrcmac=aincid srcmac=01:00:5e:7e:ea:3f crscore=149.960000 craction=tNeque crlevel=uidolore eventtype=uatDuisa user=usB service=magnaali hostname=istenatu3686.invalid profile=remagna reqtype=eritqu url=https://example.org/mnisiut/porinci.htm?norum=emUten#dminimve direction=internal msg=oremagna method=nulamc cat=tempori catdesc=rsintocc device_id=nderit log_id=etco pri=very-high userfrom=lore adminprof=ameiusmo timezone=PT main_type=veniamqu trigger_policy=equat sub_type=reeu severity_level=atemacc policy=rsitvolu src=10.182.58.108 src_port=4811 dst=10.96.100.84 dst_port=2253 http_method=utlabore http_url=texplica http_host=boru http_agent=ntut http_session_id=elaud signature_subclass=acomm signature_id=5667 srccountry=emUten content_switch_name=uamni server_pool_name=laboris false_positive_mitigation=pers user_name=lpaquiof monitor_status=isisten http_refer=https://api.example.net/seddoei/rnatur.jpg?olores=idolorem#umdolors http_version=uid dev_id=numqua threat_weight=citatio history_threat_weight=sed threat_level=mUten ftp_mode=eursint ftp_cmd=velillum cipher_suite=oin msg_id=teurs", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=untutl devname=\"cons\" devid=\"vel\" vd=illumdo date=2018-7-3 time=10:49:23 logid=rios type=deF subtype=dutpe level=very-high eventtime=itan logtime=uisnos srcip=10.228.61.5 srcport=1179 srcintf=eth4741 srcintfrole=lites dstip=10.246.41.77 dstport=1217 dstintf=lo7502 dstintfrole=olu poluuid=ectet sessionid=tquovo proto=17 action=block policyid=lapa policytype=xeacom crscore=22.822000 craction=qui crlevel=henderi appcat=rainc service=dminim srccountry=sse dstcountry=tatem trandisp=umexe tranip=10.157.22.21 tranport=5252 duration=135.630000 sentbyte=2167 rcvdbyte=2952 sentpkt=quamei app=nvento", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=qua devname=\"llumdo\" devid=\"tot\" vd=itquii date=2018-7-17 time=5:51:58 logid=psu type=iat subtype=ept level=high eventtime=ectob logtime=aUtenim srcip=10.242.119.111 srcport=645 srcintf=lo1640 srcintfrole=tDuisa dstip=10.239.231.168 dstport=88 dstintf=lo3385 dstintfrole=nimi poluuid=niamqu sessionid=uioffi proto=1 action=allow policyid=consequa policytype=tionu crscore=60.452000 craction=quines crlevel=entsu appcat=ineavol service=abor srccountry=giatq dstcountry=nonpro trandisp=elitsedd tranip=10.188.131.18 tranport=981 duration=46.954000 sentbyte=2770 rcvdbyte=4226 sentpkt=tam app=uovo", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=orinrepr date=2018-8-1 time=12:54:32 log_id=untut devid=siu devname=lorem logid=icons type=hende subtype=umdol level=medium vd=psaq srcip=10.24.154.250 srcport=2108 srcintf=eth2707 dstip=10.124.187.230 dstport=6119 dstintf=lo105 poluuid=mqu sessionid=tse proto=udp action=accept policyid=ueip trandisp=amvo duration=20.956000 sentbyte=2068 rcvdbyte=306 devtype=reetdolo osname=tten osversion=1.979 mastersrcmac=usa srcmac=01:00:5e:6a:a6:c9 crscore=45.307000 craction=oremagna crlevel=siuta eventtype=amnihil user=nderit service=ficia hostname=tru3812.mail.lan profile=olo reqtype=xer url=https://api.example.net/nsec/smo.gif?etq=trumexe#rai direction=outbound msg=tNequepo method=byCicer cat=imvenia catdesc=ipit device_id=tdolorem log_id=nderitin pri=low userfrom=enderitq adminprof=amvolu timezone=GMT-07:00 main_type=temvele trigger_policy=ofd sub_type=quam severity_level=umdol policy=porincid src=10.106.101.87 src_port=7569 dst=10.247.124.74 dst_port=2491 http_method=inea http_url=ipsu http_host=iden http_agent=oreseo http_session_id=edictasu signature_subclass=aerat signature_id=4358 srccountry=lites content_switch_name=col server_pool_name=litsedd false_positive_mitigation=mnis user_name=ainci monitor_status=aturve http_refer=https://api.example.com/mporain/secte.txt?amqui=rume#uptate http_version=tisundeo dev_id=uid threat_weight=eFini history_threat_weight=mnis threat_level=tametco ftp_mode=snisiut ftp_cmd=lit cipher_suite=laborio msg_id=aaliqu", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-8-15 time=7:57:06 devname=mid device_id=henderi log_id=consec type=event subtype=dquia pri=high desc=isiutali user=rehe userfrom=volupta msg=etcons action=deny adom=etdol408.internal.home session_id=agnamali", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-8-29 time=2:59:40 logver=cae devid=Utenimad devname=onsequ logid=Bon type=amquisno subtype=mullam level=very-high vd=admi srcip=10.111.106.60 srcport=5449 srcintf=lo5820 dstip=10.142.181.192 dstport=4386 dstintf=lo6200 poluuid=lmolest sessionid=miurerep proto=17 action=allow policyid=Sed trandisp=isau duration=66.574000 sentbyte=75 rcvdbyte=806 devtype=idest osname=ostru osversion=1.4342 mastersrcmac=enimip srcmac=01:00:5e:11:d6:5d crscore=66.141000 craction=umquiado crlevel=taspe eventtype=empori user=mipsum service=tium hostname=riaturE1644.www5.example profile=ender reqtype=uine url=https://internal.example.com/dolo/exeacom.txt?tlab=eufugiat#upta direction=internal msg=reetdo method=mad cat=mdolor catdesc=amcorpor device_id=oremquel log_id=san pri=high userfrom=amqui adminprof=itatise timezone=GMT-07:00 main_type=cia trigger_policy=lup sub_type=cipitla severity_level=niam policy=mullamc src=10.215.144.167 src_port=6675 dst=10.162.114.52 dst_port=2925 http_method=quepor http_url=Lor http_host=ten http_agent=exeacomm http_session_id=cusan signature_subclass=oquisq signature_id=4993 srccountry=ihilmol content_switch_name=seosqui server_pool_name=tiset false_positive_mitigation=ciade user_name=erspici monitor_status=xercitat http_refer=https://internal.example.net/utlab/entoreve.html?umdol=nseq#autodita http_version=loreme dev_id=eratv threat_weight=tametcon history_threat_weight=orsi threat_level=ull ftp_mode=mcor ftp_cmd=iamquis cipher_suite=aeabi msg_id=ore", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-9-12 time=10:02:15 logver=catcup devid=ectetur devname=cons logid=spiciati type=upidata subtype=utlabo level=high vd=ersp srcip=10.101.207.156 srcport=2086 srcintf=enp0s4931 dstip=10.12.8.82 dstport=4369 dstintf=enp0s7520 poluuid=nemull sessionid=trumex proto=6 action=accept policyid=doloremq trandisp=iade duration=26.420000 sentbyte=5013 rcvdbyte=7641 devtype=uidolo osname=ita osversion=1.6452 mastersrcmac=rchite srcmac=01:00:5e:41:90:bf crscore=107.693000 craction=tionem crlevel=volupta eventtype=adol user=econsequ service=orever hostname=mdolo7008.api.corp profile=reetdolo reqtype=psam url=https://www5.example.org/orumet/aliqu.txt?tion=sun#utod direction=outbound msg=rinci method=uamestqu cat=riatu catdesc=ulaparia device_id=remagna log_id=fugi pri=very-high userfrom=xerc adminprof=caecat timezone=OMST main_type=cor trigger_policy=nonnumqu sub_type=uidexea severity_level=emu policy=asia src=10.162.128.87 src_port=6214 dst=10.78.75.82 dst_port=7799 http_method=uptat http_url=con http_host=tem http_agent=orpori http_session_id=lor signature_subclass=quiinea signature_id=7098 srccountry=rroquis content_switch_name=dolorema server_pool_name=prehe false_positive_mitigation=bori user_name=Sedutp monitor_status=ritinvo http_refer=https://internal.example.net/ica/nat.jpg?ddoe=nsequ#lloinve http_version=tdolo dev_id=billoi threat_weight=sequu history_threat_weight=ffic threat_level=imadmini ftp_mode=isnostru ftp_cmd=ostr cipher_suite=tinvo msg_id=lorumwr", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=ctetura devname=\"reseosqu\" devid=\"ittenbyC\" vd=tlabor date=2018-9-27 time=5:04:49 logid=auteir type=uredolo subtype=uido level=medium eventtime=quiratio logtime=aincidu srcip=10.75.198.93 srcport=1982 srcintf=eth725 srcintfrole=umqu dstip=10.137.36.151 dstport=196 dstintf=lo1813 dstintfrole=rspici poluuid=duntutla sessionid=emeu proto=1 action=block policyid=atemUten policytype=turadipi crscore=16.226000 craction=estqu crlevel=orinre appcat=prehen service=equa srccountry=ciatisun dstcountry=mdolorem trandisp=nnumq tranip=10.51.106.43 tranport=6486 duration=78.551000 sentbyte=3531 rcvdbyte=5464 sentpkt=oremeumf app=volupt", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=tnulapa devname=\"caecatcu\" devid=\"xcepte\" vd=deserun date=2018-10-11 time=12:07:23 logid=mvol type=erep subtype=teurs level=low eventtime=tiumdol logtime=byCicer srcip=10.154.151.111 srcport=5860 srcintf=eth1273 srcintfrole=uisnos dstip=10.7.230.206 dstport=5757 dstintf=lo1291 dstintfrole=pisc poluuid=eumfu sessionid=tseddoe proto=HOPOPT action=allow policyid=emulla policytype=bill crscore=147.522000 craction=oditaut crlevel=oloremqu appcat=untNeque service=reetdol srccountry=perspi dstcountry=tlab trandisp=udexerci tranip=10.249.93.150 tranport=799 duration=113.020000 sentbyte=2808 rcvdbyte=5744 sentpkt=ovolup app=squ", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-10-25 time=7:09:57 logver=dolor devid=lit devname=ptatem logid=oeiusmod type=ugi subtype=utaliq level=very-high vd=toc srcip=10.76.177.154 srcport=1428 srcintf=eth4425 dstip=10.207.160.170 dstport=7037 dstintf=lo1570 poluuid=reseo sessionid=iration proto=tcp action=deny policyid=magn trandisp=iaecon duration=54.100000 sentbyte=622 rcvdbyte=6280 devtype=ill osname=oris osversion=1.5718 mastersrcmac=ulamcol srcmac=01:00:5e:19:ce:4b crscore=142.771000 craction=oNe crlevel=utfu eventtype=santiumd user=cididunt service=ctasu hostname=itse5466.api.example profile=ica reqtype=mnisis url=https://internal.example.com/nonnumqu/isciveli.gif?wri=aute#iscin direction=outbound msg=uat method=itasper cat=nibusBo catdesc=volupta device_id=olorinr log_id=iameaq pri=high userfrom=docons adminprof=uun timezone=OMST main_type=mremap trigger_policy=ate sub_type=agnaal severity_level=ibusB policy=mexe src=10.217.209.221 src_port=3639 dst=10.26.4.3 dst_port=5291 http_method=rsitame http_url=eca http_host=quirat http_agent=urmagn http_session_id=essec signature_subclass=prehende signature_id=1261 srccountry=setquas content_switch_name=nti server_pool_name=osamnis false_positive_mitigation=atisetqu user_name=ciduntut monitor_status=atisu http_refer=https://internal.example.com/architec/incul.txt?aborios=mco#amnisiu http_version=suntincu dev_id=lore threat_weight=equatu history_threat_weight=enbyCi threat_level=dolo ftp_mode=adipi ftp_cmd=beata cipher_suite=evelites msg_id=ipiscive", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=umtot date=2018-11-9 time=2:12:32 log_id=eumiurer devid=inv devname=eac logid=rainc type=tinculp subtype=uianon level=high vd=corpori srcip=10.232.131.132 srcport=581 srcintf=enp0s6255 dstip=10.232.246.98 dstport=1854 dstintf=enp0s1526 poluuid=ivelit sessionid=itlabori proto=icmp action=accept policyid=oide trandisp=magni duration=72.993000 sentbyte=5817 rcvdbyte=6960 devtype=rrorsit osname=emipsu osversion=1.6603 mastersrcmac=temUte srcmac=01:00:5e:fe:be:28 crscore=134.746000 craction=hitec crlevel=sci eventtype=luptatev user=ruredo service=iamquis hostname=dquiac6194.api.lan profile=nidolo reqtype=runtmoll url=https://www5.example.org/utlabo/scip.html?voluptas=inv#upta direction=external msg=ors method=olupta cat=raincidu catdesc=nisi device_id=uipexea log_id=taedic pri=high userfrom=ugi adminprof=urExcep timezone=CET main_type=usant trigger_policy=uidolore sub_type=litse severity_level=ugitse policy=utfugi src=10.241.140.241 src_port=1813 dst=10.180.162.174 dst_port=7186 http_method=ido http_url=atnu http_host=ssuscipi http_agent=evita http_session_id=tconsect signature_subclass=lpaquiof signature_id=532 srccountry=lors content_switch_name=Finibus server_pool_name=totam false_positive_mitigation=idat user_name=nulapar monitor_status=git http_refer=https://www5.example.com/odtem/tati.jpg?ueips=umqu#ntexpli http_version=siuta dev_id=porincid threat_weight=itame history_threat_weight=inv threat_level=remaper ftp_mode=quaUteni ftp_cmd=evelit cipher_suite=oluptat msg_id=ditem", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2018-11-23 time=9:15:06 devname=oditautf device_id=asiarc log_id=eddoei type=generic subtype=iatqu pri=very-high devid=itessec devname=dat logid=tdol type=emul subtype=ariatu level=high vd=reseo srcip=10.53.70.207 srcport=1793 srcintf=lo2279 dstip=10.73.140.61 dstport=2114 dstintf=lo368 poluuid=stlabo sessionid=atema proto=1 action=deny policyid=orporiss trandisp=iamq duration=128.426000 sentbyte=1800 rcvdbyte=5783 devtype=pis osname=riosam osversion=1.2052 mastersrcmac=iosam srcmac=01:00:5e:21:d3:0a crscore=65.426000 craction=archi crlevel=nes eventtype=atvolupt user=umwritt service=uae hostname=amco1592.mail.host profile=aaliq reqtype=olupta url=https://internal.example.com/ssusci/snostrud.txt?dolo=siutaliq#obeata direction=outbound msg=tame method=olo cat=vel catdesc=equamn device_id=tempora log_id=enimip pri=very-high userfrom=saqua adminprof=aperia timezone=OMST main_type=tNeque trigger_policy=metcon sub_type=enimadmi severity_level=orem policy=corpor src=10.110.99.222 src_port=5685 dst=10.62.140.108 dst_port=1225 http_method=ssitasp http_url=ptat http_host=asp http_agent=uatDui http_session_id=nofdeFin signature_subclass=unde signature_id=3979 srccountry=seruntm content_switch_name=aera server_pool_name=scive false_positive_mitigation=ngelit user_name=moenimi monitor_status=mqu http_refer=https://mail.example.org/ueipsaq/upid.gif?utla=emUte#tisund http_version=tutla dev_id=isund threat_weight=atemU history_threat_weight=uidex threat_level=uptate ftp_mode=eac ftp_cmd=peria cipher_suite=amaliq msg_id=ium", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=ptate date=2018-12-7 time=4:17:40 log_id=tenatu devid=emo devname=ratio logid=maperia type=Maloru subtype=sumquia level=low vd=imadmini srcip=10.237.5.219 srcport=3828 srcintf=eth4604 dstip=10.197.99.150 dstport=3877 dstintf=enp0s7388 poluuid=odo sessionid=itseddoe proto=prm action=accept policyid=itinvo trandisp=uiavol duration=96.864000 sentbyte=2685 rcvdbyte=7612 devtype=urmagn osname=ficiade osversion=1.2691 mastersrcmac=equ srcmac=01:00:5e:f5:2a:24 crscore=163.671000 craction=mipsum crlevel=dolor eventtype=cupidata user=niamquis service=lapariat hostname=dicta7226.mail.example profile=eddoei reqtype=cingel url=https://api.example.com/temporai/umw.jpg?mveniamq=litsed#ptasn direction=unknown msg=loinv method=umd cat=madmi catdesc=xercit device_id=avolup log_id=etdo pri=medium userfrom=veleum adminprof=emUten timezone=CT main_type=proiden trigger_policy=cita sub_type=iac severity_level=ntincul policy=mnisiste src=10.4.244.115 src_port=4588 dst=10.53.50.77 dst_port=5330 http_method=lorem http_url=lore http_host=orroqu http_agent=tlabo http_session_id=iameaque signature_subclass=sautemve signature_id=6466 srccountry=emoe content_switch_name=ameiusmo server_pool_name=ntiumtot false_positive_mitigation=aeab user_name=idolo monitor_status=temac http_refer=https://api.example.net/ollita/idolore.html?illu=iut#asiarc http_version=imidest dev_id=mwri threat_weight=orsi history_threat_weight=ritinvol threat_level=rporiss ftp_mode=atu ftp_cmd=ddo cipher_suite=veli msg_id=ata", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=lor dtime=2018-12-21 23:20:14.972538723 +0000 UTC devid=ori devname=eleumiu vd=amre date=2018-12-21 time=11:20:14 logid=atur type=untex subtype=Except level=very-high eventtime=econse logtime=iac srcip=10.221.100.157 srcport=865 srcintf=lo4518 srcintfrole=mqu dstip=10.236.211.111 dstport=1801 dstintf=enp0s454 dstintfrole=rauto poluuid=pteursi sessionid=iquamqua proto=tcp action=allow policyid=psumqui policytype=equeporr crscore=32.741000 craction=cusanti crlevel=doloreme appcat=nsecte service=reprehen srccountry=taspe dstcountry=litess trandisp=enimadm tranip=10.120.212.78 tranport=119 duration=17.257000 sentbyte=4752 rcvdbyte=3484 sentpkt=ntsuntin app=ectetur", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-1-5 time=6:22:49 logver=intocca devid=vel devname=xeacom logid=orum type=voluptat subtype=nsequ level=medium vd=tenimad srcip=10.140.215.210 srcport=7229 srcintf=lo568 dstip=10.71.213.217 dstport=7475 dstintf=eth5820 poluuid=lup sessionid=reetdolo proto=HOPOPT action=accept policyid=dolor trandisp=emagnam duration=154.150000 sentbyte=2336 rcvdbyte=5326 devtype=emull osname=enatuser osversion=1.3052 mastersrcmac=ectob srcmac=01:00:5e:4a:5d:af crscore=9.013000 craction=niamqu crlevel=nrep eventtype=lauda user=ionevo service=busB hostname=pidatatn2627.www.localdomain profile=eritinvo reqtype=quiav url=https://mail.example.org/ngelit/dipiscin.gif?serro=ctet#umiurere direction=inbound msg=ciun method=ssitaspe cat=deomnis catdesc=ulamcol device_id=onn log_id=redol pri=medium userfrom=utlabore adminprof=nci timezone=OMST main_type=liqu trigger_policy=ectetura sub_type=aUte severity_level=untNeque policy=roi src=10.210.82.202 src_port=2749 dst=10.208.231.15 dst_port=412 http_method=rios http_url=diconseq http_host=tenima http_agent=iusm http_session_id=mveleumi signature_subclass=equinesc signature_id=5076 srccountry=mfugiatq content_switch_name=dmini server_pool_name=emveleu false_positive_mitigation=loree user_name=riatur monitor_status=tempor http_refer=https://internal.example.com/spiciati/tise.gif?ctas=rvelillu#qua http_version=ciat dev_id=iamq threat_weight=porin history_threat_weight=yCi threat_level=arc ftp_mode=santium ftp_cmd=numquame cipher_suite=umfugi msg_id=amestqui", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=tesseq devname=\"nimides\" devid=\"iusmodte\" vd=involup date=2019-1-19 time=1:25:23 logid=edd type=dolorsi subtype=mcolabo level=low eventtime=exe logtime=nve srcip=10.226.255.3 srcport=5449 srcintf=lo7680 srcintfrole=iaconseq dstip=10.123.59.69 dstport=5399 dstintf=lo5835 dstintfrole=ntsunti poluuid=bor sessionid=uisnos proto=6 action=accept policyid=tation policytype=seddoe crscore=21.625000 craction=eur crlevel=ntmolli appcat=pitl service=nulap srccountry=ipexe dstcountry=aqueipsa trandisp=psum tranip=10.53.251.202 tranport=7501 duration=131.751000 sentbyte=6876 rcvdbyte=220 sentpkt=ugi app=ptate", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=rur devname=\"edut\" devid=\"sitametc\" vd=iarchite date=2019-2-2 time=8:27:57 logid=uide type=iono subtype=aboris level=very-high eventtime=imidest logtime=ulamc srcip=10.3.85.176 srcport=318 srcintf=eth2546 srcintfrole=uptateve dstip=10.212.56.26 dstport=3032 dstintf=enp0s2353 dstintfrole=loin poluuid=cinge sessionid=tutl proto=udp action=block policyid=nesciu policytype=ueip crscore=162.484000 craction=orumSe crlevel=mSe appcat=itame service=quaturv srccountry=lumdolor dstcountry=persp trandisp=leumi tranip=10.29.141.252 tranport=2077 duration=106.468000 sentbyte=3472 rcvdbyte=7868 sentpkt=orum app=reseos", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-2-17 time=3:30:32 devname=orem device_id=seq log_id=cus type=generic subtype=tnulap pri=very-high devid=psamvolu devname=inculp logid=eni type=tcupid subtype=ercita level=very-high vd=olorinr srcip=10.110.166.81 srcport=7354 srcintf=lo3023 dstip=10.181.48.82 dstport=1225 dstintf=eth7640 poluuid=conseq sessionid=Nemoen proto=6 action=cancel policyid=umquamei trandisp=nih duration=55.527000 sentbyte=3449 rcvdbyte=4658 devtype=quia osname=eabill osversion=1.95 mastersrcmac=oeiusmo srcmac=01:00:5e:82:ca:1b crscore=67.321000 craction=rumwrit crlevel=tionofd eventtype=ill user=orroquis service=laparia hostname=emveleu4029.api.local profile=tconse reqtype=ntsun url=https://internal.example.net/inc/riaturEx.htm?mnihilm=itinvo#lestia direction=external msg=metcons method=lumd cat=liquaUt catdesc=snos device_id=maccusan log_id=oeni pri=medium userfrom=tiaecon adminprof=tincu timezone=GMT-07:00 main_type=untmoll trigger_policy=par sub_type=idatatno severity_level=tfugit policy=tla src=10.126.11.186 src_port=589 dst=10.236.175.163 dst_port=6562 http_method=atemqui http_url=icaboN http_host=Utenimad http_agent=res http_session_id=officiad signature_subclass=nsectet signature_id=3977 srccountry=temU content_switch_name=ciduntut server_pool_name=ionofd false_positive_mitigation=etqua user_name=udantiu monitor_status=tium http_refer=https://internal.example.net/leumiu/iuta.html?tfugit=rorsitv#tiaecons http_version=uamestq dev_id=aliquaUt threat_weight=boreet history_threat_weight=mquam threat_level=volu ftp_mode=nof ftp_cmd=boNe cipher_suite=ovolu msg_id=cid", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=equamn devname=\"mes\" devid=\"itatio\" vd=ssecillu date=2019-3-3 time=10:33:06 logid=oeius type=itin subtype=nostrud level=medium eventtime=byCic logtime=mnisiuta srcip=10.171.60.173 srcport=209 srcintf=lo1917 srcintfrole=usmodite dstip=10.11.150.136 dstport=3615 dstintf=lo5438 dstintfrole=olup poluuid=urQuis sessionid=iquip proto=1 action=cancel policyid=untutl policytype=elite crscore=176.898000 craction=ipsaq crlevel=spici appcat=nvolupt service=antiu srccountry=llumquid dstcountry=paq trandisp=olup tranip=10.83.98.220 tranport=1300 duration=73.115000 sentbyte=5812 rcvdbyte=3339 sentpkt=amquis app=umtotam", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=pitlabo dtime=2019-03-17 17:35:40.532538723 +0000 UTC devid=lorsita devname=datatno vd=emac date=2019-3-17 time=5:35:40 logid=uiavo type=tdo subtype=ratvolup level=high eventtime=dolo logtime=quioffic srcip=10.238.49.73 srcport=1554 srcintf=enp0s11 srcintfrole=riatu dstip=10.74.88.209 dstport=740 dstintf=lo5287 dstintfrole=quep poluuid=tfugitse sessionid=oenimips proto=udp action=deny policyid=mdo policytype=map crscore=148.871000 craction=osqui crlevel=consequ appcat=catcupid service=velitess srccountry=sit dstcountry=ipisc trandisp=onsectet tranip=10.92.3.166 tranport=5777 duration=156.314000 sentbyte=715 rcvdbyte=3946 sentpkt=itvol app=dolo", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=amquisno dtime=2019-04-01 00:38:14.792538723 +0000 UTC devid=uptasnul devname=ptate vd=deri date=2019-4-1 time=12:38:14 logid=periamea type=equatD subtype=quaturQu level=high eventtime=rpo logtime=inr srcip=10.119.248.36 srcport=2450 srcintf=enp0s1885 srcintfrole=ten dstip=10.187.107.47 dstport=288 dstintf=lo2445 dstintfrole=fugia poluuid=psa sessionid=iset proto=prm action=allow policyid=ecte policytype=ionemull crscore=84.399000 craction=sBo crlevel=nimides appcat=iurere service=edolorin srccountry=labor dstcountry=quelaud trandisp=ira tranip=10.84.200.121 tranport=3226 duration=128.212000 sentbyte=2150 rcvdbyte=4329 sentpkt=nos app=icta", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=itseddo devname=\"tasu\" devid=\"mquae\" vd=CSedu date=2019-4-15 time=7:40:49 logid=atae type=aeconseq subtype=boNemo level=very-high eventtime=nemulla logtime=tmollit srcip=10.167.128.229 srcport=4052 srcintf=eth1833 srcintfrole=ciatisu dstip=10.135.213.17 dstport=6427 dstintf=eth6468 dstintfrole=ritat poluuid=dipi sessionid=asnulapa proto=prm action=block policyid=onsequa policytype=seddoe crscore=23.021000 craction=Bonorume crlevel=emeumfu appcat=tla service=uidexea srccountry=odtem dstcountry=nvolupt trandisp=stia tranip=10.30.239.222 tranport=1546 duration=10.721000 sentbyte=6561 rcvdbyte=1057 sentpkt=itectobe app=rroq", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-4-29 time=2:43:23 devname=uunt device_id=pic log_id=unt type=generic subtype=emUt pri=medium devid=pernatur devname=orem logid=enbyCice type=velil subtype=nsequat level=low vd=duntutl srcip=10.238.172.76 srcport=156 srcintf=lo1215 dstip=10.201.119.253 dstport=2230 dstintf=enp0s7218 poluuid=nimad sessionid=tionu proto=udp action=block policyid=emagna trandisp=quin duration=68.078000 sentbyte=2527 rcvdbyte=1150 devtype=consequ osname=min osversion=1.1028 mastersrcmac=edicta srcmac=01:00:5e:cd:6c:ed crscore=163.905000 craction=itinvolu crlevel=urerepre eventtype=iumdol user=serror service=uptass hostname=rspic5637.api.local profile=itatise reqtype=iut url=https://api.example.net/ita/esse.txt?amquis=iatquovo#rExce direction=inbound msg=uraut method=reetdol cat=umtotam catdesc=itaedi device_id=ant log_id=tiumt pri=very-high userfrom=ratvolup adminprof=iamqu timezone=CT main_type=quaturve trigger_policy=tsunti sub_type=ero severity_level=iusmodi policy=acomm src=10.169.133.219 src_port=92 dst=10.115.166.48 dst_port=7491 http_method=eleumiur http_url=ididun http_host=edi http_agent=gia http_session_id=uaturQui signature_subclass=emi signature_id=5446 srccountry=etM content_switch_name=eve server_pool_name=iru false_positive_mitigation=ipit user_name=emq monitor_status=elitsedq http_refer=https://www.example.net/onsequat/emagnaa.gif?itse=tco#nnumqua http_version=erit dev_id=lorsitam threat_weight=emagnama history_threat_weight=ute threat_level=Excep ftp_mode=utpersp ftp_cmd=rehe cipher_suite=tiumt msg_id=ulamc", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=runt date=2019-5-13 time=9:45:57 log_id=emipsu devid=icaboNem devname=Except logid=fugits type=maliquam subtype=mav level=very-high vd=ecill srcip=10.36.122.89 srcport=5040 srcintf=lo3887 dstip=10.206.76.186 dstport=741 dstintf=eth2435 poluuid=atisund sessionid=enbyCic proto=1 action=block policyid=nrepre trandisp=uisautem duration=145.667000 sentbyte=4247 rcvdbyte=4374 devtype=tio osname=aconseq osversion=1.4195 mastersrcmac=enatuser srcmac=01:00:5e:1a:9c:4f crscore=124.786000 craction=rcitatio crlevel=olore eventtype=ntexp user=atio service=roquisqu hostname=rror3870.www5.local profile=volu reqtype=occ url=https://www5.example.net/culpa/isun.txt?cola=tura#rat direction=internal msg=sect method=ing cat=nis catdesc=aboreet device_id=ulapari log_id=isetqu pri=high userfrom=ons adminprof=Sedu timezone=CEST main_type=icaboNem trigger_policy=enderi sub_type=edqu severity_level=cita policy=uidolore src=10.146.255.40 src_port=3003 dst=10.226.39.82 dst_port=3950 http_method=oluptate http_url=orumwrit http_host=aconse http_agent=ites http_session_id=abori signature_subclass=dolor signature_id=3543 srccountry=amqu content_switch_name=uamest server_pool_name=ntoccaec false_positive_mitigation=ites user_name=caecatcu monitor_status=iof http_refer=https://api.example.com/uae/mdolo.txt?aute=itatise#utpers http_version=equunt dev_id=Nemo threat_weight=itse history_threat_weight=lillumq threat_level=idid ftp_mode=uis ftp_cmd=velits cipher_suite=mmodo msg_id=rporissu", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=utemvel dtime=2019-05-28 04:48:31.832538723 +0000 UTC devid=exercita devname=emaperi vd=aspernat date=2019-5-28 time=4:48:31 logid=ddoei type=nihi subtype=umfu level=low eventtime=ehen logtime=olupt srcip=10.53.82.96 srcport=7088 srcintf=eth297 srcintfrole=nostru dstip=10.224.212.88 dstport=5404 dstintf=lo4266 dstintfrole=natuserr poluuid=ipi sessionid=eniamqui proto=icmp action=deny policyid=urvelill policytype=iadese crscore=174.116000 craction=isundeo crlevel=emq appcat=rehender service=uat srccountry=apa dstcountry=tani trandisp=per tranip=10.35.240.70 tranport=2587 duration=62.993000 sentbyte=7102 rcvdbyte=2380 sentpkt=ataevit app=chi", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=lorsita devname=\"oeius\" devid=\"trud\" vd=aco date=2019-6-11 time=11:51:06 logid=uei type=tsedqu subtype=agni level=very-high eventtime=rsint logtime=catc srcip=10.186.253.240 srcport=6982 srcintf=enp0s5429 srcintfrole=end dstip=10.233.128.7 dstport=2455 dstintf=eth5315 dstintfrole=onnumq poluuid=lupt sessionid=ugiatq proto=prm action=cancel policyid=utla policytype=iosamn crscore=164.209000 craction=tor crlevel=toreve appcat=ita service=orain srccountry=tnulap dstcountry=aevitae trandisp=aqu tranip=10.66.149.234 tranport=6236 duration=128.130000 sentbyte=6344 rcvdbyte=475 sentpkt=loremeu app=tate", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=elaud dtime=2019-06-25 18:53:40.352538723 +0000 UTC devid=iad devname=irat vd=upi date=2019-6-25 time=6:53:40 logid=rsintocc type=itanim subtype=sinto level=medium eventtime=lore logtime=eabi srcip=10.227.133.134 srcport=3351 srcintf=enp0s4820 srcintfrole=erspici dstip=10.46.11.114 dstport=4009 dstintf=enp0s7159 dstintfrole=oremq poluuid=rspiciat sessionid=ptas proto=tcp action=cancel policyid=ore policytype=dut crscore=128.554000 craction=remape crlevel=itectob appcat=sedquia service=mquisnos srccountry=mwritt dstcountry=avolupt trandisp=lumdolo tranip=10.173.140.201 tranport=6422 duration=133.394000 sentbyte=7249 rcvdbyte=1387 sentpkt=str app=sit", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=elillum dtime=2019-07-10 01:56:14.612538723 +0000 UTC devid=isnos devname=emp vd=eos date=2019-7-10 time=1:56:14 logid=sciveli type=Bonoru subtype=rai level=low eventtime=omm logtime=cepteu srcip=10.205.18.11 srcport=6737 srcintf=eth4759 srcintfrole=ueipsa dstip=10.69.130.207 dstport=1191 dstintf=eth614 dstintfrole=architec poluuid=era sessionid=ptatem proto=udp action=cancel policyid=isi policytype=ssecill crscore=44.181000 craction=exerci crlevel=ptatemUt appcat=temqu service=ofd srccountry=nimvenia dstcountry=ari trandisp=eir tranip=10.170.236.123 tranport=4346 duration=150.036000 sentbyte=6877 rcvdbyte=1751 sentpkt=orum app=tation", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=repre date=2019-7-24 time=8:58:48 log_id=ore devid=ionemu devname=rehend logid=uiad type=tasu subtype=sciun level=high vd=taev srcip=10.196.124.206 srcport=7569 srcintf=enp0s2181 dstip=10.186.88.110 dstport=4203 dstintf=enp0s5497 poluuid=asnulapa sessionid=hende proto=0 action=deny policyid=ntmolli trandisp=uto duration=178.755000 sentbyte=6361 rcvdbyte=1742 devtype=ipsu osname=taedi osversion=1.2682 mastersrcmac=acom srcmac=01:00:5e:99:e3:a5 crscore=175.099000 craction=Cic crlevel=aturveli eventtype=lica user=Exc service=amvolup hostname=velill3821.mail.invalid profile=asnulap reqtype=usmodte url=https://example.com/loremag/mqu.gif?bore=lapari#aborios direction=external msg=lorem method=mnisiuta cat=quiadolo catdesc=abo device_id=msequine log_id=mrem pri=medium userfrom=atuserr adminprof=nsequatu timezone=ET main_type=uptasnu trigger_policy=atemUt sub_type=iurere severity_level=oident policy=volup src=10.97.254.192 src_port=302 dst=10.124.34.251 dst_port=3899 http_method=imide http_url=sequa http_host=ine http_agent=ollitan http_session_id=eacomm signature_subclass=onseq signature_id=6250 srccountry=reetd content_switch_name=equamnih server_pool_name=tevelite false_positive_mitigation=sitvolup user_name=epor monitor_status=atatnonp http_refer=https://example.org/elauda/ria.htm?uptatemU=iono#quun http_version=itationu dev_id=eniamqui threat_weight=adolo history_threat_weight=oreetdol threat_level=uinesciu ftp_mode=sciun ftp_cmd=tametc cipher_suite=rExcep msg_id=avolup", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=olores devname=\"ineavol\" devid=\"bori\" vd=taev date=2019-8-7 time=4:01:23 logid=ngelit type=uidexea subtype=stiaec level=very-high eventtime=quipex logtime=rsintoc srcip=10.9.41.221 srcport=4010 srcintf=eth434 srcintfrole=estlabor dstip=10.81.58.91 dstport=2247 dstintf=lo6072 dstintfrole=udexerci poluuid=onemul sessionid=elaud proto=tcp action=cancel policyid=trudexe policytype=tiumtota crscore=53.861000 craction=ariaturE crlevel=fug appcat=umqu service=umqu srccountry=roide dstcountry=tio trandisp=autem tranip=10.204.98.238 tranport=3885 duration=108.380000 sentbyte=2498 rcvdbyte=3936 sentpkt=aquioffi app=aliqui", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-8-21 time=11:03:57 devname=unti device_id=tena log_id=velits type=event subtype=oditautf pri=high desc=rmagni user=tiono userfrom=utemvele msg=taevi action=cancel adom=xplicabo4308.www.example session_id=tquo", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=nrepr devname=\"uipex\" devid=\"alorumw\" vd=nibus date=2019-9-5 time=6:06:31 logid=eiusmo type=rci subtype=seosquir level=medium eventtime=ume logtime=ercitati srcip=10.35.84.125 srcport=341 srcintf=enp0s2388 srcintfrole=pernatu dstip=10.37.120.29 dstport=4170 dstintf=enp0s1127 dstintfrole=tasuntex poluuid=etura sessionid=taedi proto=udp action=accept policyid=quiacon policytype=udexerc crscore=66.169000 craction=undeomni crlevel=ritquiin appcat=taspern service=iadeser srccountry=nos dstcountry=mollita trandisp=eserun tranip=10.212.208.70 tranport=3237 duration=36.569000 sentbyte=5330 rcvdbyte=11 sentpkt=otamr app=eveli", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=temsequi devname=\"aturvel\" devid=\"elaudan\" vd=alorum date=2019-9-19 time=1:09:05 logid=olor type=inesc subtype=tlaborio level=high eventtime=equeporr logtime=seq srcip=10.143.65.84 srcport=2670 srcintf=enp0s5828 srcintfrole=ddoeiu dstip=10.199.201.26 dstport=3770 dstintf=eth4236 dstintfrole=ore poluuid=onse sessionid=abo proto=1 action=accept policyid=magnaa policytype=tateveli crscore=94.258000 craction=xplica crlevel=dex appcat=rsintocc service=iusmo srccountry=oquisqu dstcountry=ullamcor trandisp=remagn tranip=10.207.207.106 tranport=2048 duration=94.877000 sentbyte=6896 rcvdbyte=7419 sentpkt=tvolup app=ites", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=rExce dtime=2019-10-03 20:11:40.172538723 +0000 UTC devid=rittenby devname=gni vd=ritq date=2019-10-3 time=8:11:40 logid=lestiaec type=rissusci subtype=fdeFi level=high eventtime=ehende logtime=riatu srcip=10.204.27.48 srcport=5998 srcintf=lo7358 srcintfrole=emaperia dstip=10.163.236.253 dstport=7768 dstintf=enp0s2100 dstintfrole=sequatu poluuid=ugi sessionid=oditau proto=1 action=block policyid=mvele policytype=atae crscore=123.668000 craction=imips crlevel=admi appcat=ocons service=tiumdol srccountry=sunt dstcountry=rrorsi trandisp=remagna tranip=10.41.61.88 tranport=426 duration=82.943000 sentbyte=525 rcvdbyte=3702 sentpkt=dolor app=ips", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=ipitlab dtime=2019-10-18 03:14:14.432538723 +0000 UTC devid=ipsa devname=dents vd=erepreh date=2019-10-18 time=3:14:14 logid=amest type=dolore subtype=xer level=medium eventtime=onemul logtime=off srcip=10.246.81.164 srcport=3453 srcintf=lo3071 srcintfrole=ende dstip=10.185.44.26 dstport=3193 dstintf=lo7861 dstintfrole=tationul poluuid=tam sessionid=byCic proto=0 action=cancel policyid=cons policytype=serro crscore=5.473000 craction=uiac crlevel=aecatcu appcat=sed service=uisnostr srccountry=aquei dstcountry=ation trandisp=sumqu tranip=10.53.110.111 tranport=2549 duration=141.141000 sentbyte=5569 rcvdbyte=5239 sentpkt=entore app=uaturQ", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=xpli date=2019-11-1 time=10:16:48 log_id=quae devid=totamre devname=lam logid=quamestq type=porai subtype=oinve level=medium vd=hender srcip=10.84.154.230 srcport=1335 srcintf=enp0s1127 dstip=10.212.63.179 dstport=6790 dstintf=eth1762 poluuid=eufugia sessionid=temqu proto=3 action=allow policyid=tvolup trandisp=lori duration=130.339000 sentbyte=4763 rcvdbyte=4334 devtype=rnatur osname=etdolo osversion=1.802 mastersrcmac=adipisci srcmac=01:00:5e:7b:68:0e crscore=36.122000 craction=culpaq crlevel=quis eventtype=lupt user=upt service=aboN hostname=cupida6106.www5.local profile=tdo reqtype=asperna url=https://api.example.com/aco/empo.jpg?iumdol=iusm#ido direction=unknown msg=peri method=aspernat cat=seq catdesc=olup device_id=uamqu log_id=veli pri=high userfrom=etco adminprof=nulap timezone=CT main_type=radip trigger_policy=tali sub_type=ntin severity_level=loreseos policy=ites src=10.109.172.90 src_port=2785 dst=10.146.77.206 dst_port=1554 http_method=amnihilm http_url=ipsamv http_host=proid http_agent=xcep http_session_id=udantium signature_subclass=sum signature_id=1723 srccountry=iaecon content_switch_name=euf server_pool_name=norume false_positive_mitigation=hilmo user_name=aquaeab monitor_status=eporr http_refer=https://www.example.com/metMalo/santiu.jpg?icon=enderit#roquisqu http_version=lapa dev_id=imadm threat_weight=giatquo history_threat_weight=oeiusm threat_level=oreeuf ftp_mode=iusmodt ftp_cmd=umwrit cipher_suite=atatn msg_id=uatD", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-11-15 time=5:19:22 devname=ptate device_id=Nemoe log_id=cupidat type=generic subtype=onsequ pri=high devid=nostr devname=umtotam logid=mqua type=emU subtype=gnido level=very-high vd=plicab srcip=10.8.161.226 srcport=3191 srcintf=eth5256 dstip=10.13.234.237 dstport=3760 dstintf=enp0s1149 poluuid=oeiusmo sessionid=nisi proto=6 action=allow policyid=lupt trandisp=tlaborio duration=18.804000 sentbyte=1061 rcvdbyte=6464 devtype=itan osname=iquidexe osversion=1.2314 mastersrcmac=fugia srcmac=01:00:5e:09:8f:0e crscore=5.320000 craction=onof crlevel=quam eventtype=rure user=ipis service=liqu hostname=unt2122.internal.local profile=orsitame reqtype=tassitas url=https://example.org/uidolor/turve.htm?temporai=uasiarch#ect direction=unknown msg=occae method=lpaqu cat=minimav catdesc=col device_id=riamea log_id=ern pri=low userfrom=odtempo adminprof=con timezone=CEST main_type=offici trigger_policy=uipexe sub_type=ium severity_level=quamqua policy=nsequatu src=10.38.18.72 src_port=3177 dst=10.202.250.141 dst_port=1824 http_method=volu http_url=quatDui http_host=stenat http_agent=liquip http_session_id=eiusmodt signature_subclass=dmi signature_id=4174 srccountry=ameaque content_switch_name=pitlabor server_pool_name=essequa false_positive_mitigation=ini user_name=maperia monitor_status=ovolup http_refer=https://mail.example.com/veniamq/uisno.htm?luptas=omm#eaquei http_version=iveli dev_id=lill threat_weight=voluptat history_threat_weight=aturveli threat_level=incidunt ftp_mode=tatnonp ftp_cmd=abi cipher_suite=nimave msg_id=atu", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "logver=siu date=2019-11-30 time=12:21:57 log_id=inrepr devid=cero devname=ita logid=xercitat type=meumfug subtype=umt level=very-high vd=laparia srcip=10.195.87.127 srcport=760 srcintf=lo3094 dstip=10.52.118.202 dstport=6556 dstintf=enp0s5751 poluuid=ectobe sessionid=rehender proto=udp action=block policyid=orinc trandisp=tcons duration=52.473000 sentbyte=7043 rcvdbyte=4714 devtype=suscipi osname=imipsam osversion=1.4674 mastersrcmac=hilm srcmac=01:00:5e:73:ca:c1 crscore=54.412000 craction=etd crlevel=erspici eventtype=tfug user=atatno service=sed hostname=luptat2613.internal.localhost profile=olupt reqtype=mipsum url=https://www.example.net/Maloru/lapariat.htm?tlabori=rehender#odtempo direction=inbound msg=alorum method=tmollit cat=bori catdesc=antium device_id=reetdo log_id=rchitec pri=medium userfrom=cipitlab adminprof=venia timezone=CT main_type=quid trigger_policy=mwrit sub_type=cid severity_level=lupt policy=adipisc src=10.182.124.88 src_port=116 dst=10.139.144.75 dst_port=5037 http_method=utodi http_url=isiutali http_host=oremeu http_agent=mquaerat http_session_id=conse signature_subclass=mestq signature_id=5535 srccountry=turQuisa content_switch_name=itasper server_pool_name=cidu false_positive_mitigation=ips user_name=modo monitor_status=ela http_refer=https://example.org/unti/niamqu.html?ris=veli#giatnu http_version=tanimide dev_id=ectetur threat_weight=umexer history_threat_weight=nim threat_level=nisiuta ftp_mode=cipitla ftp_cmd=ditautf cipher_suite=oluptasn msg_id=madmin", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "date=2019-12-14 time=7:24:31 logver=imadm devid=stla devname=cab logid=orr type=olu subtype=quatDu level=low vd=siste srcip=10.151.47.249 srcport=6697 srcintf=lo5632 dstip=10.155.194.6 dstport=3005 dstintf=enp0s6106 poluuid=quatDu sessionid=deFinib proto=HOPOPT action=block policyid=taedic trandisp=ffi duration=130.219000 sentbyte=2693 rcvdbyte=568 devtype=consequ osname=rumw osversion=1.1386 mastersrcmac=temveleu srcmac=01:00:5e:df:96:27 crscore=104.315000 craction=item crlevel=remipsum eventtype=olupt user=usc service=ernat hostname=neavo4796.internal.domain profile=tatemac reqtype=exer url=https://www5.example.com/xea/ssecill.html?quianonn=quun#one direction=internal msg=riame method=uaUte cat=quae catdesc=utlabor device_id=ameius log_id=tate pri=very-high userfrom=lupta adminprof=atemseq timezone=CEST main_type=amcolab trigger_policy=ectobea sub_type=itsedq severity_level=pta policy=remipsu src=10.35.10.19 src_port=3941 dst=10.188.124.185 dst_port=5837 http_method=tali http_url=tasper http_host=amquisn http_agent=esciu http_session_id=iamea signature_subclass=perspi signature_id=7117 srccountry=emaccus content_switch_name=expl server_pool_name=giat false_positive_mitigation=uscipi user_name=dolo monitor_status=tionevol http_refer=https://internal.example.com/uptatema/dutpers.htm?tion=iumdol#ept http_version=Mal dev_id=tquasia threat_weight=ficiad history_threat_weight=roinBC threat_level=eufu ftp_mode=tio ftp_cmd=equatDu cipher_suite=exea msg_id=tasnulap", "tags": [ diff --git a/packages/fortinet/data_stream/fortimanager/_dev/test/pipeline/test-rsa2elk-output.json-expected.json b/packages/fortinet/data_stream/fortimanager/_dev/test/pipeline/test-rsa2elk-output.json-expected.json index b40fa33bd5d..4eed1c251f9 100644 --- a/packages/fortinet/data_stream/fortimanager/_dev/test/pipeline/test-rsa2elk-output.json-expected.json +++ b/packages/fortinet/data_stream/fortimanager/_dev/test/pipeline/test-rsa2elk-output.json-expected.json @@ -20,7 +20,7 @@ "port": 5037 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/fortinet/data_stream/fortimanager/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet/data_stream/fortimanager/elasticsearch/ingest_pipeline/default.yml index dd4990b7560..9a78f074a75 100644 --- a/packages/fortinet/data_stream/fortimanager/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet/data_stream/fortimanager/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Fortinet Manager/Analyzer processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - gsub: field: destination.mac ignore_missing: true diff --git a/packages/fortinet/data_stream/fortimanager/sample_event.json b/packages/fortinet/data_stream/fortimanager/sample_event.json index 3eac8bb75ea..9e4ec4c7d9d 100644 --- a/packages/fortinet/data_stream/fortimanager/sample_event.json +++ b/packages/fortinet/data_stream/fortimanager/sample_event.json @@ -27,7 +27,7 @@ "port": 6125 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/fortinet/docs/README.md b/packages/fortinet/docs/README.md index f83b79b6771..6e772ecb63b 100644 --- a/packages/fortinet/docs/README.md +++ b/packages/fortinet/docs/README.md @@ -55,7 +55,7 @@ An example event for `firewall` looks as following: "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "7cc48d16-ebf0-44b1-9094-fe2082d8f5a4", @@ -781,7 +781,7 @@ An example event for `clientendpoint` looks as following: "port": 3994 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", @@ -1750,7 +1750,7 @@ An example event for `fortimail` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", @@ -2684,7 +2684,7 @@ An example event for `fortimanager` looks as following: "port": 6125 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/fortinet/manifest.yml b/packages/fortinet/manifest.yml index c7a9ec57064..9af06b5262e 100644 --- a/packages/fortinet/manifest.yml +++ b/packages/fortinet/manifest.yml @@ -1,6 +1,6 @@ name: fortinet title: Fortinet Logs -version: 1.6.2 +version: "1.7.0" release: ga description: Collect logs from Fortinet instances with Elastic Agent. type: integration diff --git a/packages/gcp/_dev/build/build.yml b/packages/gcp/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/gcp/_dev/build/build.yml +++ b/packages/gcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index 32a450ca10f..942672f462c 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.9.2" changes: - description: Fix GCP auditlog parsing issue on response status diff --git a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index a9f592b4535..4aa3afaba80 100644 --- a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -14,7 +14,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GetResourceBillingInfo", @@ -82,7 +82,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "beta.compute.machineTypes.aggregatedList", @@ -175,7 +175,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "beta.compute.instances.aggregatedList", @@ -280,7 +280,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "beta.compute.instances.aggregatedList", @@ -372,7 +372,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", @@ -508,7 +508,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "v1.compute.images.insert", @@ -648,7 +648,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "beta.compute.instances.stop", @@ -737,7 +737,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "io.k8s.core.v1.nodes.list", @@ -822,7 +822,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "io.k8s.extensions.v1beta1.ingresses.list", @@ -910,7 +910,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "io.k8s.get", @@ -995,7 +995,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "io.k8s.get", @@ -1082,7 +1082,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "google.iam.admin.v1.ListServiceAccounts", @@ -1159,7 +1159,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", @@ -1317,7 +1317,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "io.k8s.apps.v1.deployments.patch", @@ -1696,7 +1696,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "google.container.v1.ClusterManager.GetCluster", @@ -1784,7 +1784,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "storage.objects.get", diff --git a/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 69722b2d4a6..847762b489b 100644 --- a/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud audit logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/audit/sample_event.json b/packages/gcp/data_stream/audit/sample_event.json index b5881e272fd..69071f44167 100644 --- a/packages/gcp/data_stream/audit/sample_event.json +++ b/packages/gcp/data_stream/audit/sample_event.json @@ -25,7 +25,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index b6661197d02..2dc9497101c 100644 --- a/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -36,7 +36,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "id": "vwroyze8pg7y", @@ -111,7 +111,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "id": "ivmbnpe95vee", @@ -212,7 +212,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "id": "3c0hhve794jt", @@ -306,7 +306,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "id": "1de2pp0e8q6k", @@ -386,7 +386,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "id": "1oht95te9dnf", diff --git a/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index 9589af9c48d..4c50c5cf872 100644 --- a/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud DNS logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/dns/sample_event.json b/packages/gcp/data_stream/dns/sample_event.json index 10349b6d73b..43db42b0496 100644 --- a/packages/gcp/data_stream/dns/sample_event.json +++ b/packages/gcp/data_stream/dns/sample_event.json @@ -47,7 +47,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json index e058df86681..0e08f81da11 100644 --- a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json @@ -17,7 +17,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -122,7 +122,7 @@ "port": 57794 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -238,7 +238,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -327,7 +327,7 @@ "port": 3389 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -422,7 +422,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -520,7 +520,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -616,7 +616,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -712,7 +712,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -810,7 +810,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -908,7 +908,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1006,7 +1006,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1104,7 +1104,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1202,7 +1202,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1300,7 +1300,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1409,7 +1409,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1509,7 +1509,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1598,7 +1598,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1706,7 +1706,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1814,7 +1814,7 @@ "port": 3389 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -1911,7 +1911,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2019,7 +2019,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", @@ -2127,7 +2127,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "firewall-rule", diff --git a/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index 7dceda4c2c9..39b74b5186b 100644 --- a/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud Firewall Logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/firewall/sample_event.json b/packages/gcp/data_stream/firewall/sample_event.json index feeb2644cfb..26024f86675 100644 --- a/packages/gcp/data_stream/firewall/sample_event.json +++ b/packages/gcp/data_stream/firewall/sample_event.json @@ -28,7 +28,7 @@ "port": 3389 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json index e16b50ab377..415f3ca3649 100644 --- a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json +++ b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json @@ -23,7 +23,7 @@ "port": 33478 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -101,7 +101,7 @@ "port": 33970 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -216,7 +216,7 @@ "port": 33576 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -310,7 +310,7 @@ "port": 59679 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -386,7 +386,7 @@ "port": 50646 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -459,7 +459,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -543,7 +543,7 @@ "port": 33692 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -658,7 +658,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -749,7 +749,7 @@ "port": 33554 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -852,7 +852,7 @@ "port": 33880 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -950,7 +950,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1033,7 +1033,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1136,7 +1136,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1251,7 +1251,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1354,7 +1354,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1457,7 +1457,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1543,7 +1543,7 @@ "port": 46864 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1627,7 +1627,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1728,7 +1728,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1825,7 +1825,7 @@ "port": 65320 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1915,7 +1915,7 @@ "port": 33562 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2012,7 +2012,7 @@ "port": 9243 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2085,7 +2085,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2186,7 +2186,7 @@ "port": 33548 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2272,7 +2272,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2361,7 +2361,7 @@ "port": 33542 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2464,7 +2464,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2573,7 +2573,7 @@ "port": 34836 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2646,7 +2646,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2744,7 +2744,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2830,7 +2830,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -2931,7 +2931,7 @@ "port": 33534 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3034,7 +3034,7 @@ "port": 33694 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3131,7 +3131,7 @@ "port": 65263 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3209,7 +3209,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3324,7 +3324,7 @@ "port": 49680 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3416,7 +3416,7 @@ "port": 33862 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3500,7 +3500,7 @@ "port": 65321 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3578,7 +3578,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3688,7 +3688,7 @@ "port": 60112 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3779,7 +3779,7 @@ "port": 33552 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3894,7 +3894,7 @@ "port": 33524 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -3985,7 +3985,7 @@ "port": 33548 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4088,7 +4088,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4197,7 +4197,7 @@ "port": 33924 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4281,7 +4281,7 @@ "port": 65271 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4354,7 +4354,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4433,7 +4433,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4528,7 +4528,7 @@ "port": 65316 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4606,7 +4606,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4709,7 +4709,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4819,7 +4819,7 @@ "port": 33558 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4905,7 +4905,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -4989,7 +4989,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5073,7 +5073,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5158,7 +5158,7 @@ "port": 50438 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5239,7 +5239,7 @@ "port": 59623 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5317,7 +5317,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5432,7 +5432,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5518,7 +5518,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5602,7 +5602,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5686,7 +5686,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5775,7 +5775,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5884,7 +5884,7 @@ "port": 33602 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -5957,7 +5957,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -6046,7 +6046,7 @@ "port": 33534 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -6155,7 +6155,7 @@ "port": 52260 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -6245,7 +6245,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -6348,7 +6348,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -6439,7 +6439,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -6554,7 +6554,7 @@ "port": 33554 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -6651,7 +6651,7 @@ "port": 53706 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -6729,7 +6729,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -6827,7 +6827,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -6916,7 +6916,7 @@ "port": 33556 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7014,7 +7014,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7098,7 +7098,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7193,7 +7193,7 @@ "port": 34090 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7277,7 +7277,7 @@ "port": 34178 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7361,7 +7361,7 @@ "port": 33064 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7434,7 +7434,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7529,7 +7529,7 @@ "port": 58216 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7619,7 +7619,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7722,7 +7722,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7808,7 +7808,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -7897,7 +7897,7 @@ "port": 33510 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8006,7 +8006,7 @@ "port": 34906 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8090,7 +8090,7 @@ "port": 52454 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8163,7 +8163,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8252,7 +8252,7 @@ "port": 33530 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8367,7 +8367,7 @@ "port": 33570 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8470,7 +8470,7 @@ "port": 33858 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8573,7 +8573,7 @@ "port": 33590 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8671,7 +8671,7 @@ "port": 60108 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8774,7 +8774,7 @@ "port": 33536 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8865,7 +8865,7 @@ "port": 33560 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -8968,7 +8968,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -9078,7 +9078,7 @@ "port": 33874 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -9169,7 +9169,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -9272,7 +9272,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -9375,7 +9375,7 @@ "port": 33538 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -9490,7 +9490,7 @@ "port": 33690 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -9581,7 +9581,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -9696,7 +9696,7 @@ "port": 33572 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -9799,7 +9799,7 @@ "port": 33968 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -9890,7 +9890,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -9999,7 +9999,7 @@ "port": 57300 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -10072,7 +10072,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -10173,7 +10173,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -10276,7 +10276,7 @@ "port": 33880 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -10367,7 +10367,7 @@ "port": 33574 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -10476,7 +10476,7 @@ "port": 65315 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -10566,7 +10566,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -10652,7 +10652,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -10747,7 +10747,7 @@ "port": 54662 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -10825,7 +10825,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -10928,7 +10928,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11043,7 +11043,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11129,7 +11129,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11230,7 +11230,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11321,7 +11321,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11424,7 +11424,7 @@ "port": 33576 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11539,7 +11539,7 @@ "port": 33540 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11630,7 +11630,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11745,7 +11745,7 @@ "port": 33538 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11831,7 +11831,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11915,7 +11915,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -11999,7 +11999,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12083,7 +12083,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12178,7 +12178,7 @@ "port": 65317 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12256,7 +12256,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12354,7 +12354,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12446,7 +12446,7 @@ "port": 52328 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12524,7 +12524,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12633,7 +12633,7 @@ "port": 37292 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12711,7 +12711,7 @@ "port": 33876 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12806,7 +12806,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12901,7 +12901,7 @@ "port": 59790 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -12991,7 +12991,7 @@ "port": 33552 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -13094,7 +13094,7 @@ "port": 33556 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -13191,7 +13191,7 @@ "port": 65257 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -13269,7 +13269,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -13384,7 +13384,7 @@ "port": 33692 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -13481,7 +13481,7 @@ "port": 65262 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -13556,7 +13556,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -13671,7 +13671,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -13754,7 +13754,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -13855,7 +13855,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -13938,7 +13938,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14033,7 +14033,7 @@ "port": 65322 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14111,7 +14111,7 @@ "port": 33568 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14226,7 +14226,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14312,7 +14312,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14396,7 +14396,7 @@ "port": 33564 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14491,7 +14491,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14587,7 +14587,7 @@ "port": 60126 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14684,7 +14684,7 @@ "port": 32882 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14757,7 +14757,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14852,7 +14852,7 @@ "port": 39568 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -14931,7 +14931,7 @@ "port": 58026 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15021,7 +15021,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15124,7 +15124,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15212,7 +15212,7 @@ "port": 33874 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15310,7 +15310,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15405,7 +15405,7 @@ "port": 41818 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15489,7 +15489,7 @@ "port": 60640 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15567,7 +15567,7 @@ "port": 33966 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15667,7 +15667,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15782,7 +15782,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15870,7 +15870,7 @@ "port": 33524 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -15970,7 +15970,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16080,7 +16080,7 @@ "port": 53104 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16166,7 +16166,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16250,7 +16250,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16332,7 +16332,7 @@ "port": 58100 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16413,7 +16413,7 @@ "port": 60756 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16486,7 +16486,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16578,7 +16578,7 @@ "port": 60122 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16662,7 +16662,7 @@ "port": 53972 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16740,7 +16740,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16838,7 +16838,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -16922,7 +16922,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17006,7 +17006,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17101,7 +17101,7 @@ "port": 65274 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17174,7 +17174,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17275,7 +17275,7 @@ "port": 33530 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17372,7 +17372,7 @@ "port": 65275 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17456,7 +17456,7 @@ "port": 34450 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17529,7 +17529,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17624,7 +17624,7 @@ "port": 53879 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17708,7 +17708,7 @@ "port": 60968 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17781,7 +17781,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17865,7 +17865,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -17960,7 +17960,7 @@ "port": 14236 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -18035,7 +18035,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -18138,7 +18138,7 @@ "port": 33690 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -18241,7 +18241,7 @@ "port": 33562 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -18339,7 +18339,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -18440,7 +18440,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -18531,7 +18531,7 @@ "port": 33590 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -18646,7 +18646,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -18749,7 +18749,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -18835,7 +18835,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -18936,7 +18936,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19027,7 +19027,7 @@ "port": 33968 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19125,7 +19125,7 @@ "port": 52780 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19209,7 +19209,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19296,7 +19296,7 @@ "port": 44128 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19383,7 +19383,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19480,7 +19480,7 @@ "port": 54812 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19570,7 +19570,7 @@ "port": 33564 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19667,7 +19667,7 @@ "port": 49438 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19745,7 +19745,7 @@ "port": 33550 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19855,7 +19855,7 @@ "port": 60110 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -19947,7 +19947,7 @@ "port": 51348 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -20037,7 +20037,7 @@ "port": 33560 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -20140,7 +20140,7 @@ "port": 33510 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -20231,7 +20231,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -20334,7 +20334,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -20443,7 +20443,7 @@ "port": 41822 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -20533,7 +20533,7 @@ "port": 33532 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -20636,7 +20636,7 @@ "port": 33568 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -20739,7 +20739,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -20842,7 +20842,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -20945,7 +20945,7 @@ "port": 53106 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -21042,7 +21042,7 @@ "port": 9243 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -21120,7 +21120,7 @@ "port": 33532 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -21223,7 +21223,7 @@ "port": 33858 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -21326,7 +21326,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -21429,7 +21429,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -21532,7 +21532,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -21647,7 +21647,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -21738,7 +21738,7 @@ "port": 33558 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -21836,7 +21836,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -21931,7 +21931,7 @@ "port": 33542 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -22022,7 +22022,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -22125,7 +22125,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -22228,7 +22228,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -22338,7 +22338,7 @@ "port": 33550 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -22424,7 +22424,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -22525,7 +22525,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -22628,7 +22628,7 @@ "port": 33970 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -22719,7 +22719,7 @@ "port": 33536 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -22834,7 +22834,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -22931,7 +22931,7 @@ "port": 65319 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23021,7 +23021,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23112,7 +23112,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23227,7 +23227,7 @@ "port": 33966 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23330,7 +23330,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23416,7 +23416,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23500,7 +23500,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23584,7 +23584,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23679,7 +23679,7 @@ "port": 50364 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23752,7 +23752,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23836,7 +23836,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -23931,7 +23931,7 @@ "port": 53096 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24009,7 +24009,7 @@ "port": 33570 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24118,7 +24118,7 @@ "port": 33126 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24191,7 +24191,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24292,7 +24292,7 @@ "port": 52430 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24389,7 +24389,7 @@ "port": 34536 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24467,7 +24467,7 @@ "port": 33572 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24570,7 +24570,7 @@ "port": 33540 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24673,7 +24673,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24788,7 +24788,7 @@ "port": 53096 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24879,7 +24879,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -24988,7 +24988,7 @@ "port": 65318 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25061,7 +25061,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25156,7 +25156,7 @@ "port": 56478 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25246,7 +25246,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25332,7 +25332,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25421,7 +25421,7 @@ "port": 33694 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25530,7 +25530,7 @@ "port": 65276 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25608,7 +25608,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25717,7 +25717,7 @@ "port": 56410 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25796,7 +25796,7 @@ "port": 51950 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25886,7 +25886,7 @@ "port": 33876 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -25972,7 +25972,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26057,7 +26057,7 @@ "port": 58658 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26130,7 +26130,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26214,7 +26214,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26304,7 +26304,7 @@ "port": 65272 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26377,7 +26377,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26469,7 +26469,7 @@ "port": 45224 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26542,7 +26542,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26637,7 +26637,7 @@ "port": 65277 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26710,7 +26710,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26805,7 +26805,7 @@ "port": 59924 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26889,7 +26889,7 @@ "port": 65273 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -26962,7 +26962,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -27043,7 +27043,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -27138,7 +27138,7 @@ "port": 34646 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -27208,7 +27208,7 @@ "port": 5601 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -27294,7 +27294,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -27397,7 +27397,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -27512,7 +27512,7 @@ "port": 33574 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml index 594342f3450..89e7ade3b3c 100644 --- a/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud VPC Flow Logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/vpcflow/sample_event.json b/packages/gcp/data_stream/vpcflow/sample_event.json index 3d743d26e53..f90306e4682 100644 --- a/packages/gcp/data_stream/vpcflow/sample_event.json +++ b/packages/gcp/data_stream/vpcflow/sample_event.json @@ -40,7 +40,7 @@ "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/docs/README.md b/packages/gcp/docs/README.md index f34f061b869..8a16c4568dc 100644 --- a/packages/gcp/docs/README.md +++ b/packages/gcp/docs/README.md @@ -347,7 +347,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", @@ -612,7 +612,7 @@ An example event for `firewall` looks as following: "port": 3389 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", @@ -873,7 +873,7 @@ An example event for `vpcflow` looks as following: "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", @@ -1103,7 +1103,7 @@ An example event for `dns` looks as following: "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/docs/audit.md b/packages/gcp/docs/audit.md index 2e8c6995f7b..b6120707318 100644 --- a/packages/gcp/docs/audit.md +++ b/packages/gcp/docs/audit.md @@ -171,7 +171,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/docs/dns.md b/packages/gcp/docs/dns.md index 1d7e31a9003..b9f95dd93ff 100644 --- a/packages/gcp/docs/dns.md +++ b/packages/gcp/docs/dns.md @@ -142,7 +142,7 @@ An example event for `dns` looks as following: "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/docs/firewall.md b/packages/gcp/docs/firewall.md index bfdbb35812c..2d20b9822e4 100644 --- a/packages/gcp/docs/firewall.md +++ b/packages/gcp/docs/firewall.md @@ -160,7 +160,7 @@ An example event for `firewall` looks as following: "port": 3389 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/docs/vpcflow.md b/packages/gcp/docs/vpcflow.md index 05973abc335..9ad5dc2fdcf 100644 --- a/packages/gcp/docs/vpcflow.md +++ b/packages/gcp/docs/vpcflow.md @@ -169,7 +169,7 @@ An example event for `vpcflow` looks as following: "port": 9200 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml index 401442b2324..d5e012c4352 100644 --- a/packages/gcp/manifest.yml +++ b/packages/gcp/manifest.yml @@ -1,6 +1,6 @@ name: gcp title: Google Cloud Platform -version: "1.9.2" +version: "1.10.0" release: ga description: Collect logs from Google Cloud Platform with Elastic Agent. type: integration diff --git a/packages/gcp_pubsub/_dev/build/build.yml b/packages/gcp_pubsub/_dev/build/build.yml index 47cbed9fed8..5661d603a89 100644 --- a/packages/gcp_pubsub/_dev/build/build.yml +++ b/packages/gcp_pubsub/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: git@v8.3.0 diff --git a/packages/gcp_pubsub/changelog.yml b/packages/gcp_pubsub/changelog.yml index e41952b9751..70278442c2c 100644 --- a/packages/gcp_pubsub/changelog.yml +++ b/packages/gcp_pubsub/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.1" changes: - description: update readme diff --git a/packages/gcp_pubsub/manifest.yml b/packages/gcp_pubsub/manifest.yml index f1d4bd11498..52f4eeb2831 100644 --- a/packages/gcp_pubsub/manifest.yml +++ b/packages/gcp_pubsub/manifest.yml @@ -1,6 +1,6 @@ name: gcp_pubsub title: Custom Google Pub/Sub Logs -version: 1.0.1 +version: "1.1.0" release: ga description: Collect Logs from Google Pub/Sub topics type: integration diff --git a/packages/github/_dev/build/build.yml b/packages/github/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/github/_dev/build/build.yml +++ b/packages/github/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/github/changelog.yml b/packages/github/changelog.yml index ef54ecafe4a..59b1aaae0d2 100644 --- a/packages/github/changelog.yml +++ b/packages/github/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.3" changes: - description: Add support for `@timestamp` and missing `created_at` fields diff --git a/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json b/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json index 6afa9fd6871..4e7dbb44a88 100644 --- a/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json +++ b/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-03-04T23:24:11.067Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "organization_default_label.create", @@ -36,7 +36,7 @@ { "@timestamp": "2020-03-04T23:24:11.273Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "organization_default_label.create", @@ -69,7 +69,7 @@ { "@timestamp": "2020-03-04T23:24:11.179Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "organization_default_label.create", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.invite_member", @@ -152,7 +152,7 @@ { "@timestamp": "2020-03-04T23:24:11.101Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "organization_default_label.create", @@ -185,7 +185,7 @@ { "@timestamp": "2020-03-04T23:24:11.214Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "organization_default_label.create", @@ -218,7 +218,7 @@ { "@timestamp": "2020-03-04T23:24:11.364Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "organization_default_label.create", @@ -256,7 +256,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.invite_member", @@ -301,7 +301,7 @@ { "@timestamp": "2020-03-04T23:42:30.878Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.add_member", @@ -347,7 +347,7 @@ { "@timestamp": "2020-03-04T23:24:11.144Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "organization_default_label.create", @@ -380,7 +380,7 @@ { "@timestamp": "2020-03-04T23:24:11.325Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "organization_default_label.create", @@ -413,7 +413,7 @@ { "@timestamp": "2020-03-05T02:45:22.166Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.add_member", @@ -464,7 +464,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.create", @@ -498,7 +498,7 @@ { "@timestamp": "2020-03-04T23:24:11.399Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "organization_default_label.create", @@ -531,7 +531,7 @@ { "@timestamp": "2020-03-04T23:24:08.566Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.add_member", @@ -582,7 +582,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.oauth_app_access_approved", @@ -625,7 +625,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.create", @@ -670,7 +670,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -722,7 +722,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -774,7 +774,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.invite_member", @@ -824,7 +824,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -863,7 +863,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -915,7 +915,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -967,7 +967,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.create", @@ -1012,7 +1012,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.invite_member", @@ -1062,7 +1062,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1101,7 +1101,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -1153,7 +1153,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.invite_member", @@ -1198,7 +1198,7 @@ { "@timestamp": "2021-01-25T22:02:24.633Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.add_member", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1288,7 +1288,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -1340,7 +1340,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_repository", @@ -1386,7 +1386,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1425,7 +1425,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -1472,7 +1472,7 @@ { "@timestamp": "2021-01-26T01:10:57.848Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.actions_enabled", @@ -1511,7 +1511,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repository_vulnerability_alerts.disable", @@ -1549,7 +1549,7 @@ { "@timestamp": "2021-01-25T21:57:02.014Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.add_member", @@ -1600,7 +1600,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_repository", @@ -1646,7 +1646,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1685,7 +1685,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -1737,7 +1737,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "integration_installation.create", @@ -1770,7 +1770,7 @@ { "@timestamp": "2021-01-25T21:57:36.834Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.add_member", @@ -1821,7 +1821,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.create", @@ -1860,7 +1860,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.invite_member", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.create", @@ -1953,7 +1953,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -2000,7 +2000,7 @@ { "@timestamp": "2021-01-25T22:00:13.018Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.add_member", @@ -2051,7 +2051,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -2103,7 +2103,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -2142,7 +2142,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2181,7 +2181,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2220,7 +2220,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "workflows.delete_workflow_run", @@ -2259,7 +2259,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2298,7 +2298,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2337,7 +2337,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2376,7 +2376,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2415,7 +2415,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2454,7 +2454,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2493,7 +2493,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.add_member", @@ -2536,7 +2536,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request_review.submit", @@ -2573,7 +2573,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2612,7 +2612,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -2649,7 +2649,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.transfer", @@ -2693,7 +2693,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "workflows.delete_workflow_run", @@ -2732,7 +2732,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2771,7 +2771,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -2808,7 +2808,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2847,7 +2847,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_repository", @@ -2893,7 +2893,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2932,7 +2932,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create_review_request", @@ -2969,7 +2969,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -3006,7 +3006,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_repository", @@ -3091,7 +3091,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -3128,7 +3128,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create_review_request", @@ -3165,7 +3165,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create_review_request", @@ -3202,7 +3202,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request_review.submit", @@ -3239,7 +3239,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -3276,7 +3276,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -3313,7 +3313,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -3350,7 +3350,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create_review_request", @@ -3387,7 +3387,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request_review.submit", @@ -3424,7 +3424,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create_review_request", @@ -3461,7 +3461,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create_review_request", @@ -3498,7 +3498,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request_review.submit", @@ -3535,7 +3535,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request_review.submit", @@ -3572,7 +3572,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create_review_request", @@ -3609,7 +3609,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -3646,7 +3646,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request_review.submit", @@ -3683,7 +3683,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request_review.submit", @@ -3720,7 +3720,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -3757,7 +3757,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -3794,7 +3794,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -3831,7 +3831,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -3870,7 +3870,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -3907,7 +3907,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create_review_request", @@ -3944,7 +3944,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -3981,7 +3981,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -4018,7 +4018,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -4057,7 +4057,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.create", @@ -4096,7 +4096,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.add_member", @@ -4134,7 +4134,7 @@ { "@timestamp": "2021-07-03T03:33:42.495Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.update_default_branch", @@ -4173,7 +4173,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.remove_member", @@ -4225,7 +4225,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -4277,7 +4277,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.add_member", @@ -4320,7 +4320,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.remove_member", @@ -4372,7 +4372,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.create", @@ -4411,7 +4411,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.remove_member", @@ -4463,7 +4463,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.update_repository_permission", @@ -4508,7 +4508,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.remove_member", @@ -4560,7 +4560,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_repository", @@ -4606,7 +4606,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.destroy", @@ -4645,7 +4645,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.remove_member", @@ -4697,7 +4697,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "project.create", @@ -4731,7 +4731,7 @@ { "@timestamp": "2021-09-20T13:54:28.095Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.actions_enabled", @@ -4770,7 +4770,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -4809,7 +4809,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.update_required_status_checks_enforcement_level", @@ -4848,7 +4848,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -4887,7 +4887,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -4926,7 +4926,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -4965,7 +4965,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request_review.submit", @@ -5002,7 +5002,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -5041,7 +5041,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -5080,7 +5080,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -5119,7 +5119,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -5171,7 +5171,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "required_status_check.create", @@ -5210,7 +5210,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -5249,7 +5249,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -5288,7 +5288,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -5327,7 +5327,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -5366,7 +5366,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -5405,7 +5405,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.create", @@ -5448,7 +5448,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -5487,7 +5487,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_repository", @@ -5533,7 +5533,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_repository", @@ -5579,7 +5579,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.create", @@ -5618,7 +5618,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -5657,7 +5657,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -5696,7 +5696,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -5735,7 +5735,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -5774,7 +5774,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -5808,7 +5808,7 @@ { "@timestamp": "2021-09-17T16:59:20.413Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.actions_enabled", @@ -5847,7 +5847,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -5886,7 +5886,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.create", @@ -5929,7 +5929,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -5968,7 +5968,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "required_status_check.create", @@ -6007,7 +6007,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.rename", @@ -6046,7 +6046,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -6085,7 +6085,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -6124,7 +6124,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.update_admin_enforced", @@ -6163,7 +6163,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -6202,7 +6202,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.access", @@ -6241,7 +6241,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -6280,7 +6280,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -6319,7 +6319,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -6358,7 +6358,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -6397,7 +6397,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -6436,7 +6436,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.update_required_status_checks_enforcement_level", @@ -6475,7 +6475,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -6514,7 +6514,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "project.create", @@ -6553,7 +6553,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.audit_log_export", @@ -6596,7 +6596,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_member", @@ -6648,7 +6648,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -6687,7 +6687,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -6726,7 +6726,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.merge", @@ -6765,7 +6765,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -6804,7 +6804,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -6843,7 +6843,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -6882,7 +6882,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request_review_comment.create", @@ -6919,7 +6919,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repository_vulnerability_alerts.disable", @@ -6962,7 +6962,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_repository", @@ -7008,7 +7008,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -7047,7 +7047,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -7086,7 +7086,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.create", @@ -7131,7 +7131,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "team.add_repository", @@ -7177,7 +7177,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -7216,7 +7216,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -7255,7 +7255,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -7294,7 +7294,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.update_pull_request_reviews_enforcement_level", @@ -7333,7 +7333,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.update_admin_enforced", @@ -7372,7 +7372,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -7411,7 +7411,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "repo.change_merge_setting", @@ -7450,7 +7450,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.create", @@ -7489,7 +7489,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "protected_branch.policy_override", @@ -7528,7 +7528,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pull_request.ready_for_review", @@ -7567,7 +7567,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "org.audit_log_git_event_export", @@ -7610,7 +7610,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "git.clone", diff --git a/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 2f8c1ad129f..fd7014990fc 100644 --- a/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: event - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - append: field: event.category value: diff --git a/packages/github/data_stream/audit/sample_event.json b/packages/github/data_stream/audit/sample_event.json index 04e6483361b..a4e44d625ed 100644 --- a/packages/github/data_stream/audit/sample_event.json +++ b/packages/github/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/github/docs/README.md b/packages/github/docs/README.md index 4e1f0bb9329..022a66e4bce 100644 --- a/packages/github/docs/README.md +++ b/packages/github/docs/README.md @@ -85,7 +85,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/github/manifest.yml b/packages/github/manifest.yml index c414deb6b1f..cf53cb5999d 100644 --- a/packages/github/manifest.yml +++ b/packages/github/manifest.yml @@ -1,6 +1,6 @@ name: github title: GitHub -version: 1.0.3 +version: "1.1.0" release: ga description: Collect events from GitHub with Elastic Agent. type: integration diff --git a/packages/google_workspace/_dev/build/build.yml b/packages/google_workspace/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/google_workspace/_dev/build/build.yml +++ b/packages/google_workspace/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index c882d34fd7b..d7a20c92269 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.5.1" changes: - description: update readme diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json index d49013e3306..4570259ed5f 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_APPLICATION_SETTING", @@ -101,7 +101,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_APPLICATION_SETTING", @@ -198,7 +198,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_APPLICATION_SETTING", @@ -295,7 +295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REORDER_GROUP_BASED_POLICIES_EVENT", @@ -380,7 +380,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GPLUS_PREMIUM_FEATURES", @@ -457,7 +457,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_MANAGED_CONFIGURATION", @@ -533,7 +533,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_MANAGED_CONFIGURATION", @@ -609,7 +609,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_MANAGED_CONFIGURATION", @@ -686,7 +686,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FLASHLIGHT_EDU_NON_FEATURED_SERVICES_SELECTED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json index 5351cfdd411..99c1d171e3c 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_BUILDING", @@ -79,7 +79,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_BUILDING", @@ -155,7 +155,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_BUILDING", @@ -236,7 +236,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_CALENDAR_RESOURCE", @@ -312,7 +312,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_CALENDAR_RESOURCE", @@ -388,7 +388,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_CALENDAR_RESOURCE_FEATURE", @@ -464,7 +464,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_CALENDAR_RESOURCE_FEATURE", @@ -540,7 +540,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_CALENDAR_RESOURCE_FEATURE", @@ -622,7 +622,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RENAME_CALENDAR_RESOURCE", @@ -699,7 +699,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_CALENDAR_RESOURCE", @@ -780,7 +780,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CALENDAR_SETTING", @@ -877,7 +877,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CANCEL_CALENDAR_EVENTS", @@ -958,7 +958,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RELEASE_CALENDAR_RESOURCES", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json index 4629a59f729..f2bf6adef3f 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MEET_INTEROP_CREATE_GATEWAY", @@ -78,7 +78,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MEET_INTEROP_DELETE_GATEWAY", @@ -153,7 +153,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MEET_INTEROP_MODIFY_GATEWAY", @@ -229,7 +229,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CHAT_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json index 80ce12f78be..efa46474e2f 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CHROME_OS_ANDROID_APPLICATION_SETTING", @@ -103,7 +103,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_DEVICE_STATE", @@ -181,7 +181,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CHROME_OS_APPLICATION_SETTING", @@ -281,7 +281,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SEND_CHROME_OS_DEVICE_COMMAND", @@ -357,7 +357,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_ANNOTATION", @@ -432,7 +432,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_SETTING", @@ -513,7 +513,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_STATE", @@ -593,7 +593,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CHROME_OS_PUBLIC_SESSION_SETTING", @@ -674,7 +674,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "INSERT_CHROME_OS_PRINT_SERVER", @@ -749,7 +749,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_CHROME_OS_PRINT_SERVER", @@ -824,7 +824,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_CHROME_OS_PRINT_SERVER", @@ -901,7 +901,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "INSERT_CHROME_OS_PRINTER", @@ -976,7 +976,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_CHROME_OS_PRINTER", @@ -1051,7 +1051,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_CHROME_OS_PRINTER", @@ -1128,7 +1128,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CHROME_OS_SETTING", @@ -1209,7 +1209,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CHROME_OS_USER_SETTING", @@ -1290,7 +1290,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ISSUE_DEVICE_COMMAND", @@ -1370,7 +1370,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MOVE_DEVICE_TO_ORG_UNIT_DETAILED", @@ -1448,7 +1448,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_CHROME_OS_APPLICATION_SETTINGS", @@ -1523,7 +1523,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_DEVICE", @@ -1599,7 +1599,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CONTACTS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json index eac830d0319..e7a4febddfb 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CONTACTS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json index a306d54e0f9..f3108051b98 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ASSIGN_ROLE", @@ -90,7 +90,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_ROLE", @@ -166,7 +166,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_ROLE", @@ -242,7 +242,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_PRIVILEGE", @@ -321,7 +321,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_PRIVILEGE", @@ -400,7 +400,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RENAME_ROLE", @@ -476,7 +476,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_ROLE", @@ -552,7 +552,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UNASSIGN_ROLE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json index d2e9755c845..6624f221905 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TRANSFER_DOCUMENT_OWNERSHIP", @@ -88,7 +88,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DRIVE_DATA_RESTORE", @@ -172,7 +172,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_DOCS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json index aca61281110..b5684047c49 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_ACCOUNT_AUTO_RENEWAL", @@ -79,7 +79,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_APPLICATION", @@ -156,7 +156,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_APPLICATION_TO_WHITELIST", @@ -232,7 +232,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_ADVERTISEMENT_OPTION", @@ -309,7 +309,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_ALERT", @@ -384,7 +384,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_ALERT_CRITERIA", @@ -459,7 +459,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_ALERT", @@ -534,7 +534,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ALERT_RECEIVERS_CHANGED", @@ -611,7 +611,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RENAME_ALERT", @@ -685,7 +685,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ALERT_STATUS_CHANGED", @@ -762,7 +762,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_DOMAIN_ALIAS", @@ -838,7 +838,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_DOMAIN_ALIAS", @@ -914,7 +914,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SKIP_DOMAIN_ALIAS_MX", @@ -990,7 +990,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "VERIFY_DOMAIN_ALIAS_MX", @@ -1066,7 +1066,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "VERIFY_DOMAIN_ALIAS", @@ -1143,7 +1143,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_OAUTH_ACCESS_TO_ALL_APIS", @@ -1220,7 +1220,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_ALLOW_ADMIN_PASSWORD_RESET", @@ -1297,7 +1297,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ENABLE_API_ACCESS", @@ -1375,7 +1375,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AUTHORIZE_API_CLIENT_ACCESS", @@ -1459,7 +1459,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_API_CLIENT_ACCESS", @@ -1539,7 +1539,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHROME_LICENSES_REDEEMED", @@ -1616,7 +1616,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_AUTO_ADD_NEW_SERVICE", @@ -1692,7 +1692,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_PRIMARY_DOMAIN", @@ -1768,7 +1768,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_WHITELIST_SETTING", @@ -1846,7 +1846,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "COMMUNICATION_PREFERENCES_SETTING_CHANGE", @@ -1927,7 +1927,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CONFLICT_ACCOUNT_ACTION", @@ -2004,7 +2004,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ENABLE_FEEDBACK_SOLICITATION", @@ -2082,7 +2082,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_CONTACT_SHARING", @@ -2159,7 +2159,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_PLAY_FOR_WORK_TOKEN", @@ -2234,7 +2234,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_USE_CUSTOM_LOGO", @@ -2311,7 +2311,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CUSTOM_LOGO", @@ -2386,7 +2386,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", @@ -2463,7 +2463,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_DATA_LOCALIZATION_SETTING", @@ -2541,7 +2541,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_DATA_PROTECTION_OFFICER_CONTACT_INFO", @@ -2616,7 +2616,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_PLAY_FOR_WORK_TOKEN", @@ -2691,7 +2691,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "VIEW_DNS_LOGIN_DETAILS", @@ -2766,7 +2766,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_DOMAIN_DEFAULT_LOCALE", @@ -2843,7 +2843,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_DOMAIN_DEFAULT_TIMEZONE", @@ -2920,7 +2920,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_DOMAIN_NAME", @@ -2996,7 +2996,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_ENABLE_PRE_RELEASE_FEATURES", @@ -3072,7 +3072,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_DOMAIN_SUPPORT_MESSAGE", @@ -3149,7 +3149,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_TRUSTED_DOMAINS", @@ -3224,7 +3224,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_TRUSTED_DOMAINS", @@ -3299,7 +3299,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_EDU_TYPE", @@ -3376,7 +3376,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_ENABLE_OAUTH_CONSUMER_KEY", @@ -3453,7 +3453,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_SSO_ENABLED", @@ -3530,7 +3530,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_SSL", @@ -3607,7 +3607,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_EU_REPRESENTATIVE_CONTACT_INFO", @@ -3682,7 +3682,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GENERATE_TRANSFER_TOKEN", @@ -3752,7 +3752,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_LOGIN_BACKGROUND_COLOR", @@ -3829,7 +3829,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_LOGIN_BORDER_COLOR", @@ -3906,7 +3906,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_LOGIN_ACTIVITY_TRACE", @@ -3983,7 +3983,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "PLAY_FOR_WORK_ENROLL", @@ -4059,7 +4059,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "PLAY_FOR_WORK_UNENROLL", @@ -4134,7 +4134,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MX_RECORD_VERIFICATION_CLAIM", @@ -4218,7 +4218,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_NEW_APP_FEATURES", @@ -4295,7 +4295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_USE_NEXT_GEN_CONTROL_PANEL", @@ -4372,7 +4372,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPLOAD_OAUTH_CERTIFICATE", @@ -4447,7 +4447,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REGENERATE_OAUTH_CONSUMER_SECRET", @@ -4522,7 +4522,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_OPEN_ID_ENABLED", @@ -4599,7 +4599,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_ORGANIZATION_NAME", @@ -4676,7 +4676,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_OUTBOUND_RELAY", @@ -4757,7 +4757,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_PASSWORD_MAX_LENGTH", @@ -4834,7 +4834,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_PASSWORD_MIN_LENGTH", @@ -4911,7 +4911,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_DOMAIN_PRIMARY_ADMIN_EMAIL", @@ -4988,7 +4988,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ENABLE_SERVICE_OR_FEATURE_NOTIFICATIONS", @@ -5066,7 +5066,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_APPLICATION", @@ -5142,7 +5142,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_APPLICATION_FROM_WHITELIST", @@ -5218,7 +5218,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_RENEW_DOMAIN_REGISTRATION", @@ -5295,7 +5295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_RESELLER_ACCESS", @@ -5369,7 +5369,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RULE_ACTIONS_CHANGED", @@ -5444,7 +5444,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_RULE", @@ -5519,7 +5519,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_RULE_CRITERIA", @@ -5594,7 +5594,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_RULE", @@ -5669,7 +5669,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RENAME_RULE", @@ -5743,7 +5743,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RULE_STATUS_CHANGED", @@ -5820,7 +5820,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_SECONDARY_DOMAIN", @@ -5896,7 +5896,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_SECONDARY_DOMAIN", @@ -5972,7 +5972,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SKIP_SECONDARY_DOMAIN_MX", @@ -6048,7 +6048,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "VERIFY_SECONDARY_DOMAIN_MX", @@ -6124,7 +6124,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "VERIFY_SECONDARY_DOMAIN", @@ -6200,7 +6200,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_DOMAIN_SECONDARY_EMAIL", @@ -6277,7 +6277,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_SSO_SETTINGS", @@ -6353,7 +6353,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GENERATE_PIN", @@ -6423,7 +6423,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_RULE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json index ad500452a0e..a496a7cef59 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DROP_FROM_QUARANTINE", @@ -81,7 +81,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EMAIL_LOG_SEARCH", @@ -168,7 +168,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EMAIL_UNDELETE", @@ -252,7 +252,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_EMAIL_SETTING", @@ -349,7 +349,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_GMAIL_SETTING", @@ -432,7 +432,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_GMAIL_SETTING", @@ -515,7 +515,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_GMAIL_SETTING", @@ -598,7 +598,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REJECT_FROM_QUARANTINE", @@ -676,7 +676,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RELEASE_FROM_QUARANTINE", @@ -754,7 +754,7 @@ { "@timestamp": "2022-03-07T04:48:46.816Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EMAIL_LOG_SEARCH", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json index 31b8408a45a..78c7b494ecf 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_GROUP", @@ -88,7 +88,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_GROUP", @@ -173,7 +173,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_GROUP_DESCRIPTION", @@ -259,7 +259,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GROUP_LIST_DOWNLOAD", @@ -330,7 +330,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_GROUP_MEMBER", @@ -423,7 +423,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_GROUP_MEMBER", @@ -516,7 +516,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_GROUP_MEMBER", @@ -611,7 +611,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS", @@ -706,7 +706,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS_CAN_EMAIL_OVERRIDE", @@ -801,7 +801,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GROUP_MEMBER_BULK_UPLOAD", @@ -878,7 +878,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GROUP_MEMBERS_DOWNLOAD", @@ -949,7 +949,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_GROUP_NAME", @@ -1036,7 +1036,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_GROUP_SETTING", @@ -1127,7 +1127,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "WHITELISTED_GROUPS_UPDATED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json index 6514b7e9c40..aecac22f4d4 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ORG_USERS_LICENSE_ASSIGNMENT", @@ -82,7 +82,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ORG_ALL_USERS_LICENSE_ASSIGNMENT", @@ -161,7 +161,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USER_LICENSE_ASSIGNMENT", @@ -246,7 +246,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_LICENSE_AUTO_ASSIGN", @@ -323,7 +323,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USER_LICENSE_REASSIGNMENT", @@ -409,7 +409,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ORG_LICENSE_REVOKE", @@ -488,7 +488,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USER_LICENSE_REVOKE", @@ -573,7 +573,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_DYNAMIC_LICENSE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json index 9eb68dc27a6..9fc54b104fe 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ACTION_CANCELLED", @@ -95,7 +95,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ACTION_REQUESTED", @@ -187,7 +187,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_MOBILE_CERTIFICATE", @@ -270,7 +270,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "COMPANY_DEVICES_BULK_CREATION", @@ -345,7 +345,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_BLOCKED", @@ -421,7 +421,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "COMPANY_DEVICE_DELETION", @@ -497,7 +497,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_UNBLOCKED", @@ -573,7 +573,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_WIPED", @@ -649,7 +649,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_PERMISSION_GRANT", @@ -738,7 +738,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_PRIORITY_ORDER", @@ -816,7 +816,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_MOBILE_APPLICATION_FROM_WHITELIST", @@ -900,7 +900,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_SETTINGS", @@ -990,7 +990,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_MOBILE_APPLICATION_TO_WHITELIST", @@ -1074,7 +1074,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MOBILE_DEVICE_APPROVE", @@ -1160,7 +1160,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MOBILE_DEVICE_BLOCK", @@ -1246,7 +1246,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MOBILE_DEVICE_DELETE", @@ -1332,7 +1332,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MOBILE_DEVICE_WIPE", @@ -1418,7 +1418,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_MOBILE_SETTING", @@ -1502,7 +1502,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_ADMIN_RESTRICTIONS_PIN", @@ -1580,7 +1580,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_MOBILE_WIRELESS_NETWORK", @@ -1661,7 +1661,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_MOBILE_WIRELESS_NETWORK", @@ -1742,7 +1742,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_MOBILE_WIRELESS_NETWORK", @@ -1823,7 +1823,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_MOBILE_WIRELESS_NETWORK_PASSWORD", @@ -1904,7 +1904,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_MOBILE_CERTIFICATE", @@ -1987,7 +1987,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ENROLL_FOR_GOOGLE_DEVICE_MANAGEMENT", @@ -2057,7 +2057,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT", @@ -2127,7 +2127,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_NON_IOS", @@ -2197,7 +2197,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_IOS", @@ -2267,7 +2267,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MOBILE_ACCOUNT_WIPE", @@ -2353,7 +2353,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_APPROVE", @@ -2439,7 +2439,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_BLOCK", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json index 5956e568d14..06543028f6b 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHROME_LICENSES_ENABLED", @@ -84,7 +84,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_CREATED", @@ -166,7 +166,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_DELETED", @@ -247,7 +247,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_UPDATED", @@ -330,7 +330,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_DEVICE_ENROLLMENT_TOKEN", @@ -405,7 +405,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ASSIGN_CUSTOM_LOGO", @@ -480,7 +480,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UNASSIGN_CUSTOM_LOGO", @@ -555,7 +555,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_ENROLLMENT_TOKEN", @@ -630,7 +630,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REVOKE_ENROLLMENT_TOKEN", @@ -705,7 +705,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHROME_LICENSES_ALLOWED", @@ -786,7 +786,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_ORG_UNIT", @@ -861,7 +861,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_ORG_UNIT", @@ -936,7 +936,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EDIT_ORG_UNIT_DESCRIPTION", @@ -1011,7 +1011,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MOVE_ORG_UNIT", @@ -1087,7 +1087,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EDIT_ORG_UNIT_NAME", @@ -1163,7 +1163,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REVOKE_DEVICE_ENROLLMENT_TOKEN", @@ -1238,7 +1238,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_SERVICE_ENABLED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json index 304cd8f260d..bdc3625d732 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ALLOW_STRONG_AUTHENTICATION", @@ -81,7 +81,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -162,7 +162,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DISALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -243,7 +243,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID", @@ -327,7 +327,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_TO_TRUSTED_OAUTH2_APPS", @@ -409,7 +409,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_FROM_TRUSTED_OAUTH2_APPS", @@ -491,7 +491,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "BLOCK_ON_DEVICE_ACCESS", @@ -571,7 +571,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", @@ -662,7 +662,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", @@ -753,7 +753,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION", @@ -844,7 +844,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_START_DATE", @@ -935,7 +935,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", @@ -1025,7 +1025,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_CAA_ENABLEMENT", @@ -1098,7 +1098,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CAA_ERROR_MESSAGE", @@ -1174,7 +1174,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_CAA_APP_ASSIGNMENTS", @@ -1262,7 +1262,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UNTRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -1337,7 +1337,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -1412,7 +1412,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY", @@ -1503,7 +1503,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ENFORCE_STRONG_AUTHENTICATION", @@ -1600,7 +1600,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS", @@ -1678,7 +1678,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", @@ -1769,7 +1769,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SESSION_CONTROL_SETTINGS_CHANGE", @@ -1850,7 +1850,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_SESSION_LENGTH", @@ -1925,7 +1925,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UNBLOCK_ON_DEVICE_ACCESS", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json index abe7ae9c569..0c31984b0a4 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_WEB_ADDRESS", @@ -89,7 +89,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_WEB_ADDRESS", @@ -175,7 +175,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_SITES_SETTING", @@ -259,7 +259,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_SITES_WEB_ADDRESS_MAPPING_UPDATES", @@ -341,7 +341,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "VIEW_SITE_DETAILS", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json index 44bdbb90f45..088ea2c216d 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_2SV_SCRATCH_CODES", @@ -85,7 +85,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GENERATE_2SV_SCRATCH_CODES", @@ -167,7 +167,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REVOKE_3LO_DEVICE_TOKENS", @@ -253,7 +253,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REVOKE_3LO_TOKEN", @@ -338,7 +338,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_RECOVERY_EMAIL", @@ -420,7 +420,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_RECOVERY_PHONE", @@ -502,7 +502,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GRANT_ADMIN_PRIVILEGE", @@ -584,7 +584,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REVOKE_ADMIN_PRIVILEGE", @@ -666,7 +666,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REVOKE_ASP", @@ -751,7 +751,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TOGGLE_AUTOMATIC_CONTACT_SHARING", @@ -834,7 +834,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "BULK_UPLOAD", @@ -913,7 +913,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "BULK_UPLOAD_NOTIFICATION_SENT", @@ -998,7 +998,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CANCEL_USER_INVITE", @@ -1083,7 +1083,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_CUSTOM_FIELD", @@ -1170,7 +1170,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_EXTERNAL_ID", @@ -1254,7 +1254,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_GENDER", @@ -1338,7 +1338,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_IM", @@ -1422,7 +1422,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ENABLE_USER_IP_WHITELIST", @@ -1506,7 +1506,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_KEYWORD", @@ -1590,7 +1590,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_LANGUAGE", @@ -1674,7 +1674,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_LOCATION", @@ -1758,7 +1758,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_ORGANIZATION", @@ -1842,7 +1842,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_PHONE_NUMBER", @@ -1926,7 +1926,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_RECOVERY_EMAIL", @@ -2008,7 +2008,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_RECOVERY_PHONE", @@ -2090,7 +2090,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_RELATION", @@ -2174,7 +2174,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_USER_ADDRESS", @@ -2258,7 +2258,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_EMAIL_MONITOR", @@ -2352,7 +2352,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_DATA_TRANSFER_REQUEST", @@ -2438,7 +2438,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GRANT_DELEGATED_ADMIN_PRIVILEGES", @@ -2521,7 +2521,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_ACCOUNT_INFO_DUMP", @@ -2606,7 +2606,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_EMAIL_MONITOR", @@ -2691,7 +2691,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_MAILBOX_DUMP", @@ -2776,7 +2776,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_FIRST_NAME", @@ -2860,7 +2860,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GMAIL_RESET_USER", @@ -2943,7 +2943,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_LAST_NAME", @@ -3027,7 +3027,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MAIL_ROUTING_DESTINATION_ADDED", @@ -3110,7 +3110,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MAIL_ROUTING_DESTINATION_REMOVED", @@ -3193,7 +3193,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ADD_NICKNAME", @@ -3276,7 +3276,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_NICKNAME", @@ -3359,7 +3359,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_PASSWORD", @@ -3441,7 +3441,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CHANGE_PASSWORD_ON_NEXT_LOGIN", @@ -3525,7 +3525,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DOWNLOAD_PENDING_INVITES_LIST", @@ -3595,7 +3595,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_RECOVERY_EMAIL", @@ -3677,7 +3677,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REMOVE_RECOVERY_PHONE", @@ -3759,7 +3759,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REQUEST_ACCOUNT_INFO", @@ -3841,7 +3841,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REQUEST_MAILBOX_DUMP", @@ -3931,7 +3931,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RESEND_USER_INVITE", @@ -4016,7 +4016,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RESET_SIGNIN_COOKIES", @@ -4098,7 +4098,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SECURITY_KEY_REGISTERED_FOR_USER", @@ -4180,7 +4180,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REVOKE_SECURITY_KEY", @@ -4262,7 +4262,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USER_INVITE", @@ -4347,7 +4347,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "VIEW_TEMP_PASSWORD", @@ -4432,7 +4432,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TURN_OFF_2_STEP_VERIFICATION", @@ -4514,7 +4514,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UNBLOCK_USER_SESSION", @@ -4596,7 +4596,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UNENROLL_USER_FROM_TITANIUM", @@ -4678,7 +4678,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ARCHIVE_USER", @@ -4760,7 +4760,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPDATE_BIRTHDATE", @@ -4843,7 +4843,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "CREATE_USER", @@ -4925,7 +4925,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DELETE_USER", @@ -5007,7 +5007,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DOWNGRADE_USER_FROM_GPLUS", @@ -5089,7 +5089,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USER_ENROLLED_IN_TWO_STEP_VERIFICATION", @@ -5171,7 +5171,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DOWNLOAD_USERLIST_CSV", @@ -5241,7 +5241,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "MOVE_USER_TO_ORG_UNIT", @@ -5327,7 +5327,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USER_PUT_IN_TWO_STEP_VERIFICATION_GRACE_PERIOD", @@ -5410,7 +5410,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RENAME_USER", @@ -5493,7 +5493,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UNENROLL_USER_FROM_STRONG_AUTH", @@ -5575,7 +5575,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SUSPEND_USER", @@ -5657,7 +5657,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UNARCHIVE_USER", @@ -5739,7 +5739,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UNDELETE_USER", @@ -5821,7 +5821,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UNSUSPEND_USER", @@ -5903,7 +5903,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UPGRADE_USER_TO_GPLUS", @@ -5985,7 +5985,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USERS_BULK_UPLOAD", @@ -6061,7 +6061,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USERS_BULK_UPLOAD_NOTIFICATION_SENT", diff --git a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index 3bacd3943ba..b14eee06793 100644 --- a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: iam diff --git a/packages/google_workspace/data_stream/admin/sample_event.json b/packages/google_workspace/data_stream/admin/sample_event.json index 64793950330..f0559d0b602 100644 --- a/packages/google_workspace/data_stream/admin/sample_event.json +++ b/packages/google_workspace/data_stream/admin/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json b/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json index 64313b435a7..8aabdc088c3 100644 --- a/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json +++ b/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add_to_folder", @@ -95,7 +95,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "approval_canceled", @@ -187,7 +187,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "approval_comment_added", @@ -279,7 +279,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "approval_requested", @@ -371,7 +371,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "approval_reviewer_responded", @@ -463,7 +463,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create", @@ -553,7 +553,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete", @@ -643,7 +643,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "download", @@ -733,7 +733,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "edit", @@ -823,7 +823,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add_lock", @@ -913,7 +913,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "move", @@ -1007,7 +1007,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "preview", @@ -1097,7 +1097,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "print", @@ -1187,7 +1187,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "remove_from_folder", @@ -1279,7 +1279,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rename", @@ -1371,7 +1371,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "untrash", @@ -1461,7 +1461,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sheets_import_range", @@ -1551,7 +1551,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "trash", @@ -1641,7 +1641,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "remove_lock", @@ -1731,7 +1731,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "upload", @@ -1821,7 +1821,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "view", @@ -1912,7 +1912,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_acl_editors", @@ -2008,7 +2008,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_document_access_scope", @@ -2105,7 +2105,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_document_visibility", @@ -2202,7 +2202,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "shared_drive_membership_change", @@ -2299,7 +2299,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "shared_drive_settings_change", @@ -2396,7 +2396,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sheets_import_range_access_change", @@ -2488,7 +2488,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_user_access", diff --git a/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml index 85f487e7a8d..9c204f787cd 100644 --- a/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: file diff --git a/packages/google_workspace/data_stream/drive/sample_event.json b/packages/google_workspace/data_stream/drive/sample_event.json index 3a1ed6c11ce..9d200cea3d7 100644 --- a/packages/google_workspace/data_stream/drive/sample_event.json +++ b/packages/google_workspace/data_stream/drive/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json b/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json index 23ddd3e6174..5cc3e6d5245 100644 --- a/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json +++ b/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_acl_permission", @@ -95,7 +95,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept_invitation", @@ -180,7 +180,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "approve_join_request", @@ -272,7 +272,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "join", @@ -357,7 +357,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "request_to_join", @@ -442,7 +442,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_basic_setting", @@ -530,7 +530,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "create_group", @@ -614,7 +614,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete_group", @@ -698,7 +698,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_identity_setting", @@ -786,7 +786,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add_info_setting", @@ -873,7 +873,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_info_setting", @@ -961,7 +961,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "remove_info_setting", @@ -1048,7 +1048,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_new_members_restrictions_setting", @@ -1136,7 +1136,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_post_replies_setting", @@ -1224,7 +1224,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_spam_moderation_setting", @@ -1312,7 +1312,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "change_topic_setting", @@ -1400,7 +1400,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "moderate_message", @@ -1489,7 +1489,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "always_post_from_user", @@ -1581,7 +1581,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "add_user", @@ -1674,7 +1674,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ban_user_with_moderation", @@ -1767,7 +1767,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "revoke_invitation", @@ -1859,7 +1859,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "invite_user", @@ -1951,7 +1951,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "reject_join_request", @@ -2043,7 +2043,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "reinvite_user", @@ -2135,7 +2135,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "remove_user", diff --git a/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml index da25fdedc4b..8f15597de04 100644 --- a/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: iam diff --git a/packages/google_workspace/data_stream/groups/sample_event.json b/packages/google_workspace/data_stream/groups/sample_event.json index 315609614de..ca9c8963796 100644 --- a/packages/google_workspace/data_stream/groups/sample_event.json +++ b/packages/google_workspace/data_stream/groups/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json b/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json index f5588263d43..1f97efd0267 100644 --- a/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json +++ b/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "account_disabled_password_leak", @@ -82,7 +82,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "suspicious_login", @@ -162,7 +162,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "suspicious_login_less_secure_app", @@ -242,7 +242,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "suspicious_programmatic_login", @@ -322,7 +322,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "account_disabled_generic", @@ -401,7 +401,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "account_disabled_spamming_through_relay", @@ -480,7 +480,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "account_disabled_spamming", @@ -559,7 +559,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "account_disabled_hijacked", @@ -640,7 +640,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "gov_attack_warning", @@ -710,7 +710,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login_failure", @@ -787,7 +787,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login_challenge", @@ -863,7 +863,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login_verification", @@ -939,7 +939,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logout", @@ -1013,7 +1013,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login_success", diff --git a/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml index a4c02663853..99b325000bd 100644 --- a/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: authentication diff --git a/packages/google_workspace/data_stream/login/sample_event.json b/packages/google_workspace/data_stream/login/sample_event.json index 18ad1d78590..b391f392c61 100644 --- a/packages/google_workspace/data_stream/login/sample_event.json +++ b/packages/google_workspace/data_stream/login/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json b/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json index 3c6f6ac7181..2391ab0613c 100644 --- a/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json +++ b/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login_failure", @@ -83,7 +83,7 @@ { "@timestamp": "2020-10-02T15:00:01.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login_success", diff --git a/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml index 4124d08c13b..c4a0e2de106 100644 --- a/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.type value: start diff --git a/packages/google_workspace/data_stream/saml/sample_event.json b/packages/google_workspace/data_stream/saml/sample_event.json index 239de702188..df238f80a36 100644 --- a/packages/google_workspace/data_stream/saml/sample_event.json +++ b/packages/google_workspace/data_stream/saml/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json b/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json index 35610a8ad4a..9a63d625500 100644 --- a/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json +++ b/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "2sv_disable", @@ -74,7 +74,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "2sv_enroll", @@ -145,7 +145,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "password_edit", @@ -216,7 +216,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "recovery_email_edit", @@ -287,7 +287,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "recovery_phone_edit", @@ -358,7 +358,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "recovery_secret_qa_edit", @@ -429,7 +429,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "titanium_enroll", @@ -500,7 +500,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "titanium_unenroll", diff --git a/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml index 22909027674..8566fe2b765 100644 --- a/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.type value: change diff --git a/packages/google_workspace/data_stream/user_accounts/sample_event.json b/packages/google_workspace/data_stream/user_accounts/sample_event.json index ad8b8fb11e8..42bec86b931 100644 --- a/packages/google_workspace/data_stream/user_accounts/sample_event.json +++ b/packages/google_workspace/data_stream/user_accounts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/docs/README.md b/packages/google_workspace/docs/README.md index da6e9afe133..e31232d1b29 100644 --- a/packages/google_workspace/docs/README.md +++ b/packages/google_workspace/docs/README.md @@ -69,7 +69,7 @@ An example event for `saml` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -286,7 +286,7 @@ An example event for `user_accounts` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -488,7 +488,7 @@ An example event for `login` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -706,7 +706,7 @@ An example event for `admin` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -1034,7 +1034,7 @@ An example event for `drive` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -1287,7 +1287,7 @@ An example event for `groups` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/manifest.yml b/packages/google_workspace/manifest.yml index 5fb6f620f84..b6857baa4b1 100644 --- a/packages/google_workspace/manifest.yml +++ b/packages/google_workspace/manifest.yml @@ -1,6 +1,6 @@ name: google_workspace title: Google Workspace Audit Reports -version: 1.5.1 +version: "1.6.0" release: ga description: Collect audit reports from Google Workspaces with Elastic Agent. type: integration diff --git a/packages/hashicorp_vault/_dev/build/build.yml b/packages/hashicorp_vault/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/hashicorp_vault/_dev/build/build.yml +++ b/packages/hashicorp_vault/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/hashicorp_vault/changelog.yml b/packages/hashicorp_vault/changelog.yml index 15522bc940c..f51c72dcef3 100644 --- a/packages/hashicorp_vault/changelog.yml +++ b/packages/hashicorp_vault/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.4.0" changes: - description: Update to ECS 8.2 diff --git a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index f65228ad33a..eb741a10060 100644 --- a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,50 +3,63 @@ { "@timestamp": "2020-12-01T20:29:04.356Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "update", + "category": [ + "authentication" + ], + "id": "cd09708b-11cc-2985-648b-cfe262cf7e50", + "kind": "event", + "original": "{\"time\":\"2020-12-01T20:29:04.356625452Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327\",\"accessor\":\"hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931\",\"display_name\":\"oidc-12349999999999999999\",\"policies\":[\"default\",\"group-admin\"],\"token_policies\":[\"default\",\"group-admin\"],\"metadata\":{\"account_id\":\"12349999999999999999\",\"email\":\"example@gmail.com\",\"role\":\"gmail\"},\"entity_id\":\"e4f5c67a-6f7e-789d-ae56-a1fe3ae23046\",\"token_type\":\"service\",\"token_ttl\":3600,\"token_issue_time\":\"2020-12-01T20:28:40Z\"},\"request\":{\"id\":\"cd09708b-11cc-2985-648b-cfe262cf7e50\",\"operation\":\"update\",\"mount_type\":\"system\",\"client_token\":\"hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327\",\"client_token_accessor\":\"hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931\",\"namespace\":{\"id\":\"root\"},\"path\":\"sys/capabilities-self\",\"data\":{\"paths\":[\"hmac-sha256:fd04b28916cb60f622b1ebce308b339b468f5da93fa735f985f4435049627a27\"]},\"remote_address\":\"67.43.156.13\"}}", + "outcome": "success", + "type": [ + "change" + ] }, "hashicorp_vault": { "audit": { - "type": "request", - "request": { - "client_token": "hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327", - "path": "sys/capabilities-self", - "data": { - "paths": [ - "hmac-sha256:fd04b28916cb60f622b1ebce308b339b468f5da93fa735f985f4435049627a27" - ] - }, - "namespace": { - "id": "root" - }, - "id": "cd09708b-11cc-2985-648b-cfe262cf7e50", - "mount_type": "system", - "remote_address": "67.43.156.13", - "client_token_accessor": "hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931", - "operation": "update" - }, "auth": { - "token_policies": [ - "default", - "group-admin" - ], + "accessor": "hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931", "client_token": "hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327", + "display_name": "oidc-12349999999999999999", + "entity_id": "e4f5c67a-6f7e-789d-ae56-a1fe3ae23046", "metadata": { - "email": "example@gmail.com", "account_id": "12349999999999999999", + "email": "example@gmail.com", "role": "gmail" }, - "token_ttl": 3600, - "token_issue_time": "2020-12-01T20:28:40Z", - "accessor": "hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931", "policies": [ "default", "group-admin" ], - "display_name": "oidc-12349999999999999999", - "entity_id": "e4f5c67a-6f7e-789d-ae56-a1fe3ae23046", + "token_issue_time": "2020-12-01T20:28:40Z", + "token_policies": [ + "default", + "group-admin" + ], + "token_ttl": 3600, "token_type": "service" - } + }, + "request": { + "client_token": "hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327", + "client_token_accessor": "hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931", + "data": { + "paths": [ + "hmac-sha256:fd04b28916cb60f622b1ebce308b339b468f5da93fa735f985f4435049627a27" + ] + }, + "id": "cd09708b-11cc-2985-648b-cfe262cf7e50", + "mount_type": "system", + "namespace": { + "id": "root" + }, + "operation": "update", + "path": "sys/capabilities-self", + "remote_address": "67.43.156.13" + }, + "type": "request" } }, "related": { @@ -55,98 +68,97 @@ ] }, "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, "ip": "67.43.156.13" }, - "event": { - "original": "{\"time\":\"2020-12-01T20:29:04.356625452Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327\",\"accessor\":\"hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931\",\"display_name\":\"oidc-12349999999999999999\",\"policies\":[\"default\",\"group-admin\"],\"token_policies\":[\"default\",\"group-admin\"],\"metadata\":{\"account_id\":\"12349999999999999999\",\"email\":\"example@gmail.com\",\"role\":\"gmail\"},\"entity_id\":\"e4f5c67a-6f7e-789d-ae56-a1fe3ae23046\",\"token_type\":\"service\",\"token_ttl\":3600,\"token_issue_time\":\"2020-12-01T20:28:40Z\"},\"request\":{\"id\":\"cd09708b-11cc-2985-648b-cfe262cf7e50\",\"operation\":\"update\",\"mount_type\":\"system\",\"client_token\":\"hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327\",\"client_token_accessor\":\"hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931\",\"namespace\":{\"id\":\"root\"},\"path\":\"sys/capabilities-self\",\"data\":{\"paths\":[\"hmac-sha256:fd04b28916cb60f622b1ebce308b339b468f5da93fa735f985f4435049627a27\"]},\"remote_address\":\"67.43.156.13\"}}", - "kind": "event", - "action": "update", - "id": "cd09708b-11cc-2985-648b-cfe262cf7e50", - "category": [ - "authentication" - ], - "type": [ - "change" - ], - "outcome": "success" - }, + "tags": [ + "preserve_original_event" + ], "user": { "email": "example@gmail.com", "id": "12349999999999999999" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2020-12-01T20:29:04.360Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "update", + "category": [ + "authentication" + ], + "id": "cd09708b-11cc-2985-648b-cfe262cf7e50", + "kind": "event", + "original": "{\"time\":\"2020-12-01T20:29:04.36089379Z\",\"type\":\"response\",\"auth\":{\"client_token\":\"hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327\",\"accessor\":\"hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931\",\"display_name\":\"oidc-12349999999999999999\",\"policies\":[\"default\",\"group-admin\"],\"token_policies\":[\"default\",\"group-admin\"],\"metadata\":{\"account_id\":\"12349999999999999999\",\"email\":\"example@gmail.com\",\"role\":\"gmail\"},\"entity_id\":\"e4f5c67a-6f7e-789d-ae56-a1fe3ae23046\",\"token_type\":\"service\",\"token_ttl\":3600,\"token_issue_time\":\"2020-12-01T20:28:40Z\"},\"request\":{\"id\":\"cd09708b-11cc-2985-648b-cfe262cf7e50\",\"operation\":\"update\",\"mount_type\":\"system\",\"client_token\":\"hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327\",\"client_token_accessor\":\"hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931\",\"namespace\":{\"id\":\"root\"},\"path\":\"sys/capabilities-self\",\"data\":{\"paths\":[\"hmac-sha256:fd04b28916cb60f622b1ebce308b339b468f5da93fa735f985f4435049627a27\"]},\"remote_address\":\"67.43.156.13\"},\"response\":{\"mount_type\":\"system\",\"data\":{\"capabilities\":[\"hmac-sha256:b77b79078c7bad1402a1ec74613454fd85efa203f1aa557fd2a9718cfd4ef367\",\"hmac-sha256:8d0bb80a69f442489908170e1831503c65b2f9d45a3250eac21fc16840416e5a\",\"hmac-sha256:c5086738f6225235066f69681e94111d94a45a268e9f0c64c6105073e32e8176\",\"hmac-sha256:3d439b7d92cbd8123fda8462716af05ae15710c8e2905eaba8d5452fccbad2f2\",\"hmac-sha256:5622a2d8fedf53e4671d6f371c59e40f3379030815fd4bb4126fdedce5fc87bb\"],\"secret/metadata/apps/github-runner/ca-cert\":[\"hmac-sha256:b77b79078c7bad1402a1ec74613454fd85efa203f1aa557fd2a9718cfd4ef367\",\"hmac-sha256:8d0bb80a69f442489908170e1831503c65b2f9d45a3250eac21fc16840416e5a\",\"hmac-sha256:c5086738f6225235066f69681e94111d94a45a268e9f0c64c6105073e32e8176\",\"hmac-sha256:3d439b7d92cbd8123fda8462716af05ae15710c8e2905eaba8d5452fccbad2f2\",\"hmac-sha256:5622a2d8fedf53e4671d6f371c59e40f3379030815fd4bb4126fdedce5fc87bb\"]}}}", + "outcome": "success", + "type": [ + "change" + ] }, "hashicorp_vault": { "audit": { - "request": { - "client_token": "hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327", - "path": "sys/capabilities-self", - "data": { - "paths": [ - "hmac-sha256:fd04b28916cb60f622b1ebce308b339b468f5da93fa735f985f4435049627a27" - ] - }, - "namespace": { - "id": "root" - }, - "id": "cd09708b-11cc-2985-648b-cfe262cf7e50", - "mount_type": "system", - "remote_address": "67.43.156.13", - "client_token_accessor": "hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931", - "operation": "update" - }, - "type": "response", "auth": { - "token_policies": [ - "default", - "group-admin" - ], + "accessor": "hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931", "client_token": "hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327", + "display_name": "oidc-12349999999999999999", + "entity_id": "e4f5c67a-6f7e-789d-ae56-a1fe3ae23046", "metadata": { - "email": "example@gmail.com", "account_id": "12349999999999999999", + "email": "example@gmail.com", "role": "gmail" }, - "token_ttl": 3600, - "token_issue_time": "2020-12-01T20:28:40Z", - "accessor": "hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931", "policies": [ "default", "group-admin" ], - "display_name": "oidc-12349999999999999999", - "entity_id": "e4f5c67a-6f7e-789d-ae56-a1fe3ae23046", + "token_issue_time": "2020-12-01T20:28:40Z", + "token_policies": [ + "default", + "group-admin" + ], + "token_ttl": 3600, "token_type": "service" }, + "request": { + "client_token": "hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327", + "client_token_accessor": "hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931", + "data": { + "paths": [ + "hmac-sha256:fd04b28916cb60f622b1ebce308b339b468f5da93fa735f985f4435049627a27" + ] + }, + "id": "cd09708b-11cc-2985-648b-cfe262cf7e50", + "mount_type": "system", + "namespace": { + "id": "root" + }, + "operation": "update", + "path": "sys/capabilities-self", + "remote_address": "67.43.156.13" + }, "response": { "data": { - "secret/metadata/apps/github-runner/ca-cert": [ + "capabilities": [ "hmac-sha256:b77b79078c7bad1402a1ec74613454fd85efa203f1aa557fd2a9718cfd4ef367", "hmac-sha256:8d0bb80a69f442489908170e1831503c65b2f9d45a3250eac21fc16840416e5a", "hmac-sha256:c5086738f6225235066f69681e94111d94a45a268e9f0c64c6105073e32e8176", "hmac-sha256:3d439b7d92cbd8123fda8462716af05ae15710c8e2905eaba8d5452fccbad2f2", "hmac-sha256:5622a2d8fedf53e4671d6f371c59e40f3379030815fd4bb4126fdedce5fc87bb" ], - "capabilities": [ + "secret/metadata/apps/github-runner/ca-cert": [ "hmac-sha256:b77b79078c7bad1402a1ec74613454fd85efa203f1aa557fd2a9718cfd4ef367", "hmac-sha256:8d0bb80a69f442489908170e1831503c65b2f9d45a3250eac21fc16840416e5a", "hmac-sha256:c5086738f6225235066f69681e94111d94a45a268e9f0c64c6105073e32e8176", @@ -155,7 +167,8 @@ ] }, "mount_type": "system" - } + }, + "type": "response" } }, "related": { @@ -164,71 +177,74 @@ ] }, "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, "ip": "67.43.156.13" }, - "event": { - "original": "{\"time\":\"2020-12-01T20:29:04.36089379Z\",\"type\":\"response\",\"auth\":{\"client_token\":\"hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327\",\"accessor\":\"hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931\",\"display_name\":\"oidc-12349999999999999999\",\"policies\":[\"default\",\"group-admin\"],\"token_policies\":[\"default\",\"group-admin\"],\"metadata\":{\"account_id\":\"12349999999999999999\",\"email\":\"example@gmail.com\",\"role\":\"gmail\"},\"entity_id\":\"e4f5c67a-6f7e-789d-ae56-a1fe3ae23046\",\"token_type\":\"service\",\"token_ttl\":3600,\"token_issue_time\":\"2020-12-01T20:28:40Z\"},\"request\":{\"id\":\"cd09708b-11cc-2985-648b-cfe262cf7e50\",\"operation\":\"update\",\"mount_type\":\"system\",\"client_token\":\"hmac-sha256:9cc3baa3c2bd7a4b233ca1fdcf69df91c8f2a9f14ddda54a4039190f581dd327\",\"client_token_accessor\":\"hmac-sha256:eb605bd7f8a5ceb951b9ab42cae6d6c3f12f203cb2c2a78e33e899f77dceb931\",\"namespace\":{\"id\":\"root\"},\"path\":\"sys/capabilities-self\",\"data\":{\"paths\":[\"hmac-sha256:fd04b28916cb60f622b1ebce308b339b468f5da93fa735f985f4435049627a27\"]},\"remote_address\":\"67.43.156.13\"},\"response\":{\"mount_type\":\"system\",\"data\":{\"capabilities\":[\"hmac-sha256:b77b79078c7bad1402a1ec74613454fd85efa203f1aa557fd2a9718cfd4ef367\",\"hmac-sha256:8d0bb80a69f442489908170e1831503c65b2f9d45a3250eac21fc16840416e5a\",\"hmac-sha256:c5086738f6225235066f69681e94111d94a45a268e9f0c64c6105073e32e8176\",\"hmac-sha256:3d439b7d92cbd8123fda8462716af05ae15710c8e2905eaba8d5452fccbad2f2\",\"hmac-sha256:5622a2d8fedf53e4671d6f371c59e40f3379030815fd4bb4126fdedce5fc87bb\"],\"secret/metadata/apps/github-runner/ca-cert\":[\"hmac-sha256:b77b79078c7bad1402a1ec74613454fd85efa203f1aa557fd2a9718cfd4ef367\",\"hmac-sha256:8d0bb80a69f442489908170e1831503c65b2f9d45a3250eac21fc16840416e5a\",\"hmac-sha256:c5086738f6225235066f69681e94111d94a45a268e9f0c64c6105073e32e8176\",\"hmac-sha256:3d439b7d92cbd8123fda8462716af05ae15710c8e2905eaba8d5452fccbad2f2\",\"hmac-sha256:5622a2d8fedf53e4671d6f371c59e40f3379030815fd4bb4126fdedce5fc87bb\"]}}}", - "kind": "event", - "action": "update", - "id": "cd09708b-11cc-2985-648b-cfe262cf7e50", - "category": [ - "authentication" - ], - "type": [ - "change" - ], - "outcome": "success" - }, + "tags": [ + "preserve_original_event" + ], "user": { "email": "example@gmail.com", "id": "12349999999999999999" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-07-19T17:19:00.673Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "update", + "category": [ + "authentication" + ], + "id": "24ac580b-805a-d9ee-4d0d-7046932f4e05", + "kind": "event", + "original": "{\"time\":\"2021-07-19T17:19:00.673898225Z\",\"type\":\"request\",\"auth\":{\"token_type\":\"default\"},\"request\":{\"id\":\"24ac580b-805a-d9ee-4d0d-7046932f4e05\",\"operation\":\"update\",\"mount_type\":\"pki\",\"client_token\":\"hmac-sha256:db417023d954a03aea8f56a3daf35460aa51920337420c7c22bcbb6b10852f23\",\"namespace\":{\"id\":\"root\"},\"path\":\"internal-ca/issue/internal-server\",\"data\":{\"alt_names\":\"hmac-sha256:9760c514cdbf3ec61fa8d375643f29a78640528ddbbef6a49053ef9de6251eee\",\"common_name\":\"hmac-sha256:bc800a949f7b2fe6401884da3a085de232365d7b508d741198fa2d88815f6d7c\",\"ip_sans\":\"hmac-sha256:b6d902ee3c49cae1cfa8c9172f649716f802a4186c686b813bd344077fe0b5b2\"},\"remote_address\":\"10.6.8.34\"},\"error\":\"permission denied\"}", + "outcome": "failure", + "type": [ + "change", + "error", + "denied" + ] }, "hashicorp_vault": { "audit": { + "auth": { + "token_type": "default" + }, + "error": "permission denied", "request": { "client_token": "hmac-sha256:db417023d954a03aea8f56a3daf35460aa51920337420c7c22bcbb6b10852f23", - "path": "internal-ca/issue/internal-server", "data": { + "alt_names": "hmac-sha256:9760c514cdbf3ec61fa8d375643f29a78640528ddbbef6a49053ef9de6251eee", "common_name": "hmac-sha256:bc800a949f7b2fe6401884da3a085de232365d7b508d741198fa2d88815f6d7c", - "ip_sans": "hmac-sha256:b6d902ee3c49cae1cfa8c9172f649716f802a4186c686b813bd344077fe0b5b2", - "alt_names": "hmac-sha256:9760c514cdbf3ec61fa8d375643f29a78640528ddbbef6a49053ef9de6251eee" + "ip_sans": "hmac-sha256:b6d902ee3c49cae1cfa8c9172f649716f802a4186c686b813bd344077fe0b5b2" }, + "id": "24ac580b-805a-d9ee-4d0d-7046932f4e05", + "mount_type": "pki", "namespace": { "id": "root" }, - "id": "24ac580b-805a-d9ee-4d0d-7046932f4e05", - "mount_type": "pki", - "remote_address": "10.6.8.34", - "operation": "update" + "operation": "update", + "path": "internal-ca/issue/internal-server", + "remote_address": "10.6.8.34" }, - "type": "request", - "error": "permission denied", - "auth": { - "token_type": "default" - } + "type": "request" } }, + "message": "permission denied", "related": { "ip": [ "10.6.8.34" @@ -237,62 +253,62 @@ "source": { "ip": "10.6.8.34" }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-07-19T17:19:00.674Z", + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"time\":\"2021-07-19T17:19:00.673898225Z\",\"type\":\"request\",\"auth\":{\"token_type\":\"default\"},\"request\":{\"id\":\"24ac580b-805a-d9ee-4d0d-7046932f4e05\",\"operation\":\"update\",\"mount_type\":\"pki\",\"client_token\":\"hmac-sha256:db417023d954a03aea8f56a3daf35460aa51920337420c7c22bcbb6b10852f23\",\"namespace\":{\"id\":\"root\"},\"path\":\"internal-ca/issue/internal-server\",\"data\":{\"alt_names\":\"hmac-sha256:9760c514cdbf3ec61fa8d375643f29a78640528ddbbef6a49053ef9de6251eee\",\"common_name\":\"hmac-sha256:bc800a949f7b2fe6401884da3a085de232365d7b508d741198fa2d88815f6d7c\",\"ip_sans\":\"hmac-sha256:b6d902ee3c49cae1cfa8c9172f649716f802a4186c686b813bd344077fe0b5b2\"},\"remote_address\":\"10.6.8.34\"},\"error\":\"permission denied\"}", - "kind": "event", "action": "update", - "id": "24ac580b-805a-d9ee-4d0d-7046932f4e05", "category": [ "authentication" ], + "id": "24ac580b-805a-d9ee-4d0d-7046932f4e05", + "kind": "event", + "original": "{\"time\":\"2021-07-19T17:19:00.674663552Z\",\"type\":\"response\",\"auth\":{\"token_type\":\"default\"},\"request\":{\"id\":\"24ac580b-805a-d9ee-4d0d-7046932f4e05\",\"operation\":\"update\",\"mount_type\":\"pki\",\"client_token\":\"hmac-sha256:db417023d954a03aea8f56a3daf35460aa51920337420c7c22bcbb6b10852f23\",\"namespace\":{\"id\":\"root\"},\"path\":\"internal-ca/issue/internal-server\",\"data\":{\"alt_names\":\"hmac-sha256:9760c514cdbf3ec61fa8d375643f29a78640528ddbbef6a49053ef9de6251eee\",\"common_name\":\"hmac-sha256:bc800a949f7b2fe6401884da3a085de232365d7b508d741198fa2d88815f6d7c\",\"ip_sans\":\"hmac-sha256:b6d902ee3c49cae1cfa8c9172f649716f802a4186c686b813bd344077fe0b5b2\"},\"remote_address\":\"10.6.8.34\"},\"response\":{\"mount_type\":\"pki\",\"data\":{\"error\":\"hmac-sha256:409ef1533baffc8e15cd4424780c9aba5d10f168b8d641f111da43e7955451fa\"}},\"error\":\"1 error occurred:\\n\\t* permission denied\\n\\n\"}", + "outcome": "failure", "type": [ "change", "error", "denied" - ], - "outcome": "failure" - }, - "message": "permission denied", - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-07-19T17:19:00.674Z", - "ecs": { - "version": "8.2.0" + ] }, "hashicorp_vault": { "audit": { + "auth": { + "token_type": "default" + }, + "error": "1 error occurred:\n\t* permission denied\n\n", "request": { "client_token": "hmac-sha256:db417023d954a03aea8f56a3daf35460aa51920337420c7c22bcbb6b10852f23", - "path": "internal-ca/issue/internal-server", "data": { + "alt_names": "hmac-sha256:9760c514cdbf3ec61fa8d375643f29a78640528ddbbef6a49053ef9de6251eee", "common_name": "hmac-sha256:bc800a949f7b2fe6401884da3a085de232365d7b508d741198fa2d88815f6d7c", - "ip_sans": "hmac-sha256:b6d902ee3c49cae1cfa8c9172f649716f802a4186c686b813bd344077fe0b5b2", - "alt_names": "hmac-sha256:9760c514cdbf3ec61fa8d375643f29a78640528ddbbef6a49053ef9de6251eee" + "ip_sans": "hmac-sha256:b6d902ee3c49cae1cfa8c9172f649716f802a4186c686b813bd344077fe0b5b2" }, + "id": "24ac580b-805a-d9ee-4d0d-7046932f4e05", + "mount_type": "pki", "namespace": { "id": "root" }, - "id": "24ac580b-805a-d9ee-4d0d-7046932f4e05", - "mount_type": "pki", - "remote_address": "10.6.8.34", - "operation": "update" - }, - "type": "response", - "error": "1 error occurred:\n\t* permission denied\n\n", - "auth": { - "token_type": "default" + "operation": "update", + "path": "internal-ca/issue/internal-server", + "remote_address": "10.6.8.34" }, "response": { "data": { "error": "hmac-sha256:409ef1533baffc8e15cd4424780c9aba5d10f168b8d641f111da43e7955451fa" }, "mount_type": "pki" - } + }, + "type": "response" } }, + "message": "1 error occurred:\n\t* permission denied\n\n", "related": { "ip": [ "10.6.8.34" @@ -301,22 +317,6 @@ "source": { "ip": "10.6.8.34" }, - "event": { - "original": "{\"time\":\"2021-07-19T17:19:00.674663552Z\",\"type\":\"response\",\"auth\":{\"token_type\":\"default\"},\"request\":{\"id\":\"24ac580b-805a-d9ee-4d0d-7046932f4e05\",\"operation\":\"update\",\"mount_type\":\"pki\",\"client_token\":\"hmac-sha256:db417023d954a03aea8f56a3daf35460aa51920337420c7c22bcbb6b10852f23\",\"namespace\":{\"id\":\"root\"},\"path\":\"internal-ca/issue/internal-server\",\"data\":{\"alt_names\":\"hmac-sha256:9760c514cdbf3ec61fa8d375643f29a78640528ddbbef6a49053ef9de6251eee\",\"common_name\":\"hmac-sha256:bc800a949f7b2fe6401884da3a085de232365d7b508d741198fa2d88815f6d7c\",\"ip_sans\":\"hmac-sha256:b6d902ee3c49cae1cfa8c9172f649716f802a4186c686b813bd344077fe0b5b2\"},\"remote_address\":\"10.6.8.34\"},\"response\":{\"mount_type\":\"pki\",\"data\":{\"error\":\"hmac-sha256:409ef1533baffc8e15cd4424780c9aba5d10f168b8d641f111da43e7955451fa\"}},\"error\":\"1 error occurred:\\n\\t* permission denied\\n\\n\"}", - "kind": "event", - "action": "update", - "id": "24ac580b-805a-d9ee-4d0d-7046932f4e05", - "category": [ - "authentication" - ], - "type": [ - "change", - "error", - "denied" - ], - "outcome": "failure" - }, - "message": "1 error occurred:\n\t* permission denied\n\n", "tags": [ "preserve_original_event" ] @@ -324,82 +324,82 @@ { "@timestamp": "2021-06-29T17:26:11.402Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "read", + "category": [ + "authentication" + ], + "id": "0042ad1b-1400-7eb7-5e25-1dfc898c1998", + "kind": "event", + "original": "{\"time\":\"2021-06-29T17:26:11.402530449Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef\",\"accessor\":\"hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e\",\"display_name\":\"token-375f9cb3-4355-42c7-eab5-029f8a310ca7-runner\",\"policies\":[\"app-continuous-delivery\",\"app-github-runner\",\"default\"],\"token_policies\":[\"app-continuous-delivery\",\"app-github-runner\",\"default\"],\"metadata\":{\"AllocationID\":\"375f9cb3-4355-42c7-eab5-029f8a310ca7\",\"Namespace\":\"\",\"NodeID\":\"b70676cb-731b-976b-edc4-a5b1bb963fe4\",\"Task\":\"runner\"},\"token_type\":\"service\",\"token_ttl\":259200,\"token_issue_time\":\"2021-04-29T21:53:46Z\"},\"request\":{\"id\":\"0042ad1b-1400-7eb7-5e25-1dfc898c1998\",\"operation\":\"read\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef\",\"client_token_accessor\":\"hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e\",\"namespace\":{\"id\":\"root\"},\"path\":\"secret/data/apps/continuous-delivery/aws-bucket-sse-c\",\"remote_address\":\"10.6.8.36\"}}", + "outcome": "success", + "type": [ + "access" + ] }, "hashicorp_vault": { "audit": { - "type": "request", - "request": { + "auth": { + "accessor": "hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e", "client_token": "hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef", - "path": "secret/data/apps/continuous-delivery/aws-bucket-sse-c", - "namespace": { - "id": "root" + "display_name": "token-375f9cb3-4355-42c7-eab5-029f8a310ca7-runner", + "metadata": { + "AllocationID": "375f9cb3-4355-42c7-eab5-029f8a310ca7", + "Namespace": "", + "NodeID": "b70676cb-731b-976b-edc4-a5b1bb963fe4", + "Task": "runner" }, - "id": "0042ad1b-1400-7eb7-5e25-1dfc898c1998", - "mount_type": "kv", - "remote_address": "10.6.8.36", - "client_token_accessor": "hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e", - "operation": "read" - }, - "auth": { - "token_policies": [ + "policies": [ "app-continuous-delivery", "app-github-runner", "default" ], - "client_token": "hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef", - "metadata": { - "NodeID": "b70676cb-731b-976b-edc4-a5b1bb963fe4", - "Task": "runner", - "Namespace": "", - "AllocationID": "375f9cb3-4355-42c7-eab5-029f8a310ca7" - }, - "token_ttl": 259200, "token_issue_time": "2021-04-29T21:53:46Z", - "accessor": "hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e", - "policies": [ + "token_policies": [ "app-continuous-delivery", "app-github-runner", "default" ], - "display_name": "token-375f9cb3-4355-42c7-eab5-029f8a310ca7-runner", + "token_ttl": 259200, "token_type": "service" - } + }, + "request": { + "client_token": "hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef", + "client_token_accessor": "hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e", + "id": "0042ad1b-1400-7eb7-5e25-1dfc898c1998", + "mount_type": "kv", + "namespace": { + "id": "root" + }, + "operation": "read", + "path": "secret/data/apps/continuous-delivery/aws-bucket-sse-c", + "remote_address": "10.6.8.36" + }, + "type": "request" } }, - "related": { - "ip": [ - "10.6.8.36" - ] - }, - "source": { - "ip": "10.6.8.36" - }, - "event": { - "original": "{\"time\":\"2021-06-29T17:26:11.402530449Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef\",\"accessor\":\"hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e\",\"display_name\":\"token-375f9cb3-4355-42c7-eab5-029f8a310ca7-runner\",\"policies\":[\"app-continuous-delivery\",\"app-github-runner\",\"default\"],\"token_policies\":[\"app-continuous-delivery\",\"app-github-runner\",\"default\"],\"metadata\":{\"AllocationID\":\"375f9cb3-4355-42c7-eab5-029f8a310ca7\",\"Namespace\":\"\",\"NodeID\":\"b70676cb-731b-976b-edc4-a5b1bb963fe4\",\"Task\":\"runner\"},\"token_type\":\"service\",\"token_ttl\":259200,\"token_issue_time\":\"2021-04-29T21:53:46Z\"},\"request\":{\"id\":\"0042ad1b-1400-7eb7-5e25-1dfc898c1998\",\"operation\":\"read\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef\",\"client_token_accessor\":\"hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e\",\"namespace\":{\"id\":\"root\"},\"path\":\"secret/data/apps/continuous-delivery/aws-bucket-sse-c\",\"remote_address\":\"10.6.8.36\"}}", - "kind": "event", - "action": "read", - "id": "0042ad1b-1400-7eb7-5e25-1dfc898c1998", - "category": [ - "authentication" - ], - "type": [ - "access" - ], - "outcome": "success" - }, "nomad": { + "allocation": { + "id": "375f9cb3-4355-42c7-eab5-029f8a310ca7" + }, "namespace": "", "node": { "id": "b70676cb-731b-976b-edc4-a5b1bb963fe4" }, - "allocation": { - "id": "375f9cb3-4355-42c7-eab5-029f8a310ca7" - }, "task": { "name": "runner" } }, + "related": { + "ip": [ + "10.6.8.36" + ] + }, + "source": { + "ip": "10.6.8.36" + }, "tags": [ "preserve_original_event" ] @@ -407,47 +407,59 @@ { "@timestamp": "2021-06-29T17:26:11.409Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "read", + "category": [ + "authentication" + ], + "id": "0042ad1b-1400-7eb7-5e25-1dfc898c1998", + "kind": "event", + "original": "{\"time\":\"2021-06-29T17:26:11.409840527Z\",\"type\":\"response\",\"auth\":{\"client_token\":\"hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef\",\"accessor\":\"hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e\",\"display_name\":\"token-375f9cb3-4355-42c7-eab5-029f8a310ca7-runner\",\"policies\":[\"app-continuous-delivery\",\"app-github-runner\",\"default\"],\"token_policies\":[\"app-continuous-delivery\",\"app-github-runner\",\"default\"],\"metadata\":{\"AllocationID\":\"375f9cb3-4355-42c7-eab5-029f8a310ca7\",\"Namespace\":\"\",\"NodeID\":\"b70676cb-731b-976b-edc4-a5b1bb963fe4\",\"Task\":\"runner\"},\"token_type\":\"service\",\"token_ttl\":259200,\"token_issue_time\":\"2021-04-29T21:53:46Z\"},\"request\":{\"id\":\"0042ad1b-1400-7eb7-5e25-1dfc898c1998\",\"operation\":\"read\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef\",\"client_token_accessor\":\"hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e\",\"namespace\":{\"id\":\"root\"},\"path\":\"secret/data/apps/continuous-delivery/aws-bucket-sse-c\",\"remote_address\":\"10.6.8.36\"},\"response\":{\"mount_type\":\"kv\",\"data\":{\"data\":{\"customer_key\":\"hmac-sha256:85d3c6e705ea04f49772b92cc7335e34c53f0264a6d75bba3ab95bad22ca5bd1\"},\"metadata\":{\"created_time\":\"hmac-sha256:9c910646d7399704ee015b4247b374bfb950282339d902a221b1ff4c83b13ee7\",\"deletion_time\":\"hmac-sha256:17a84bc5c1c7ee851af0069663ab9de3c879107724470fa34fc0b5418fb653db\",\"destroyed\":false,\"version\":1}}}}", + "outcome": "success", + "type": [ + "access" + ] }, "hashicorp_vault": { "audit": { - "request": { + "auth": { + "accessor": "hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e", "client_token": "hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef", - "path": "secret/data/apps/continuous-delivery/aws-bucket-sse-c", - "namespace": { - "id": "root" + "display_name": "token-375f9cb3-4355-42c7-eab5-029f8a310ca7-runner", + "metadata": { + "AllocationID": "375f9cb3-4355-42c7-eab5-029f8a310ca7", + "Namespace": "", + "NodeID": "b70676cb-731b-976b-edc4-a5b1bb963fe4", + "Task": "runner" }, - "id": "0042ad1b-1400-7eb7-5e25-1dfc898c1998", - "mount_type": "kv", - "remote_address": "10.6.8.36", - "client_token_accessor": "hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e", - "operation": "read" - }, - "type": "response", - "auth": { - "token_policies": [ + "policies": [ "app-continuous-delivery", "app-github-runner", "default" ], - "client_token": "hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef", - "metadata": { - "NodeID": "b70676cb-731b-976b-edc4-a5b1bb963fe4", - "Task": "runner", - "Namespace": "", - "AllocationID": "375f9cb3-4355-42c7-eab5-029f8a310ca7" - }, - "token_ttl": 259200, "token_issue_time": "2021-04-29T21:53:46Z", - "accessor": "hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e", - "policies": [ + "token_policies": [ "app-continuous-delivery", "app-github-runner", "default" ], - "display_name": "token-375f9cb3-4355-42c7-eab5-029f8a310ca7-runner", + "token_ttl": 259200, "token_type": "service" }, + "request": { + "client_token": "hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef", + "client_token_accessor": "hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e", + "id": "0042ad1b-1400-7eb7-5e25-1dfc898c1998", + "mount_type": "kv", + "namespace": { + "id": "root" + }, + "operation": "read", + "path": "secret/data/apps/continuous-delivery/aws-bucket-sse-c", + "remote_address": "10.6.8.36" + }, "response": { "data": { "data": { @@ -455,48 +467,36 @@ }, "metadata": { "created_time": "hmac-sha256:9c910646d7399704ee015b4247b374bfb950282339d902a221b1ff4c83b13ee7", + "deletion_time": "hmac-sha256:17a84bc5c1c7ee851af0069663ab9de3c879107724470fa34fc0b5418fb653db", "destroyed": false, - "version": 1, - "deletion_time": "hmac-sha256:17a84bc5c1c7ee851af0069663ab9de3c879107724470fa34fc0b5418fb653db" + "version": 1 } }, "mount_type": "kv" - } + }, + "type": "response" } }, - "related": { - "ip": [ - "10.6.8.36" - ] - }, - "source": { - "ip": "10.6.8.36" - }, - "event": { - "original": "{\"time\":\"2021-06-29T17:26:11.409840527Z\",\"type\":\"response\",\"auth\":{\"client_token\":\"hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef\",\"accessor\":\"hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e\",\"display_name\":\"token-375f9cb3-4355-42c7-eab5-029f8a310ca7-runner\",\"policies\":[\"app-continuous-delivery\",\"app-github-runner\",\"default\"],\"token_policies\":[\"app-continuous-delivery\",\"app-github-runner\",\"default\"],\"metadata\":{\"AllocationID\":\"375f9cb3-4355-42c7-eab5-029f8a310ca7\",\"Namespace\":\"\",\"NodeID\":\"b70676cb-731b-976b-edc4-a5b1bb963fe4\",\"Task\":\"runner\"},\"token_type\":\"service\",\"token_ttl\":259200,\"token_issue_time\":\"2021-04-29T21:53:46Z\"},\"request\":{\"id\":\"0042ad1b-1400-7eb7-5e25-1dfc898c1998\",\"operation\":\"read\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:95b624915ff8dd55a4028bb57d1af8c6d487a99033b507b99a5a6e943b4933ef\",\"client_token_accessor\":\"hmac-sha256:8fa4f7f3d1fd812064950025cde2b1565829a9dc5075253399e5ede8f8a1d98e\",\"namespace\":{\"id\":\"root\"},\"path\":\"secret/data/apps/continuous-delivery/aws-bucket-sse-c\",\"remote_address\":\"10.6.8.36\"},\"response\":{\"mount_type\":\"kv\",\"data\":{\"data\":{\"customer_key\":\"hmac-sha256:85d3c6e705ea04f49772b92cc7335e34c53f0264a6d75bba3ab95bad22ca5bd1\"},\"metadata\":{\"created_time\":\"hmac-sha256:9c910646d7399704ee015b4247b374bfb950282339d902a221b1ff4c83b13ee7\",\"deletion_time\":\"hmac-sha256:17a84bc5c1c7ee851af0069663ab9de3c879107724470fa34fc0b5418fb653db\",\"destroyed\":false,\"version\":1}}}}", - "kind": "event", - "action": "read", - "id": "0042ad1b-1400-7eb7-5e25-1dfc898c1998", - "category": [ - "authentication" - ], - "type": [ - "access" - ], - "outcome": "success" - }, "nomad": { + "allocation": { + "id": "375f9cb3-4355-42c7-eab5-029f8a310ca7" + }, "namespace": "", "node": { "id": "b70676cb-731b-976b-edc4-a5b1bb963fe4" }, - "allocation": { - "id": "375f9cb3-4355-42c7-eab5-029f8a310ca7" - }, "task": { "name": "runner" } }, + "related": { + "ip": [ + "10.6.8.36" + ] + }, + "source": { + "ip": "10.6.8.36" + }, "tags": [ "preserve_original_event" ] @@ -504,80 +504,80 @@ { "@timestamp": "2021-06-29T18:01:29.545Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "read", + "category": [ + "authentication" + ], + "id": "3aa3f349-b55a-53e3-a795-dd4137d64299", + "kind": "event", + "original": "{\"time\":\"2021-06-29T18:01:29.545476939Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef\",\"accessor\":\"hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771\",\"display_name\":\"token-c1d6c089-2f46-ff11-5988-38636bddf8d9-homeassistant\",\"policies\":[\"app-home-assistant\",\"default\"],\"token_policies\":[\"app-home-assistant\",\"default\"],\"metadata\":{\"AllocationID\":\"c1d6c089-2f46-ff11-5988-38636bddf8d9\",\"Namespace\":\"\",\"NodeID\":\"a28cef3a-f9e6-ad7d-bc5f-2c5ac27eec51\",\"Task\":\"homeassistant\"},\"token_type\":\"service\",\"token_ttl\":259200,\"token_issue_time\":\"2021-06-24T21:22:03Z\"},\"request\":{\"id\":\"3aa3f349-b55a-53e3-a795-dd4137d64299\",\"operation\":\"read\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef\",\"client_token_accessor\":\"hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771\",\"namespace\":{\"id\":\"root\"},\"path\":\"secret/data/apps/home-assistant/secrets_yaml\",\"remote_address\":\"10.6.8.34\"}}", + "outcome": "success", + "type": [ + "access" + ] }, "hashicorp_vault": { "audit": { - "type": "request", - "request": { - "client_token": "hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef", - "path": "secret/data/apps/home-assistant/secrets_yaml", - "namespace": { - "id": "root" - }, - "id": "3aa3f349-b55a-53e3-a795-dd4137d64299", - "mount_type": "kv", - "remote_address": "10.6.8.34", - "client_token_accessor": "hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771", - "operation": "read" - }, "auth": { - "token_policies": [ - "app-home-assistant", - "default" - ], + "accessor": "hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771", "client_token": "hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef", + "display_name": "token-c1d6c089-2f46-ff11-5988-38636bddf8d9-homeassistant", "metadata": { - "NodeID": "a28cef3a-f9e6-ad7d-bc5f-2c5ac27eec51", - "Task": "homeassistant", + "AllocationID": "c1d6c089-2f46-ff11-5988-38636bddf8d9", "Namespace": "", - "AllocationID": "c1d6c089-2f46-ff11-5988-38636bddf8d9" + "NodeID": "a28cef3a-f9e6-ad7d-bc5f-2c5ac27eec51", + "Task": "homeassistant" }, - "token_ttl": 259200, - "token_issue_time": "2021-06-24T21:22:03Z", - "accessor": "hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771", "policies": [ "app-home-assistant", "default" ], - "display_name": "token-c1d6c089-2f46-ff11-5988-38636bddf8d9-homeassistant", + "token_issue_time": "2021-06-24T21:22:03Z", + "token_policies": [ + "app-home-assistant", + "default" + ], + "token_ttl": 259200, "token_type": "service" - } + }, + "request": { + "client_token": "hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef", + "client_token_accessor": "hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771", + "id": "3aa3f349-b55a-53e3-a795-dd4137d64299", + "mount_type": "kv", + "namespace": { + "id": "root" + }, + "operation": "read", + "path": "secret/data/apps/home-assistant/secrets_yaml", + "remote_address": "10.6.8.34" + }, + "type": "request" } }, - "related": { - "ip": [ - "10.6.8.34" - ] - }, - "source": { - "ip": "10.6.8.34" - }, - "event": { - "original": "{\"time\":\"2021-06-29T18:01:29.545476939Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef\",\"accessor\":\"hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771\",\"display_name\":\"token-c1d6c089-2f46-ff11-5988-38636bddf8d9-homeassistant\",\"policies\":[\"app-home-assistant\",\"default\"],\"token_policies\":[\"app-home-assistant\",\"default\"],\"metadata\":{\"AllocationID\":\"c1d6c089-2f46-ff11-5988-38636bddf8d9\",\"Namespace\":\"\",\"NodeID\":\"a28cef3a-f9e6-ad7d-bc5f-2c5ac27eec51\",\"Task\":\"homeassistant\"},\"token_type\":\"service\",\"token_ttl\":259200,\"token_issue_time\":\"2021-06-24T21:22:03Z\"},\"request\":{\"id\":\"3aa3f349-b55a-53e3-a795-dd4137d64299\",\"operation\":\"read\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef\",\"client_token_accessor\":\"hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771\",\"namespace\":{\"id\":\"root\"},\"path\":\"secret/data/apps/home-assistant/secrets_yaml\",\"remote_address\":\"10.6.8.34\"}}", - "kind": "event", - "action": "read", - "id": "3aa3f349-b55a-53e3-a795-dd4137d64299", - "category": [ - "authentication" - ], - "type": [ - "access" - ], - "outcome": "success" - }, "nomad": { + "allocation": { + "id": "c1d6c089-2f46-ff11-5988-38636bddf8d9" + }, "namespace": "", "node": { "id": "a28cef3a-f9e6-ad7d-bc5f-2c5ac27eec51" }, - "allocation": { - "id": "c1d6c089-2f46-ff11-5988-38636bddf8d9" - }, "task": { "name": "homeassistant" } }, + "related": { + "ip": [ + "10.6.8.34" + ] + }, + "source": { + "ip": "10.6.8.34" + }, "tags": [ "preserve_original_event" ] @@ -585,124 +585,124 @@ { "@timestamp": "2021-06-29T18:01:29.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "read", + "category": [ + "authentication" + ], + "id": "3aa3f349-b55a-53e3-a795-dd4137d64299", + "kind": "event", + "original": "{\"time\":\"2021-06-29T18:01:29.547355273Z\",\"type\":\"response\",\"auth\":{\"client_token\":\"hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef\",\"accessor\":\"hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771\",\"display_name\":\"token-c1d6c089-2f46-ff11-5988-38636bddf8d9-homeassistant\",\"policies\":[\"app-home-assistant\",\"default\"],\"token_policies\":[\"app-home-assistant\",\"default\"],\"metadata\":{\"AllocationID\":\"c1d6c089-2f46-ff11-5988-38636bddf8d9\",\"Namespace\":\"\",\"NodeID\":\"a28cef3a-f9e6-ad7d-bc5f-2c5ac27eec51\",\"Task\":\"homeassistant\"},\"token_type\":\"service\",\"token_ttl\":259200,\"token_issue_time\":\"2021-06-24T21:22:03Z\"},\"request\":{\"id\":\"3aa3f349-b55a-53e3-a795-dd4137d64299\",\"operation\":\"read\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef\",\"client_token_accessor\":\"hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771\",\"namespace\":{\"id\":\"root\"},\"path\":\"secret/data/apps/home-assistant/secrets_yaml\",\"remote_address\":\"10.6.8.34\"},\"response\":{\"mount_type\":\"kv\",\"data\":{\"data\":{\"aladdin_connect_password\":\"hmac-sha256:f3a85a98373fa879041a438606e38773fdfaca9d99e2a1ee08183a2cb8fc9a17\",\"aladdin_connect_username\":\"hmac-sha256:b3c982a71d17164325f4ef6a9831a132e1bb789833fc6d1ecab5d36bc71df112\",\"elasticsearch_password\":\"hmac-sha256:8d2328e2c80428977858c0a80c6624c7910dd7da0b74c8d33e4d8d22fc0e9ad1\",\"elasticsearch_url\":\"hmac-sha256:c63aa2b5d15069aa9ff53eb1b6f4418a21a87c4fe508655d7f396b4bdf73492c\",\"elasticsearch_username\":\"hmac-sha256:bb7bdfaa02957aaf85efd2ea4585e05aa1ccb4594eb6820078bf8df46d123133\",\"rest_notify_cisco_phone_csrc_token\":\"hmac-sha256:b2120f2e905e41167ea380586d9f1bb13772873bb3e35aba28daca747921faad\",\"rest_notify_cisco_phone_password\":\"hmac-sha256:a4c3451df78d28825309c3b25fefb6fdb9314350da1169b012923325929d2b5d\",\"rest_notify_cisco_phone_username\":\"hmac-sha256:1229909bcdaa7acf6894ebfa51daff701b9f026f7bfff5525fe7ddfcf8469af6\",\"smtp_host\":\"hmac-sha256:bf4e6e6f4b1af3beb385006278b7e2da94eb4b243af8738727ba5e82375138c5\",\"smtp_password\":\"hmac-sha256:7b8a462d76578b0e4ddf162d9a244eb5a736d3d04b21d9ed399ad7f44032743e\",\"smtp_port\":587,\"smtp_username\":\"hmac-sha256:d97eb233a52d67e2fb16b43950b8537659b69a13e03aa58a771d8e82379354e4\",\"twilio_account_sid\":\"hmac-sha256:509150eeaf7657a069a37df450fe5821b307a882a2634230edf0b8b172f2fca8\",\"twilio_auth_token\":\"hmac-sha256:09cf3ffa023a5b5750d0aaff696f767b5a00c1af430b297abdc84d53dd4d139e\",\"cam_backyard_rtsp_url\":\"hmac-sha256:bcac97c20cdc641ca7ba4d1e4c80246961f6f116670ce6ae32be1a01be36fed1\",\"cam_backyard_url\":\"hmac-sha256:5a9348e779c7260e4375a734a4947506e97f86098e45db8d63ba800698d26c34\",\"cam_basement_door_rtsp_url\":\"hmac-sha256:ffd1f989ed0632e542f760ae8e683852e6d4b22acb24b5eae94e1568e977b007\",\"cam_basement_door_url\":\"hmac-sha256:550f62496448494a4a30a4c8499903ea58ea7ab43102a56103020c122795861b\",\"cam_driveway_rtsp_url\":\"hmac-sha256:7b732f13b417be1d8387dc9c517087cd2f9a854898f8bd50922ae39c9123cf5f\",\"cam_driveway_url\":\"hmac-sha256:aef04b9fc7c345e7cb49f3833fbe0d56c8d8c6c6d922152250019f83bfc38acc\",\"cam_front_door_rtsp_url\":\"hmac-sha256:db5ef5a052e6d09fee199dede89f5178afd5f642843268aa5bb43e755785f916\",\"cam_front_door_url\":\"hmac-sha256:6b5129afbd2e43f8ac8fe25a0b7c27f69c19d8713a95ac98ebfa65c8e51fd089\",\"cam_garage_rtsp_url\":\"hmac-sha256:10aa878ec26fdfa5e3a486ead013c693425f5c6bd3315b9365132a0c963c30f6\",\"cam_garage_url\":\"hmac-sha256:80d5c5b1080b12ed3681806bcc560f2ff0f53a43549df72396b14f41d1871dbf\",\"cam_mechanical_room_rtsp_url\":\"hmac-sha256:e343a772988cbc3262c6256df08c0c9f1a0f50e3bcefe3f39febc7cb135e2132\",\"cam_mechanical_room_url\":\"hmac-sha256:fd1f4d286bebd86234c474580cc2a74fdb79b16d936e4b8562e5cc13d82fbf7b\",\"cam_os_password\":\"hmac-sha256:b428f7bdeb97348f2553143030dfb1ac3b714436b59ed74e3320af2e13b5919f\",\"cam_os_username\":\"hmac-sha256:ff23e0d8782523b6a57c1bc1d21f88ef451359d7acefb032864e7a2715ba4185\",\"yale_lock_code_andrew\":\"hmac-sha256:545bca27b7805c8f17433693e8a07dab5c8b9d07a9a0e99ba04d73917c882956\",\"yale_lock_code_neva\":\"hmac-sha256:954080fe6c36dddfecea03fe20c91fa75d1c54488c1c706c988650dd0c45647e\",\"zwave_network_key\":\"hmac-sha256:382cc81146b9b71dc62135d6fb97246c74818857f3a73b03e7f7367ea53a8336\"},\"metadata\":{\"created_time\":\"hmac-sha256:be77f81a3338087479da238bf04ab23998c11375bc830cdeca8e30c24ab8a095\",\"deletion_time\":\"hmac-sha256:17a84bc5c1c7ee851af0069663ab9de3c879107724470fa34fc0b5418fb653db\",\"destroyed\":false,\"version\":6}}}}", + "outcome": "success", + "type": [ + "access" + ] }, "hashicorp_vault": { "audit": { - "request": { - "client_token": "hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef", - "path": "secret/data/apps/home-assistant/secrets_yaml", - "namespace": { - "id": "root" - }, - "id": "3aa3f349-b55a-53e3-a795-dd4137d64299", - "mount_type": "kv", - "remote_address": "10.6.8.34", - "client_token_accessor": "hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771", - "operation": "read" - }, - "type": "response", "auth": { - "token_policies": [ - "app-home-assistant", - "default" - ], + "accessor": "hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771", "client_token": "hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef", + "display_name": "token-c1d6c089-2f46-ff11-5988-38636bddf8d9-homeassistant", "metadata": { - "NodeID": "a28cef3a-f9e6-ad7d-bc5f-2c5ac27eec51", - "Task": "homeassistant", + "AllocationID": "c1d6c089-2f46-ff11-5988-38636bddf8d9", "Namespace": "", - "AllocationID": "c1d6c089-2f46-ff11-5988-38636bddf8d9" + "NodeID": "a28cef3a-f9e6-ad7d-bc5f-2c5ac27eec51", + "Task": "homeassistant" }, - "token_ttl": 259200, - "token_issue_time": "2021-06-24T21:22:03Z", - "accessor": "hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771", "policies": [ "app-home-assistant", "default" ], - "display_name": "token-c1d6c089-2f46-ff11-5988-38636bddf8d9-homeassistant", + "token_issue_time": "2021-06-24T21:22:03Z", + "token_policies": [ + "app-home-assistant", + "default" + ], + "token_ttl": 259200, "token_type": "service" }, + "request": { + "client_token": "hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef", + "client_token_accessor": "hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771", + "id": "3aa3f349-b55a-53e3-a795-dd4137d64299", + "mount_type": "kv", + "namespace": { + "id": "root" + }, + "operation": "read", + "path": "secret/data/apps/home-assistant/secrets_yaml", + "remote_address": "10.6.8.34" + }, "response": { "data": { "data": { - "elasticsearch_url": "hmac-sha256:c63aa2b5d15069aa9ff53eb1b6f4418a21a87c4fe508655d7f396b4bdf73492c", - "cam_front_door_url": "hmac-sha256:6b5129afbd2e43f8ac8fe25a0b7c27f69c19d8713a95ac98ebfa65c8e51fd089", + "aladdin_connect_password": "hmac-sha256:f3a85a98373fa879041a438606e38773fdfaca9d99e2a1ee08183a2cb8fc9a17", + "aladdin_connect_username": "hmac-sha256:b3c982a71d17164325f4ef6a9831a132e1bb789833fc6d1ecab5d36bc71df112", + "cam_backyard_rtsp_url": "hmac-sha256:bcac97c20cdc641ca7ba4d1e4c80246961f6f116670ce6ae32be1a01be36fed1", + "cam_backyard_url": "hmac-sha256:5a9348e779c7260e4375a734a4947506e97f86098e45db8d63ba800698d26c34", + "cam_basement_door_rtsp_url": "hmac-sha256:ffd1f989ed0632e542f760ae8e683852e6d4b22acb24b5eae94e1568e977b007", "cam_basement_door_url": "hmac-sha256:550f62496448494a4a30a4c8499903ea58ea7ab43102a56103020c122795861b", - "elasticsearch_password": "hmac-sha256:8d2328e2c80428977858c0a80c6624c7910dd7da0b74c8d33e4d8d22fc0e9ad1", + "cam_driveway_rtsp_url": "hmac-sha256:7b732f13b417be1d8387dc9c517087cd2f9a854898f8bd50922ae39c9123cf5f", + "cam_driveway_url": "hmac-sha256:aef04b9fc7c345e7cb49f3833fbe0d56c8d8c6c6d922152250019f83bfc38acc", + "cam_front_door_rtsp_url": "hmac-sha256:db5ef5a052e6d09fee199dede89f5178afd5f642843268aa5bb43e755785f916", + "cam_front_door_url": "hmac-sha256:6b5129afbd2e43f8ac8fe25a0b7c27f69c19d8713a95ac98ebfa65c8e51fd089", + "cam_garage_rtsp_url": "hmac-sha256:10aa878ec26fdfa5e3a486ead013c693425f5c6bd3315b9365132a0c963c30f6", + "cam_garage_url": "hmac-sha256:80d5c5b1080b12ed3681806bcc560f2ff0f53a43549df72396b14f41d1871dbf", + "cam_mechanical_room_rtsp_url": "hmac-sha256:e343a772988cbc3262c6256df08c0c9f1a0f50e3bcefe3f39febc7cb135e2132", "cam_mechanical_room_url": "hmac-sha256:fd1f4d286bebd86234c474580cc2a74fdb79b16d936e4b8562e5cc13d82fbf7b", - "twilio_account_sid": "hmac-sha256:509150eeaf7657a069a37df450fe5821b307a882a2634230edf0b8b172f2fca8", "cam_os_password": "hmac-sha256:b428f7bdeb97348f2553143030dfb1ac3b714436b59ed74e3320af2e13b5919f", - "smtp_host": "hmac-sha256:bf4e6e6f4b1af3beb385006278b7e2da94eb4b243af8738727ba5e82375138c5", - "aladdin_connect_username": "hmac-sha256:b3c982a71d17164325f4ef6a9831a132e1bb789833fc6d1ecab5d36bc71df112", - "cam_basement_door_rtsp_url": "hmac-sha256:ffd1f989ed0632e542f760ae8e683852e6d4b22acb24b5eae94e1568e977b007", + "cam_os_username": "hmac-sha256:ff23e0d8782523b6a57c1bc1d21f88ef451359d7acefb032864e7a2715ba4185", + "elasticsearch_password": "hmac-sha256:8d2328e2c80428977858c0a80c6624c7910dd7da0b74c8d33e4d8d22fc0e9ad1", + "elasticsearch_url": "hmac-sha256:c63aa2b5d15069aa9ff53eb1b6f4418a21a87c4fe508655d7f396b4bdf73492c", + "elasticsearch_username": "hmac-sha256:bb7bdfaa02957aaf85efd2ea4585e05aa1ccb4594eb6820078bf8df46d123133", "rest_notify_cisco_phone_csrc_token": "hmac-sha256:b2120f2e905e41167ea380586d9f1bb13772873bb3e35aba28daca747921faad", - "smtp_username": "hmac-sha256:d97eb233a52d67e2fb16b43950b8537659b69a13e03aa58a771d8e82379354e4", "rest_notify_cisco_phone_password": "hmac-sha256:a4c3451df78d28825309c3b25fefb6fdb9314350da1169b012923325929d2b5d", + "rest_notify_cisco_phone_username": "hmac-sha256:1229909bcdaa7acf6894ebfa51daff701b9f026f7bfff5525fe7ddfcf8469af6", + "smtp_host": "hmac-sha256:bf4e6e6f4b1af3beb385006278b7e2da94eb4b243af8738727ba5e82375138c5", "smtp_password": "hmac-sha256:7b8a462d76578b0e4ddf162d9a244eb5a736d3d04b21d9ed399ad7f44032743e", - "zwave_network_key": "hmac-sha256:382cc81146b9b71dc62135d6fb97246c74818857f3a73b03e7f7367ea53a8336", - "cam_garage_rtsp_url": "hmac-sha256:10aa878ec26fdfa5e3a486ead013c693425f5c6bd3315b9365132a0c963c30f6", - "cam_driveway_rtsp_url": "hmac-sha256:7b732f13b417be1d8387dc9c517087cd2f9a854898f8bd50922ae39c9123cf5f", + "smtp_port": 587, + "smtp_username": "hmac-sha256:d97eb233a52d67e2fb16b43950b8537659b69a13e03aa58a771d8e82379354e4", + "twilio_account_sid": "hmac-sha256:509150eeaf7657a069a37df450fe5821b307a882a2634230edf0b8b172f2fca8", "twilio_auth_token": "hmac-sha256:09cf3ffa023a5b5750d0aaff696f767b5a00c1af430b297abdc84d53dd4d139e", - "cam_backyard_rtsp_url": "hmac-sha256:bcac97c20cdc641ca7ba4d1e4c80246961f6f116670ce6ae32be1a01be36fed1", - "cam_backyard_url": "hmac-sha256:5a9348e779c7260e4375a734a4947506e97f86098e45db8d63ba800698d26c34", - "elasticsearch_username": "hmac-sha256:bb7bdfaa02957aaf85efd2ea4585e05aa1ccb4594eb6820078bf8df46d123133", - "cam_front_door_rtsp_url": "hmac-sha256:db5ef5a052e6d09fee199dede89f5178afd5f642843268aa5bb43e755785f916", - "cam_os_username": "hmac-sha256:ff23e0d8782523b6a57c1bc1d21f88ef451359d7acefb032864e7a2715ba4185", "yale_lock_code_andrew": "hmac-sha256:545bca27b7805c8f17433693e8a07dab5c8b9d07a9a0e99ba04d73917c882956", - "cam_garage_url": "hmac-sha256:80d5c5b1080b12ed3681806bcc560f2ff0f53a43549df72396b14f41d1871dbf", - "aladdin_connect_password": "hmac-sha256:f3a85a98373fa879041a438606e38773fdfaca9d99e2a1ee08183a2cb8fc9a17", "yale_lock_code_neva": "hmac-sha256:954080fe6c36dddfecea03fe20c91fa75d1c54488c1c706c988650dd0c45647e", - "smtp_port": 587, - "rest_notify_cisco_phone_username": "hmac-sha256:1229909bcdaa7acf6894ebfa51daff701b9f026f7bfff5525fe7ddfcf8469af6", - "cam_mechanical_room_rtsp_url": "hmac-sha256:e343a772988cbc3262c6256df08c0c9f1a0f50e3bcefe3f39febc7cb135e2132", - "cam_driveway_url": "hmac-sha256:aef04b9fc7c345e7cb49f3833fbe0d56c8d8c6c6d922152250019f83bfc38acc" + "zwave_network_key": "hmac-sha256:382cc81146b9b71dc62135d6fb97246c74818857f3a73b03e7f7367ea53a8336" }, "metadata": { "created_time": "hmac-sha256:be77f81a3338087479da238bf04ab23998c11375bc830cdeca8e30c24ab8a095", + "deletion_time": "hmac-sha256:17a84bc5c1c7ee851af0069663ab9de3c879107724470fa34fc0b5418fb653db", "destroyed": false, - "version": 6, - "deletion_time": "hmac-sha256:17a84bc5c1c7ee851af0069663ab9de3c879107724470fa34fc0b5418fb653db" + "version": 6 } }, "mount_type": "kv" - } + }, + "type": "response" } }, - "related": { - "ip": [ - "10.6.8.34" - ] - }, - "source": { - "ip": "10.6.8.34" - }, - "event": { - "original": "{\"time\":\"2021-06-29T18:01:29.547355273Z\",\"type\":\"response\",\"auth\":{\"client_token\":\"hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef\",\"accessor\":\"hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771\",\"display_name\":\"token-c1d6c089-2f46-ff11-5988-38636bddf8d9-homeassistant\",\"policies\":[\"app-home-assistant\",\"default\"],\"token_policies\":[\"app-home-assistant\",\"default\"],\"metadata\":{\"AllocationID\":\"c1d6c089-2f46-ff11-5988-38636bddf8d9\",\"Namespace\":\"\",\"NodeID\":\"a28cef3a-f9e6-ad7d-bc5f-2c5ac27eec51\",\"Task\":\"homeassistant\"},\"token_type\":\"service\",\"token_ttl\":259200,\"token_issue_time\":\"2021-06-24T21:22:03Z\"},\"request\":{\"id\":\"3aa3f349-b55a-53e3-a795-dd4137d64299\",\"operation\":\"read\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:f69c28fde8609df2a0ec6a316c0293179fa922a8a3a660a314859e6cff8e5fef\",\"client_token_accessor\":\"hmac-sha256:2ee197e25b333d83ba45d0c40aca153e0ad6c9e42b04b6de6a5b5b575de58771\",\"namespace\":{\"id\":\"root\"},\"path\":\"secret/data/apps/home-assistant/secrets_yaml\",\"remote_address\":\"10.6.8.34\"},\"response\":{\"mount_type\":\"kv\",\"data\":{\"data\":{\"aladdin_connect_password\":\"hmac-sha256:f3a85a98373fa879041a438606e38773fdfaca9d99e2a1ee08183a2cb8fc9a17\",\"aladdin_connect_username\":\"hmac-sha256:b3c982a71d17164325f4ef6a9831a132e1bb789833fc6d1ecab5d36bc71df112\",\"elasticsearch_password\":\"hmac-sha256:8d2328e2c80428977858c0a80c6624c7910dd7da0b74c8d33e4d8d22fc0e9ad1\",\"elasticsearch_url\":\"hmac-sha256:c63aa2b5d15069aa9ff53eb1b6f4418a21a87c4fe508655d7f396b4bdf73492c\",\"elasticsearch_username\":\"hmac-sha256:bb7bdfaa02957aaf85efd2ea4585e05aa1ccb4594eb6820078bf8df46d123133\",\"rest_notify_cisco_phone_csrc_token\":\"hmac-sha256:b2120f2e905e41167ea380586d9f1bb13772873bb3e35aba28daca747921faad\",\"rest_notify_cisco_phone_password\":\"hmac-sha256:a4c3451df78d28825309c3b25fefb6fdb9314350da1169b012923325929d2b5d\",\"rest_notify_cisco_phone_username\":\"hmac-sha256:1229909bcdaa7acf6894ebfa51daff701b9f026f7bfff5525fe7ddfcf8469af6\",\"smtp_host\":\"hmac-sha256:bf4e6e6f4b1af3beb385006278b7e2da94eb4b243af8738727ba5e82375138c5\",\"smtp_password\":\"hmac-sha256:7b8a462d76578b0e4ddf162d9a244eb5a736d3d04b21d9ed399ad7f44032743e\",\"smtp_port\":587,\"smtp_username\":\"hmac-sha256:d97eb233a52d67e2fb16b43950b8537659b69a13e03aa58a771d8e82379354e4\",\"twilio_account_sid\":\"hmac-sha256:509150eeaf7657a069a37df450fe5821b307a882a2634230edf0b8b172f2fca8\",\"twilio_auth_token\":\"hmac-sha256:09cf3ffa023a5b5750d0aaff696f767b5a00c1af430b297abdc84d53dd4d139e\",\"cam_backyard_rtsp_url\":\"hmac-sha256:bcac97c20cdc641ca7ba4d1e4c80246961f6f116670ce6ae32be1a01be36fed1\",\"cam_backyard_url\":\"hmac-sha256:5a9348e779c7260e4375a734a4947506e97f86098e45db8d63ba800698d26c34\",\"cam_basement_door_rtsp_url\":\"hmac-sha256:ffd1f989ed0632e542f760ae8e683852e6d4b22acb24b5eae94e1568e977b007\",\"cam_basement_door_url\":\"hmac-sha256:550f62496448494a4a30a4c8499903ea58ea7ab43102a56103020c122795861b\",\"cam_driveway_rtsp_url\":\"hmac-sha256:7b732f13b417be1d8387dc9c517087cd2f9a854898f8bd50922ae39c9123cf5f\",\"cam_driveway_url\":\"hmac-sha256:aef04b9fc7c345e7cb49f3833fbe0d56c8d8c6c6d922152250019f83bfc38acc\",\"cam_front_door_rtsp_url\":\"hmac-sha256:db5ef5a052e6d09fee199dede89f5178afd5f642843268aa5bb43e755785f916\",\"cam_front_door_url\":\"hmac-sha256:6b5129afbd2e43f8ac8fe25a0b7c27f69c19d8713a95ac98ebfa65c8e51fd089\",\"cam_garage_rtsp_url\":\"hmac-sha256:10aa878ec26fdfa5e3a486ead013c693425f5c6bd3315b9365132a0c963c30f6\",\"cam_garage_url\":\"hmac-sha256:80d5c5b1080b12ed3681806bcc560f2ff0f53a43549df72396b14f41d1871dbf\",\"cam_mechanical_room_rtsp_url\":\"hmac-sha256:e343a772988cbc3262c6256df08c0c9f1a0f50e3bcefe3f39febc7cb135e2132\",\"cam_mechanical_room_url\":\"hmac-sha256:fd1f4d286bebd86234c474580cc2a74fdb79b16d936e4b8562e5cc13d82fbf7b\",\"cam_os_password\":\"hmac-sha256:b428f7bdeb97348f2553143030dfb1ac3b714436b59ed74e3320af2e13b5919f\",\"cam_os_username\":\"hmac-sha256:ff23e0d8782523b6a57c1bc1d21f88ef451359d7acefb032864e7a2715ba4185\",\"yale_lock_code_andrew\":\"hmac-sha256:545bca27b7805c8f17433693e8a07dab5c8b9d07a9a0e99ba04d73917c882956\",\"yale_lock_code_neva\":\"hmac-sha256:954080fe6c36dddfecea03fe20c91fa75d1c54488c1c706c988650dd0c45647e\",\"zwave_network_key\":\"hmac-sha256:382cc81146b9b71dc62135d6fb97246c74818857f3a73b03e7f7367ea53a8336\"},\"metadata\":{\"created_time\":\"hmac-sha256:be77f81a3338087479da238bf04ab23998c11375bc830cdeca8e30c24ab8a095\",\"deletion_time\":\"hmac-sha256:17a84bc5c1c7ee851af0069663ab9de3c879107724470fa34fc0b5418fb653db\",\"destroyed\":false,\"version\":6}}}}", - "kind": "event", - "action": "read", - "id": "3aa3f349-b55a-53e3-a795-dd4137d64299", - "category": [ - "authentication" - ], - "type": [ - "access" - ], - "outcome": "success" - }, "nomad": { + "allocation": { + "id": "c1d6c089-2f46-ff11-5988-38636bddf8d9" + }, "namespace": "", "node": { "id": "a28cef3a-f9e6-ad7d-bc5f-2c5ac27eec51" }, - "allocation": { - "id": "c1d6c089-2f46-ff11-5988-38636bddf8d9" - }, "task": { "name": "homeassistant" } }, + "related": { + "ip": [ + "10.6.8.34" + ] + }, + "source": { + "ip": "10.6.8.34" + }, "tags": [ "preserve_original_event" ] @@ -710,44 +710,53 @@ { "@timestamp": "2021-12-30T17:11:12.468Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "help", + "category": [ + "authentication" + ], + "kind": "event", + "original": "{\"time\":\"2021-12-30T17:11:12.468537924Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:b19f5a3ebd8fa029e884e32cb160d7f1041d7fcba68d796aab9290411fac7ffb\",\"accessor\":\"hmac-sha256:b31666f6a411cf7f9a950833e71035a863a1bb3ab536318529057e3f95787ac4\",\"display_name\":\"oidc-12349999999999999999\",\"policies\":[\"default\",\"group-admin\"],\"token_policies\":[\"default\",\"group-admin\"],\"metadata\":{\"account_id\":\"12349999999999999999\",\"email\":\"example@gmail.com\",\"role\":\"gmail\"},\"entity_id\":\"e4f5c67a-6f7e-789d-ae56-a1fe3ae23046\",\"token_type\":\"service\",\"token_ttl\":3600,\"token_issue_time\":\"2021-12-30T17:11:09Z\"},\"request\":{\"operation\":\"help\",\"mount_type\":\"pki\",\"client_token\":\"hmac-sha256:b19f5a3ebd8fa029e884e32cb160d7f1041d7fcba68d796aab9290411fac7ffb\",\"client_token_accessor\":\"hmac-sha256:b31666f6a411cf7f9a950833e71035a863a1bb3ab536318529057e3f95787ac4\",\"namespace\":{\"id\":\"root\"},\"path\":\"ca/roles/example\",\"remote_address\":\"10.6.8.34\"}}", + "outcome": "success" }, "hashicorp_vault": { "audit": { - "type": "request", - "request": { - "client_token": "hmac-sha256:b19f5a3ebd8fa029e884e32cb160d7f1041d7fcba68d796aab9290411fac7ffb", - "path": "ca/roles/example", - "namespace": { - "id": "root" - }, - "mount_type": "pki", - "remote_address": "10.6.8.34", - "client_token_accessor": "hmac-sha256:b31666f6a411cf7f9a950833e71035a863a1bb3ab536318529057e3f95787ac4", - "operation": "help" - }, "auth": { - "token_policies": [ - "default", - "group-admin" - ], + "accessor": "hmac-sha256:b31666f6a411cf7f9a950833e71035a863a1bb3ab536318529057e3f95787ac4", "client_token": "hmac-sha256:b19f5a3ebd8fa029e884e32cb160d7f1041d7fcba68d796aab9290411fac7ffb", + "display_name": "oidc-12349999999999999999", + "entity_id": "e4f5c67a-6f7e-789d-ae56-a1fe3ae23046", "metadata": { - "email": "example@gmail.com", "account_id": "12349999999999999999", + "email": "example@gmail.com", "role": "gmail" }, - "token_ttl": 3600, - "token_issue_time": "2021-12-30T17:11:09Z", - "accessor": "hmac-sha256:b31666f6a411cf7f9a950833e71035a863a1bb3ab536318529057e3f95787ac4", "policies": [ "default", "group-admin" ], - "display_name": "oidc-12349999999999999999", - "entity_id": "e4f5c67a-6f7e-789d-ae56-a1fe3ae23046", + "token_issue_time": "2021-12-30T17:11:09Z", + "token_policies": [ + "default", + "group-admin" + ], + "token_ttl": 3600, "token_type": "service" - } + }, + "request": { + "client_token": "hmac-sha256:b19f5a3ebd8fa029e884e32cb160d7f1041d7fcba68d796aab9290411fac7ffb", + "client_token_accessor": "hmac-sha256:b31666f6a411cf7f9a950833e71035a863a1bb3ab536318529057e3f95787ac4", + "mount_type": "pki", + "namespace": { + "id": "root" + }, + "operation": "help", + "path": "ca/roles/example", + "remote_address": "10.6.8.34" + }, + "type": "request" } }, "related": { @@ -758,22 +767,13 @@ "source": { "ip": "10.6.8.34" }, - "event": { - "action": "help", - "original": "{\"time\":\"2021-12-30T17:11:12.468537924Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:b19f5a3ebd8fa029e884e32cb160d7f1041d7fcba68d796aab9290411fac7ffb\",\"accessor\":\"hmac-sha256:b31666f6a411cf7f9a950833e71035a863a1bb3ab536318529057e3f95787ac4\",\"display_name\":\"oidc-12349999999999999999\",\"policies\":[\"default\",\"group-admin\"],\"token_policies\":[\"default\",\"group-admin\"],\"metadata\":{\"account_id\":\"12349999999999999999\",\"email\":\"example@gmail.com\",\"role\":\"gmail\"},\"entity_id\":\"e4f5c67a-6f7e-789d-ae56-a1fe3ae23046\",\"token_type\":\"service\",\"token_ttl\":3600,\"token_issue_time\":\"2021-12-30T17:11:09Z\"},\"request\":{\"operation\":\"help\",\"mount_type\":\"pki\",\"client_token\":\"hmac-sha256:b19f5a3ebd8fa029e884e32cb160d7f1041d7fcba68d796aab9290411fac7ffb\",\"client_token_accessor\":\"hmac-sha256:b31666f6a411cf7f9a950833e71035a863a1bb3ab536318529057e3f95787ac4\",\"namespace\":{\"id\":\"root\"},\"path\":\"ca/roles/example\",\"remote_address\":\"10.6.8.34\"}}", - "category": [ - "authentication" - ], - "kind": "event", - "outcome": "success" - }, + "tags": [ + "preserve_original_event" + ], "user": { "email": "example@gmail.com", "id": "12349999999999999999" - }, - "tags": [ - "preserve_original_event" - ] + } } ] } \ No newline at end of file diff --git a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json index 6e392bc5f10..a84d8afc68a 100644 --- a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json +++ b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json @@ -3,42 +3,57 @@ { "@timestamp": "2018-04-09T21:04:29.640Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "read", + "category": [ + "authentication" + ], + "id": "b2f72168-6cba-1bab-808a-72d9304b82f8", + "kind": "event", + "original": "{\"time\":\"2018-04-09T21:04:29.6406536Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae\",\"accessor\":\"hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d\",\"display_name\":\"token\",\"policies\":[\"default\",\"sudo\",\"surf-admin\"],\"metadata\":{\"loglevel\":\"raw\",\"remote\":\"false\",\"surf\":\"moderate\"},\"entity_id\":\"\"},\"request\":{\"id\":\"b2f72168-6cba-1bab-808a-72d9304b82f8\",\"operation\":\"read\",\"client_token\":\"hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae\",\"client_token_accessor\":\"hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d\",\"path\":\"auth/token/lookup-self\",\"data\":null,\"policy_override\":false,\"remote_address\":\"172.17.0.1\",\"wrap_ttl\":0,\"headers\":{}},\"error\":\"\"}", + "outcome": "failure", + "type": [ + "access", + "error" + ] }, "hashicorp_vault": { "audit": { - "request": { - "client_token": "hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae", - "path": "auth/token/lookup-self", - "headers": {}, - "data": null, - "wrap_ttl": 0, - "policy_override": false, - "id": "b2f72168-6cba-1bab-808a-72d9304b82f8", - "remote_address": "172.17.0.1", - "client_token_accessor": "hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d", - "operation": "read" - }, - "type": "request", - "error": "", "auth": { "accessor": "hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d", + "client_token": "hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae", + "display_name": "token", + "entity_id": "", + "metadata": { + "loglevel": "raw", + "remote": "false", + "surf": "moderate" + }, "policies": [ "default", "sudo", "surf-admin" - ], + ] + }, + "error": "", + "request": { "client_token": "hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae", - "metadata": { - "surf": "moderate", - "remote": "false", - "loglevel": "raw" - }, - "display_name": "token", - "entity_id": "" - } + "client_token_accessor": "hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d", + "data": null, + "headers": {}, + "id": "b2f72168-6cba-1bab-808a-72d9304b82f8", + "operation": "read", + "path": "auth/token/lookup-self", + "policy_override": false, + "remote_address": "172.17.0.1", + "wrap_ttl": 0 + }, + "type": "request" } }, + "message": "", "related": { "ip": [ "172.17.0.1" @@ -47,92 +62,92 @@ "source": { "ip": "172.17.0.1" }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-04-09T21:04:29.642Z", + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"time\":\"2018-04-09T21:04:29.6406536Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae\",\"accessor\":\"hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d\",\"display_name\":\"token\",\"policies\":[\"default\",\"sudo\",\"surf-admin\"],\"metadata\":{\"loglevel\":\"raw\",\"remote\":\"false\",\"surf\":\"moderate\"},\"entity_id\":\"\"},\"request\":{\"id\":\"b2f72168-6cba-1bab-808a-72d9304b82f8\",\"operation\":\"read\",\"client_token\":\"hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae\",\"client_token_accessor\":\"hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d\",\"path\":\"auth/token/lookup-self\",\"data\":null,\"policy_override\":false,\"remote_address\":\"172.17.0.1\",\"wrap_ttl\":0,\"headers\":{}},\"error\":\"\"}", - "kind": "event", "action": "read", - "id": "b2f72168-6cba-1bab-808a-72d9304b82f8", "category": [ "authentication" ], + "id": "b2f72168-6cba-1bab-808a-72d9304b82f8", + "kind": "event", + "original": "{\"time\":\"2018-04-09T21:04:29.6420203Z\",\"type\":\"response\",\"auth\":{\"client_token\":\"hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae\",\"accessor\":\"hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d\",\"display_name\":\"token\",\"policies\":[\"default\",\"sudo\",\"surf-admin\"],\"metadata\":{\"loglevel\":\"raw\",\"remote\":\"false\",\"surf\":\"moderate\"},\"entity_id\":\"\"},\"request\":{\"id\":\"b2f72168-6cba-1bab-808a-72d9304b82f8\",\"operation\":\"read\",\"client_token\":\"hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae\",\"client_token_accessor\":\"hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d\",\"path\":\"auth/token/lookup-self\",\"data\":null,\"policy_override\":false,\"remote_address\":\"172.17.0.1\",\"wrap_ttl\":0,\"headers\":{}},\"response\":{\"data\":{\"accessor\":\"hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d\",\"creation_time\":1523307682,\"creation_ttl\":180000000,\"display_name\":\"hmac-sha256:e38035c165f0076d9288ba0363eb36733379cc5d370bec5e82f11632519c26a8\",\"entity_id\":\"hmac-sha256:2fced7e2c77266f5079d733bea71dc8c8413d3838584ca9d0f4867271df7a220\",\"expire_time\":\"2023-12-23T05:01:22.8929692Z\",\"explicit_max_ttl\":0,\"id\":\"hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae\",\"issue_time\":\"2018-04-09T21:01:22.8929624Z\",\"meta\":{\"loglevel\":\"hmac-sha256:eac4a7deb2df94609ab14ae48b9edea81d91de51be1dd59df6ca6852537227c5\",\"remote\":\"hmac-sha256:aa2d1dd64d4468bbd9c6b0ca275cdffb7473a2d91b5f42a047161620245fcc79\",\"surf\":\"hmac-sha256:8b29af9294da23c72de8d8d847ccebd450d978af5565807d0c9922b6b2e92988\"},\"num_uses\":0,\"orphan\":false,\"path\":\"hmac-sha256:36ea987a227a2c7aefe055a98f99751383f601955e9f1925bd3c2d6f9931a025\",\"policies\":[\"hmac-sha256:451623ebbe12fb9b1b3f444ceb5a5a46102452e46d640925c7b0dcb93a65a99a\",\"hmac-sha256:9a76c609b073848f2d9cb4a7fcddfc2103c0063480b87a9ee585e9e072e901d9\",\"hmac-sha256:8924f876eca967c68bbc8ac138e9f876f2144e300c08b1898224fc76902c1fe3\"],\"renewable\":true,\"ttl\":179999812}},\"error\":\"\"}", + "outcome": "failure", "type": [ "access", "error" - ], - "outcome": "failure" - }, - "message": "", - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2018-04-09T21:04:29.642Z", - "ecs": { - "version": "8.2.0" + ] }, "hashicorp_vault": { "audit": { - "request": { - "client_token": "hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae", - "path": "auth/token/lookup-self", - "headers": {}, - "data": null, - "wrap_ttl": 0, - "policy_override": false, - "id": "b2f72168-6cba-1bab-808a-72d9304b82f8", - "remote_address": "172.17.0.1", - "client_token_accessor": "hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d", - "operation": "read" - }, - "type": "response", - "error": "", "auth": { "accessor": "hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d", + "client_token": "hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae", + "display_name": "token", + "entity_id": "", + "metadata": { + "loglevel": "raw", + "remote": "false", + "surf": "moderate" + }, "policies": [ "default", "sudo", "surf-admin" - ], + ] + }, + "error": "", + "request": { "client_token": "hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae", - "metadata": { - "surf": "moderate", - "remote": "false", - "loglevel": "raw" - }, - "display_name": "token", - "entity_id": "" + "client_token_accessor": "hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d", + "data": null, + "headers": {}, + "id": "b2f72168-6cba-1bab-808a-72d9304b82f8", + "operation": "read", + "path": "auth/token/lookup-self", + "policy_override": false, + "remote_address": "172.17.0.1", + "wrap_ttl": 0 }, "response": { "data": { + "accessor": "hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d", "creation_time": 1523307682, "creation_ttl": 180000000, - "accessor": "hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d", - "policies": [ - "hmac-sha256:451623ebbe12fb9b1b3f444ceb5a5a46102452e46d640925c7b0dcb93a65a99a", - "hmac-sha256:9a76c609b073848f2d9cb4a7fcddfc2103c0063480b87a9ee585e9e072e901d9", - "hmac-sha256:8924f876eca967c68bbc8ac138e9f876f2144e300c08b1898224fc76902c1fe3" - ], - "expire_time": "2023-12-23T05:01:22.8929692Z", - "num_uses": 0, "display_name": "hmac-sha256:e38035c165f0076d9288ba0363eb36733379cc5d370bec5e82f11632519c26a8", "entity_id": "hmac-sha256:2fced7e2c77266f5079d733bea71dc8c8413d3838584ca9d0f4867271df7a220", - "orphan": false, - "ttl": 179999812, + "expire_time": "2023-12-23T05:01:22.8929692Z", "explicit_max_ttl": 0, - "path": "hmac-sha256:36ea987a227a2c7aefe055a98f99751383f601955e9f1925bd3c2d6f9931a025", + "id": "hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae", + "issue_time": "2018-04-09T21:01:22.8929624Z", "meta": { - "surf": "hmac-sha256:8b29af9294da23c72de8d8d847ccebd450d978af5565807d0c9922b6b2e92988", + "loglevel": "hmac-sha256:eac4a7deb2df94609ab14ae48b9edea81d91de51be1dd59df6ca6852537227c5", "remote": "hmac-sha256:aa2d1dd64d4468bbd9c6b0ca275cdffb7473a2d91b5f42a047161620245fcc79", - "loglevel": "hmac-sha256:eac4a7deb2df94609ab14ae48b9edea81d91de51be1dd59df6ca6852537227c5" + "surf": "hmac-sha256:8b29af9294da23c72de8d8d847ccebd450d978af5565807d0c9922b6b2e92988" }, + "num_uses": 0, + "orphan": false, + "path": "hmac-sha256:36ea987a227a2c7aefe055a98f99751383f601955e9f1925bd3c2d6f9931a025", + "policies": [ + "hmac-sha256:451623ebbe12fb9b1b3f444ceb5a5a46102452e46d640925c7b0dcb93a65a99a", + "hmac-sha256:9a76c609b073848f2d9cb4a7fcddfc2103c0063480b87a9ee585e9e072e901d9", + "hmac-sha256:8924f876eca967c68bbc8ac138e9f876f2144e300c08b1898224fc76902c1fe3" + ], "renewable": true, - "id": "hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae", - "issue_time": "2018-04-09T21:01:22.8929624Z" + "ttl": 179999812 } - } + }, + "type": "response" } }, + "message": "", "related": { "ip": [ "172.17.0.1" @@ -141,21 +156,6 @@ "source": { "ip": "172.17.0.1" }, - "event": { - "original": "{\"time\":\"2018-04-09T21:04:29.6420203Z\",\"type\":\"response\",\"auth\":{\"client_token\":\"hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae\",\"accessor\":\"hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d\",\"display_name\":\"token\",\"policies\":[\"default\",\"sudo\",\"surf-admin\"],\"metadata\":{\"loglevel\":\"raw\",\"remote\":\"false\",\"surf\":\"moderate\"},\"entity_id\":\"\"},\"request\":{\"id\":\"b2f72168-6cba-1bab-808a-72d9304b82f8\",\"operation\":\"read\",\"client_token\":\"hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae\",\"client_token_accessor\":\"hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d\",\"path\":\"auth/token/lookup-self\",\"data\":null,\"policy_override\":false,\"remote_address\":\"172.17.0.1\",\"wrap_ttl\":0,\"headers\":{}},\"response\":{\"data\":{\"accessor\":\"hmac-sha256:f5a8798113bb65c0676abb3eef5ca5482c0c7daac38da36d402282a5414fcf3d\",\"creation_time\":1523307682,\"creation_ttl\":180000000,\"display_name\":\"hmac-sha256:e38035c165f0076d9288ba0363eb36733379cc5d370bec5e82f11632519c26a8\",\"entity_id\":\"hmac-sha256:2fced7e2c77266f5079d733bea71dc8c8413d3838584ca9d0f4867271df7a220\",\"expire_time\":\"2023-12-23T05:01:22.8929692Z\",\"explicit_max_ttl\":0,\"id\":\"hmac-sha256:eb3da855a3fb8b1c3574064f7edd080a97c4ebcf4a8e6674126710915fe464ae\",\"issue_time\":\"2018-04-09T21:01:22.8929624Z\",\"meta\":{\"loglevel\":\"hmac-sha256:eac4a7deb2df94609ab14ae48b9edea81d91de51be1dd59df6ca6852537227c5\",\"remote\":\"hmac-sha256:aa2d1dd64d4468bbd9c6b0ca275cdffb7473a2d91b5f42a047161620245fcc79\",\"surf\":\"hmac-sha256:8b29af9294da23c72de8d8d847ccebd450d978af5565807d0c9922b6b2e92988\"},\"num_uses\":0,\"orphan\":false,\"path\":\"hmac-sha256:36ea987a227a2c7aefe055a98f99751383f601955e9f1925bd3c2d6f9931a025\",\"policies\":[\"hmac-sha256:451623ebbe12fb9b1b3f444ceb5a5a46102452e46d640925c7b0dcb93a65a99a\",\"hmac-sha256:9a76c609b073848f2d9cb4a7fcddfc2103c0063480b87a9ee585e9e072e901d9\",\"hmac-sha256:8924f876eca967c68bbc8ac138e9f876f2144e300c08b1898224fc76902c1fe3\"],\"renewable\":true,\"ttl\":179999812}},\"error\":\"\"}", - "kind": "event", - "action": "read", - "id": "b2f72168-6cba-1bab-808a-72d9304b82f8", - "category": [ - "authentication" - ], - "type": [ - "access", - "error" - ], - "outcome": "failure" - }, - "message": "", "tags": [ "preserve_original_event" ] @@ -163,65 +163,80 @@ { "@timestamp": "2021-07-21T12:37:50.936Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "update", + "category": [ + "authentication" + ], + "id": "002c8225-e859-44a0-9ccb-471c3655dbd8", + "kind": "event", + "original": "{\"time\":\"2021-07-21T12:37:50.93608Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a\",\"accessor\":\"bar\",\"display_name\":\"testtoken\",\"policies\":[\"root\"],\"token_policies\":[\"web\"],\"identity_policies\":[\"ident1\",\"ident2\"],\"external_namespace_policies\":{\"ns1\":[\"baz\"]},\"no_default_policy\":true,\"metadata\":{\"id\":\"007\"},\"remaining_uses\":5,\"entity_id\":\"foobarentity\",\"token_type\":\"service\",\"token_ttl\":14400,\"token_issue_time\":\"2020-05-28T13:40:18-05:00\"},\"request\":{\"id\":\"002c8225-e859-44a0-9ccb-471c3655dbd8\",\"operation\":\"update\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:e890f27c5ee11e26bda7c8e6ec218af451a6b1e35f9fe6d0676f1b29889b406c\",\"client_token_accessor\":\"35e2f256-0fc3-4eea-9405-3e212435b6c7\",\"namespace\":{\"id\":\"root\"},\"path\":\"secrets/foo\",\"data\":{\"data\":\"hmac-sha256:46c0fd3146d89ff602279417df7ac9267ce58fa3c6d2535d2d9050a5323c21ec\"},\"policy_override\":true,\"remote_address\":\"127.0.0.1\",\"wrap_ttl\":3600,\"headers\":{\"foo\":[\"bar\"]}},\"error\":\"this is an error\"}", + "outcome": "failure", + "type": [ + "change", + "error" + ] }, "hashicorp_vault": { "audit": { + "auth": { + "accessor": "bar", + "client_token": "hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a", + "display_name": "testtoken", + "entity_id": "foobarentity", + "external_namespace_policies": { + "ns1": [ + "baz" + ] + }, + "identity_policies": [ + "ident1", + "ident2" + ], + "metadata": { + "id": "007" + }, + "no_default_policy": true, + "policies": [ + "root" + ], + "remaining_uses": 5, + "token_issue_time": "2020-05-28T13:40:18-05:00", + "token_policies": [ + "web" + ], + "token_ttl": 14400, + "token_type": "service" + }, + "error": "this is an error", "request": { "client_token": "hmac-sha256:e890f27c5ee11e26bda7c8e6ec218af451a6b1e35f9fe6d0676f1b29889b406c", - "path": "secrets/foo", + "client_token_accessor": "35e2f256-0fc3-4eea-9405-3e212435b6c7", + "data": { + "data": "hmac-sha256:46c0fd3146d89ff602279417df7ac9267ce58fa3c6d2535d2d9050a5323c21ec" + }, "headers": { "foo": [ "bar" ] }, - "data": { - "data": "hmac-sha256:46c0fd3146d89ff602279417df7ac9267ce58fa3c6d2535d2d9050a5323c21ec" - }, + "id": "002c8225-e859-44a0-9ccb-471c3655dbd8", + "mount_type": "kv", "namespace": { "id": "root" }, - "wrap_ttl": 3600, + "operation": "update", + "path": "secrets/foo", "policy_override": true, - "id": "002c8225-e859-44a0-9ccb-471c3655dbd8", - "mount_type": "kv", "remote_address": "127.0.0.1", - "client_token_accessor": "35e2f256-0fc3-4eea-9405-3e212435b6c7", - "operation": "update" + "wrap_ttl": 3600 }, - "type": "request", - "error": "this is an error", - "auth": { - "token_policies": [ - "web" - ], - "metadata": { - "id": "007" - }, - "token_issue_time": "2020-05-28T13:40:18-05:00", - "identity_policies": [ - "ident1", - "ident2" - ], - "accessor": "bar", - "policies": [ - "root" - ], - "external_namespace_policies": { - "ns1": [ - "baz" - ] - }, - "display_name": "testtoken", - "no_default_policy": true, - "entity_id": "foobarentity", - "token_type": "service", - "remaining_uses": 5, - "client_token": "hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a", - "token_ttl": 14400 - } + "type": "request" } }, + "message": "this is an error", "related": { "ip": [ "127.0.0.1" @@ -230,135 +245,135 @@ "source": { "ip": "127.0.0.1" }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-07-21T12:37:50.936Z", + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "{\"time\":\"2021-07-21T12:37:50.93608Z\",\"type\":\"request\",\"auth\":{\"client_token\":\"hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a\",\"accessor\":\"bar\",\"display_name\":\"testtoken\",\"policies\":[\"root\"],\"token_policies\":[\"web\"],\"identity_policies\":[\"ident1\",\"ident2\"],\"external_namespace_policies\":{\"ns1\":[\"baz\"]},\"no_default_policy\":true,\"metadata\":{\"id\":\"007\"},\"remaining_uses\":5,\"entity_id\":\"foobarentity\",\"token_type\":\"service\",\"token_ttl\":14400,\"token_issue_time\":\"2020-05-28T13:40:18-05:00\"},\"request\":{\"id\":\"002c8225-e859-44a0-9ccb-471c3655dbd8\",\"operation\":\"update\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:e890f27c5ee11e26bda7c8e6ec218af451a6b1e35f9fe6d0676f1b29889b406c\",\"client_token_accessor\":\"35e2f256-0fc3-4eea-9405-3e212435b6c7\",\"namespace\":{\"id\":\"root\"},\"path\":\"secrets/foo\",\"data\":{\"data\":\"hmac-sha256:46c0fd3146d89ff602279417df7ac9267ce58fa3c6d2535d2d9050a5323c21ec\"},\"policy_override\":true,\"remote_address\":\"127.0.0.1\",\"wrap_ttl\":3600,\"headers\":{\"foo\":[\"bar\"]}},\"error\":\"this is an error\"}", - "kind": "event", "action": "update", - "id": "002c8225-e859-44a0-9ccb-471c3655dbd8", "category": [ "authentication" ], + "id": "002c8225-e859-44a0-9ccb-471c3655dbd8", + "kind": "event", + "original": "{\"time\":\"2021-07-21T12:37:50.936443Z\",\"type\":\"response\",\"auth\":{\"client_token\":\"hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a\",\"accessor\":\"bar\",\"display_name\":\"testtoken\",\"policies\":[\"root\"],\"token_policies\":[\"web\"],\"identity_policies\":[\"ident1\",\"ident2\"],\"external_namespace_policies\":{\"ns1\":[\"baz\"]},\"no_default_policy\":true,\"metadata\":{\"id\":\"007\"},\"remaining_uses\":5,\"entity_id\":\"foobarentity\",\"token_type\":\"service\",\"token_ttl\":14400,\"token_issue_time\":\"2020-05-28T13:40:18-05:00\"},\"request\":{\"id\":\"002c8225-e859-44a0-9ccb-471c3655dbd8\",\"operation\":\"update\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:e890f27c5ee11e26bda7c8e6ec218af451a6b1e35f9fe6d0676f1b29889b406c\",\"client_token_accessor\":\"35e2f256-0fc3-4eea-9405-3e212435b6c7\",\"namespace\":{\"id\":\"root\"},\"path\":\"secrets/foo\",\"data\":{\"data\":\"hmac-sha256:46c0fd3146d89ff602279417df7ac9267ce58fa3c6d2535d2d9050a5323c21ec\"},\"policy_override\":true,\"remote_address\":\"127.0.0.1\",\"wrap_ttl\":3600,\"headers\":{\"foo\":[\"bar\"]}},\"response\":{\"auth\":{\"client_token\":\"hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a\",\"accessor\":\"bar\",\"display_name\":\"testtoken\",\"policies\":[\"root\"],\"token_policies\":[\"web\"],\"identity_policies\":[\"ident1\",\"ident2\"],\"external_namespace_policies\":{\"ns1\":[\"baz\"]},\"no_default_policy\":true,\"metadata\":{\"id\":\"007\"},\"entity_id\":\"foobarentity\",\"token_type\":\"service\",\"token_ttl\":14400,\"token_issue_time\":\"2020-05-28T13:40:18-05:00\"},\"mount_type\":\"kv\",\"data\":{\"certificate\":\"hmac-sha256:cb232c6394c9149b7f06f85e8ed9fcc55b7d1db82dd0ec1d321d0a83a7adda01\"},\"redirect\":\"redirect\",\"wrap_info\":{\"ttl\":3600,\"token\":\"hmac-sha256:09dff0fdb8db56293383d7d0347afdf64ceb672cb9aea2c66edd802bcd714094\",\"accessor\":\"xzW2I9CMqcALsllhYvqtlsvq\",\"creation_time\":\"2020-05-28T18:40:18Z\",\"creation_path\":\"auth/token/create\",\"wrapped_accessor\":\"Bh57rT8zuhspG9APjXpGpiAJ\"},\"headers\":{\"Extra-Extra\":[\"read\"]}},\"error\":\"this is an error\"}", + "outcome": "failure", "type": [ "change", "error" - ], - "outcome": "failure" - }, - "message": "this is an error", - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2021-07-21T12:37:50.936Z", - "ecs": { - "version": "8.2.0" + ] }, "hashicorp_vault": { "audit": { - "request": { - "client_token": "hmac-sha256:e890f27c5ee11e26bda7c8e6ec218af451a6b1e35f9fe6d0676f1b29889b406c", - "path": "secrets/foo", - "headers": { - "foo": [ - "bar" - ] - }, - "data": { - "data": "hmac-sha256:46c0fd3146d89ff602279417df7ac9267ce58fa3c6d2535d2d9050a5323c21ec" - }, - "namespace": { - "id": "root" - }, - "wrap_ttl": 3600, - "policy_override": true, - "id": "002c8225-e859-44a0-9ccb-471c3655dbd8", - "mount_type": "kv", - "remote_address": "127.0.0.1", - "client_token_accessor": "35e2f256-0fc3-4eea-9405-3e212435b6c7", - "operation": "update" - }, - "type": "response", - "error": "this is an error", "auth": { - "token_policies": [ - "web" - ], - "metadata": { - "id": "007" + "accessor": "bar", + "client_token": "hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a", + "display_name": "testtoken", + "entity_id": "foobarentity", + "external_namespace_policies": { + "ns1": [ + "baz" + ] }, - "token_issue_time": "2020-05-28T13:40:18-05:00", "identity_policies": [ "ident1", "ident2" ], - "accessor": "bar", + "metadata": { + "id": "007" + }, + "no_default_policy": true, "policies": [ "root" ], - "external_namespace_policies": { - "ns1": [ - "baz" - ] - }, - "display_name": "testtoken", - "no_default_policy": true, - "entity_id": "foobarentity", - "token_type": "service", "remaining_uses": 5, - "client_token": "hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a", - "token_ttl": 14400 + "token_issue_time": "2020-05-28T13:40:18-05:00", + "token_policies": [ + "web" + ], + "token_ttl": 14400, + "token_type": "service" }, - "response": { - "redirect": "redirect", + "error": "this is an error", + "request": { + "client_token": "hmac-sha256:e890f27c5ee11e26bda7c8e6ec218af451a6b1e35f9fe6d0676f1b29889b406c", + "client_token_accessor": "35e2f256-0fc3-4eea-9405-3e212435b6c7", + "data": { + "data": "hmac-sha256:46c0fd3146d89ff602279417df7ac9267ce58fa3c6d2535d2d9050a5323c21ec" + }, "headers": { - "Extra-Extra": [ - "read" + "foo": [ + "bar" ] }, + "id": "002c8225-e859-44a0-9ccb-471c3655dbd8", "mount_type": "kv", - "data": { - "certificate": "hmac-sha256:cb232c6394c9149b7f06f85e8ed9fcc55b7d1db82dd0ec1d321d0a83a7adda01" + "namespace": { + "id": "root" }, + "operation": "update", + "path": "secrets/foo", + "policy_override": true, + "remote_address": "127.0.0.1", + "wrap_ttl": 3600 + }, + "response": { "auth": { - "token_policies": [ - "web" - ], - "metadata": { - "id": "007" + "accessor": "bar", + "client_token": "hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a", + "display_name": "testtoken", + "entity_id": "foobarentity", + "external_namespace_policies": { + "ns1": [ + "baz" + ] }, - "token_issue_time": "2020-05-28T13:40:18-05:00", "identity_policies": [ "ident1", "ident2" ], - "accessor": "bar", + "metadata": { + "id": "007" + }, + "no_default_policy": true, "policies": [ "root" ], - "external_namespace_policies": { - "ns1": [ - "baz" - ] - }, - "display_name": "testtoken", - "no_default_policy": true, - "entity_id": "foobarentity", - "token_type": "service", - "client_token": "hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a", - "token_ttl": 14400 + "token_issue_time": "2020-05-28T13:40:18-05:00", + "token_policies": [ + "web" + ], + "token_ttl": 14400, + "token_type": "service" + }, + "data": { + "certificate": "hmac-sha256:cb232c6394c9149b7f06f85e8ed9fcc55b7d1db82dd0ec1d321d0a83a7adda01" + }, + "headers": { + "Extra-Extra": [ + "read" + ] }, + "mount_type": "kv", + "redirect": "redirect", "wrap_info": { - "creation_time": "2020-05-28T18:40:18Z", "accessor": "xzW2I9CMqcALsllhYvqtlsvq", - "ttl": 3600, - "wrapped_accessor": "Bh57rT8zuhspG9APjXpGpiAJ", "creation_path": "auth/token/create", - "token": "hmac-sha256:09dff0fdb8db56293383d7d0347afdf64ceb672cb9aea2c66edd802bcd714094" + "creation_time": "2020-05-28T18:40:18Z", + "token": "hmac-sha256:09dff0fdb8db56293383d7d0347afdf64ceb672cb9aea2c66edd802bcd714094", + "ttl": 3600, + "wrapped_accessor": "Bh57rT8zuhspG9APjXpGpiAJ" } - } + }, + "type": "response" } }, + "message": "this is an error", "related": { "ip": [ "127.0.0.1" @@ -367,21 +382,6 @@ "source": { "ip": "127.0.0.1" }, - "event": { - "original": "{\"time\":\"2021-07-21T12:37:50.936443Z\",\"type\":\"response\",\"auth\":{\"client_token\":\"hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a\",\"accessor\":\"bar\",\"display_name\":\"testtoken\",\"policies\":[\"root\"],\"token_policies\":[\"web\"],\"identity_policies\":[\"ident1\",\"ident2\"],\"external_namespace_policies\":{\"ns1\":[\"baz\"]},\"no_default_policy\":true,\"metadata\":{\"id\":\"007\"},\"remaining_uses\":5,\"entity_id\":\"foobarentity\",\"token_type\":\"service\",\"token_ttl\":14400,\"token_issue_time\":\"2020-05-28T13:40:18-05:00\"},\"request\":{\"id\":\"002c8225-e859-44a0-9ccb-471c3655dbd8\",\"operation\":\"update\",\"mount_type\":\"kv\",\"client_token\":\"hmac-sha256:e890f27c5ee11e26bda7c8e6ec218af451a6b1e35f9fe6d0676f1b29889b406c\",\"client_token_accessor\":\"35e2f256-0fc3-4eea-9405-3e212435b6c7\",\"namespace\":{\"id\":\"root\"},\"path\":\"secrets/foo\",\"data\":{\"data\":\"hmac-sha256:46c0fd3146d89ff602279417df7ac9267ce58fa3c6d2535d2d9050a5323c21ec\"},\"policy_override\":true,\"remote_address\":\"127.0.0.1\",\"wrap_ttl\":3600,\"headers\":{\"foo\":[\"bar\"]}},\"response\":{\"auth\":{\"client_token\":\"hmac-sha256:3aae134b7843218bf089cd9b01a55ec417346a242b5383a7fac2ab49692f403a\",\"accessor\":\"bar\",\"display_name\":\"testtoken\",\"policies\":[\"root\"],\"token_policies\":[\"web\"],\"identity_policies\":[\"ident1\",\"ident2\"],\"external_namespace_policies\":{\"ns1\":[\"baz\"]},\"no_default_policy\":true,\"metadata\":{\"id\":\"007\"},\"entity_id\":\"foobarentity\",\"token_type\":\"service\",\"token_ttl\":14400,\"token_issue_time\":\"2020-05-28T13:40:18-05:00\"},\"mount_type\":\"kv\",\"data\":{\"certificate\":\"hmac-sha256:cb232c6394c9149b7f06f85e8ed9fcc55b7d1db82dd0ec1d321d0a83a7adda01\"},\"redirect\":\"redirect\",\"wrap_info\":{\"ttl\":3600,\"token\":\"hmac-sha256:09dff0fdb8db56293383d7d0347afdf64ceb672cb9aea2c66edd802bcd714094\",\"accessor\":\"xzW2I9CMqcALsllhYvqtlsvq\",\"creation_time\":\"2020-05-28T18:40:18Z\",\"creation_path\":\"auth/token/create\",\"wrapped_accessor\":\"Bh57rT8zuhspG9APjXpGpiAJ\"},\"headers\":{\"Extra-Extra\":[\"read\"]}},\"error\":\"this is an error\"}", - "kind": "event", - "action": "update", - "id": "002c8225-e859-44a0-9ccb-471c3655dbd8", - "category": [ - "authentication" - ], - "type": [ - "change", - "error" - ], - "outcome": "failure" - }, - "message": "this is an error", "tags": [ "preserve_original_event" ] diff --git a/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 6bff35b88dd..9e592ad2114 100644 --- a/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Hashicorp Vault audit logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/hashicorp_vault/data_stream/audit/sample_event.json b/packages/hashicorp_vault/data_stream/audit/sample_event.json index 0ff31120d12..a0e3693436f 100644 --- a/packages/hashicorp_vault/data_stream/audit/sample_event.json +++ b/packages/hashicorp_vault/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index b979a605854..67917a16965 100644 --- a/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,11 @@ { "@timestamp": "2021-07-16T06:30:48.194Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"error\",\"@message\":\"failed to revoke lease\",\"@module\":\"expiration\",\"@timestamp\":\"2021-07-16T06:30:48.194192Z\",\"error\":\"failed to revoke entry: resp: (*logical.Response)(nil) err: RequestError: send request failed\\ncaused by: Post \\\"https://iam.amazonaws.com/\\\": dial tcp: lookup iam.amazonaws.com on 192.168.50.34:53: server misbehaving\",\"lease_id\":\"aws/creds/ddns-updater/oS5t84TSPRoYF2gX8McPyw4u\"}" }, "hashicorp_vault": { "log": { @@ -15,10 +19,6 @@ "level": "error", "logger": "expiration" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"error\",\"@message\":\"failed to revoke lease\",\"@module\":\"expiration\",\"@timestamp\":\"2021-07-16T06:30:48.194192Z\",\"error\":\"failed to revoke entry: resp: (*logical.Response)(nil) err: RequestError: send request failed\\ncaused by: Post \\\"https://iam.amazonaws.com/\\\": dial tcp: lookup iam.amazonaws.com on 192.168.50.34:53: server misbehaving\",\"lease_id\":\"aws/creds/ddns-updater/oS5t84TSPRoYF2gX8McPyw4u\"}" - }, "message": "failed to revoke lease", "tags": [ "preserve_original_event" @@ -27,7 +27,11 @@ { "@timestamp": "2021-07-16T06:33:08.867Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"info\",\"@message\":\"revoked lease\",\"@module\":\"expiration\",\"@timestamp\":\"2021-07-16T06:33:08.867457Z\",\"lease_id\":\"auth/token/create/nomad-cluster/h15d750323d62439265743da0f02537e763b1968ba586b27770bd5262c9891a47\"}" }, "hashicorp_vault": { "log": { @@ -38,10 +42,6 @@ "level": "info", "logger": "expiration" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"info\",\"@message\":\"revoked lease\",\"@module\":\"expiration\",\"@timestamp\":\"2021-07-16T06:33:08.867457Z\",\"lease_id\":\"auth/token/create/nomad-cluster/h15d750323d62439265743da0f02537e763b1968ba586b27770bd5262c9891a47\"}" - }, "message": "revoked lease", "tags": [ "preserve_original_event" @@ -50,14 +50,18 @@ { "@timestamp": "2021-07-09T17:20:27.184Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"info\",\"@message\":\"serving cluster requests\",\"@module\":\"core.cluster-listener\",\"@timestamp\":\"2021-07-09T17:20:27.184340Z\",\"cluster_listen_address\":{\"IP\":\"::\",\"Port\":8201,\"Zone\":\"\"}}" }, "hashicorp_vault": { "log": { "cluster_listen_address": { - "Zone": "", "IP": "::", - "Port": 8201 + "Port": 8201, + "Zone": "" } } }, @@ -65,10 +69,6 @@ "level": "info", "logger": "core.cluster-listener" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"info\",\"@message\":\"serving cluster requests\",\"@module\":\"core.cluster-listener\",\"@timestamp\":\"2021-07-09T17:20:27.184340Z\",\"cluster_listen_address\":{\"IP\":\"::\",\"Port\":8201,\"Zone\":\"\"}}" - }, "message": "serving cluster requests", "tags": [ "preserve_original_event" @@ -77,7 +77,11 @@ { "@timestamp": "2021-07-09T17:20:27.190Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"info\",\"@message\":\"creating Raft\",\"@module\":\"storage.raft\",\"@timestamp\":\"2021-07-09T17:20:27.190451Z\",\"config\":\"\\u0026raft.Config{ProtocolVersion:3, HeartbeatTimeout:5000000000, ElectionTimeout:5000000000, CommitTimeout:50000000, MaxAppendEntries:64, BatchApplyCh:false, ShutdownOnRemove:true, TrailingLogs:0x2800, SnapshotInterval:120000000000, SnapshotThreshold:0x2000, LeaderLeaseTimeout:2500000000, LocalID:\\\"compute03-example-com\\\", NotifyCh:(chan\\u003c- bool)(0x4000324070), LogOutput:io.Writer(nil), LogLevel:\\\"DEBUG\\\", Logger:(*hclog.interceptLogger)(0x400057f2f0), NoSnapshotRestoreOnStart:true, skipStartup:false}\"}" }, "hashicorp_vault": { "log": { @@ -88,10 +92,6 @@ "level": "info", "logger": "storage.raft" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"info\",\"@message\":\"creating Raft\",\"@module\":\"storage.raft\",\"@timestamp\":\"2021-07-09T17:20:27.190451Z\",\"config\":\"\\u0026raft.Config{ProtocolVersion:3, HeartbeatTimeout:5000000000, ElectionTimeout:5000000000, CommitTimeout:50000000, MaxAppendEntries:64, BatchApplyCh:false, ShutdownOnRemove:true, TrailingLogs:0x2800, SnapshotInterval:120000000000, SnapshotThreshold:0x2000, LeaderLeaseTimeout:2500000000, LocalID:\\\"compute03-example-com\\\", NotifyCh:(chan\\u003c- bool)(0x4000324070), LogOutput:io.Writer(nil), LogLevel:\\\"DEBUG\\\", Logger:(*hclog.interceptLogger)(0x400057f2f0), NoSnapshotRestoreOnStart:true, skipStartup:false}\"}" - }, "message": "creating Raft", "tags": [ "preserve_original_event" @@ -100,14 +100,18 @@ { "@timestamp": "2021-07-09T17:20:27.182Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"info\",\"@message\":\"starting listener\",\"@module\":\"core.cluster-listener.tcp\",\"@timestamp\":\"2021-07-09T17:20:27.182327Z\",\"listener_address\":{\"IP\":\"0.0.0.0\",\"Port\":8201,\"Zone\":\"\"}}" }, "hashicorp_vault": { "log": { "listener_address": { - "Zone": "", "IP": "0.0.0.0", - "Port": 8201 + "Port": 8201, + "Zone": "" } } }, @@ -115,10 +119,6 @@ "level": "info", "logger": "core.cluster-listener.tcp" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"info\",\"@message\":\"starting listener\",\"@module\":\"core.cluster-listener.tcp\",\"@timestamp\":\"2021-07-09T17:20:27.182327Z\",\"listener_address\":{\"IP\":\"0.0.0.0\",\"Port\":8201,\"Zone\":\"\"}}" - }, "message": "starting listener", "tags": [ "preserve_original_event" @@ -127,7 +127,11 @@ { "@timestamp": "2021-07-09T17:20:27.212Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"info\",\"@message\":\"initial configuration\",\"@module\":\"storage.raft\",\"@timestamp\":\"2021-07-09T17:20:27.212828Z\",\"index\":7788,\"servers\":\"[{Suffrage:Voter ID:compute03-example-com Address:192.168.50.36:8201} {Suffrage:Voter ID:compute02-example-com Address:192.168.50.35:8201} {Suffrage:Voter ID:compute01-example-com Address:192.168.50.34:8201}]\"}" }, "hashicorp_vault": { "log": { @@ -139,10 +143,6 @@ "level": "info", "logger": "storage.raft" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"info\",\"@message\":\"initial configuration\",\"@module\":\"storage.raft\",\"@timestamp\":\"2021-07-09T17:20:27.212828Z\",\"index\":7788,\"servers\":\"[{Suffrage:Voter ID:compute03-example-com Address:192.168.50.36:8201} {Suffrage:Voter ID:compute02-example-com Address:192.168.50.35:8201} {Suffrage:Voter ID:compute01-example-com Address:192.168.50.34:8201}]\"}" - }, "message": "initial configuration", "tags": [ "preserve_original_event" @@ -151,22 +151,22 @@ { "@timestamp": "2021-07-09T17:04:06.945Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"warn\",\"@message\":\"failed to contact\",\"@module\":\"storage.raft\",\"@timestamp\":\"2021-07-09T17:04:06.945541Z\",\"server-id\":\"compute03-example-com\",\"time\":4959141198}" }, "hashicorp_vault": { "log": { - "time": 4959141198, - "server-id": "compute03-example-com" + "server-id": "compute03-example-com", + "time": 4959141198 } }, "log": { "level": "warn", "logger": "storage.raft" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"warn\",\"@message\":\"failed to contact\",\"@module\":\"storage.raft\",\"@timestamp\":\"2021-07-09T17:04:06.945541Z\",\"server-id\":\"compute03-example-com\",\"time\":4959141198}" - }, "message": "failed to contact", "tags": [ "preserve_original_event" @@ -175,7 +175,11 @@ { "@timestamp": "2021-07-16T19:05:02.795Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"info\",\"@message\":\"installed new raft TLS key\",\"@module\":\"core.raft\",\"@timestamp\":\"2021-07-16T19:05:02.795425Z\",\"term\":402}" }, "hashicorp_vault": { "log": { @@ -186,10 +190,6 @@ "level": "info", "logger": "core.raft" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"info\",\"@message\":\"installed new raft TLS key\",\"@module\":\"core.raft\",\"@timestamp\":\"2021-07-16T19:05:02.795425Z\",\"term\":402}" - }, "message": "installed new raft TLS key", "tags": [ "preserve_original_event" @@ -198,22 +198,22 @@ { "@timestamp": "2021-07-09T17:01:42.203Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"info\",\"@message\":\"proxy environment\",\"@timestamp\":\"2021-07-09T17:01:42.203665Z\",\"http_proxy\":\"\",\"https_proxy\":\"\",\"no_proxy\":\"\"}" }, "hashicorp_vault": { "log": { - "https_proxy": "", "http_proxy": "", + "https_proxy": "", "no_proxy": "" } }, "log": { "level": "info" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"info\",\"@message\":\"proxy environment\",\"@timestamp\":\"2021-07-09T17:01:42.203665Z\",\"http_proxy\":\"\",\"https_proxy\":\"\",\"no_proxy\":\"\"}" - }, "message": "proxy environment", "tags": [ "preserve_original_event" @@ -222,7 +222,11 @@ { "@timestamp": "2021-07-22T17:33:20.689Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"debug\",\"@message\":\"adding reload function\",\"@module\":\"audit\",\"@timestamp\":\"2021-07-22T17:33:20.689412Z\",\"path\":\"file/\"}" }, "hashicorp_vault": { "log": { @@ -233,10 +237,6 @@ "level": "debug", "logger": "audit" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"debug\",\"@message\":\"adding reload function\",\"@module\":\"audit\",\"@timestamp\":\"2021-07-22T17:33:20.689412Z\",\"path\":\"file/\"}" - }, "message": "adding reload function", "tags": [ "preserve_original_event" @@ -244,12 +244,16 @@ }, { "@timestamp": "2021-07-22T17:33:20.689Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"debug\",\"@message\":\"file backend options\",\"@module\":\"audit\",\"@timestamp\":\"2021-07-22T17:33:20.689526Z\",\"file_path\":\"/vault/logs/audit.json\",\"path\":\"file/\"}" + }, "file": { "path": "/vault/logs/audit.json" }, - "ecs": { - "version": "8.2.0" - }, "hashicorp_vault": { "log": { "file_path": "/vault/logs/audit.json", @@ -260,10 +264,6 @@ "level": "debug", "logger": "audit" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"debug\",\"@message\":\"file backend options\",\"@module\":\"audit\",\"@timestamp\":\"2021-07-22T17:33:20.689526Z\",\"file_path\":\"/vault/logs/audit.json\",\"path\":\"file/\"}" - }, "message": "file backend options", "tags": [ "preserve_original_event" @@ -272,22 +272,22 @@ { "@timestamp": "2021-07-22T17:33:20.691Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "kind": "event", + "original": "{\"@level\":\"info\",\"@message\":\"enabled audit backend\",\"@module\":\"core\",\"@timestamp\":\"2021-07-22T17:33:20.691959Z\",\"path\":\"file/\",\"type\":\"file\"}" }, "hashicorp_vault": { "log": { - "type": "file", - "path": "file/" + "path": "file/", + "type": "file" } }, "log": { "level": "info", "logger": "core" }, - "event": { - "kind": "event", - "original": "{\"@level\":\"info\",\"@message\":\"enabled audit backend\",\"@module\":\"core\",\"@timestamp\":\"2021-07-22T17:33:20.691959Z\",\"path\":\"file/\",\"type\":\"file\"}" - }, "message": "enabled audit backend", "tags": [ "preserve_original_event" diff --git a/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 482a387daa1..628db6b808b 100644 --- a/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Hashicorp Vault operational logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/hashicorp_vault/data_stream/log/sample_event.json b/packages/hashicorp_vault/data_stream/log/sample_event.json index e4a43ca70b4..553e8f166e3 100644 --- a/packages/hashicorp_vault/data_stream/log/sample_event.json +++ b/packages/hashicorp_vault/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml index d41b15a7070..74070f5d810 100644 --- a/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml @@ -11,7 +11,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: service.type value: hashicorp_vault diff --git a/packages/hashicorp_vault/data_stream/metrics/sample_event.json b/packages/hashicorp_vault/data_stream/metrics/sample_event.json index bf2a0d6c653..56425016afb 100644 --- a/packages/hashicorp_vault/data_stream/metrics/sample_event.json +++ b/packages/hashicorp_vault/data_stream/metrics/sample_event.json @@ -13,7 +13,7 @@ "type": "metrics" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/docs/README.md b/packages/hashicorp_vault/docs/README.md index 5ae63ff5af4..7c111c7c398 100644 --- a/packages/hashicorp_vault/docs/README.md +++ b/packages/hashicorp_vault/docs/README.md @@ -97,7 +97,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", @@ -318,7 +318,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/manifest.yml b/packages/hashicorp_vault/manifest.yml index 1ac240bd83f..9114e83172c 100644 --- a/packages/hashicorp_vault/manifest.yml +++ b/packages/hashicorp_vault/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: hashicorp_vault title: Hashicorp Vault -version: 1.4.0 +version: "1.5.0" license: basic description: Collect logs and metrics from Hashicorp Vault with Elastic Agent. type: integration diff --git a/packages/hid_bravura_monitor/_dev/build/build.yml b/packages/hid_bravura_monitor/_dev/build/build.yml index 08d85edcf9a..5661d603a89 100644 --- a/packages/hid_bravura_monitor/_dev/build/build.yml +++ b/packages/hid_bravura_monitor/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@v8.3.0 diff --git a/packages/hid_bravura_monitor/changelog.yml b/packages/hid_bravura_monitor/changelog.yml index 2f4d60acaf8..8e261b29356 100644 --- a/packages/hid_bravura_monitor/changelog.yml +++ b/packages/hid_bravura_monitor/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.3" changes: - description: Update readme diff --git a/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json b/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json index a1c9a5e39b9..211b7088a7a 100644 --- a/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json +++ b/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json @@ -1,558 +1,558 @@ { "expected": [ { + "@timestamp": "2021-01-16T00:38:18.515Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042787216Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", - "instancename": "default" + "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1" + }, + "log": { + "level": "Debug", + "logger": "idapi.exe" }, + "message": "Thread: 54656, get the client id: 4272", "process": { "pid": 5368, "thread": { "id": 54656 } }, - "@timestamp": "2021-01-16T00:38:18.515Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Debug", - "logger": "idapi.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.482612Z", - "timezone": "UTC" - }, - "message": "Thread: 54656, get the client id: 4272", "user": { "id": "" } }, { + "@timestamp": "2021-01-16T00:35:25.258Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042790050Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", - "instancename": "default" + "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1" }, + "log": { + "level": "Error", + "logger": "pamlws.exe" + }, + "message": "LWS [HID-TEST] foundcomputer record not found", "process": { "pid": 44408, "thread": { "id": 52004 } }, - "@timestamp": "2021-01-16T00:35:25.258Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Error", - "logger": "pamlws.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.482679700Z", - "timezone": "UTC" - }, - "message": "LWS [HID-TEST] foundcomputer record not found", "user": { "id": "" } }, { + "@timestamp": "2021-01-27T00:31:24.499Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042790383Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", - "instancename": "default" + "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1" + }, + "log": { + "level": "Info", + "logger": "idmlogsvc.exe" }, + "message": "Logging rotation started, rotate log number: 7", "process": { "pid": 8620, "thread": { "id": 7764 } }, - "@timestamp": "2021-01-27T00:31:24.499Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Info", - "logger": "idmlogsvc.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.482703Z", - "timezone": "UTC" - }, - "message": "Logging rotation started, rotate log number: 7", "user": { "id": "" } }, { + "@timestamp": "2021-01-16T00:35:34.317Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042790591Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { + "environment": "DEVELOPMENT", + "instancename": "default", + "instancetype": "Privilege-Identity-Password", "node": "Node1", "request": { "id": "09bc17eb-7b1d-4b1a-8c66-42c49384a552" - }, - "instancetype": "Privilege-Identity-Password", - "environment": "DEVELOPMENT", - "instancename": "default" + } }, + "log": { + "level": "Notice", + "logger": "agtssh.exe" + }, + "message": "parallel operations will be done in serial instead", "process": { "pid": 50864, "thread": { "id": 52168 } - }, - "@timestamp": "2021-01-16T00:35:34.317Z", + } + }, + { + "@timestamp": "2021-02-05T08:41:11.845Z", "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Notice", - "logger": "agtssh.exe" + "version": "8.3.0" }, "event": { - "ingested": "2021-11-03T20:53:16.482722900Z", + "ingested": "2022-06-28T17:52:56.042790800Z", "timezone": "UTC" }, - "message": "parallel operations will be done in serial instead" - }, - { "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1", "perf": { "duration": 0, - "operation": "POST", + "function": "session:expiry", "kind": "PerfAjax", - "transid": "C_SELECT_ATTRDEF", - "function": "session:expiry" - } - }, - "process": { - "pid": 4248, - "thread": { - "id": 10876 + "operation": "POST", + "transid": "C_SELECT_ATTRDEF" } }, - "@timestamp": "2021-02-05T08:41:11.845Z", - "ecs": { - "version": "1.12.0" - }, "log": { "level": "Perf", "logger": "ajaxsvc.exe" }, "message": "PerfAjax. Duration: {0} | Function: {session:expiry} | Operation: {POST} | TransID: {C_SELECT_ATTRDEF} | User: {joe.test}", - "event": { - "ingested": "2021-11-03T20:53:16.482742900Z", - "timezone": "UTC" + "process": { + "pid": 4248, + "thread": { + "id": 10876 + } }, "user": { "id": "joe.test" } }, { + "@timestamp": "2021-01-16T11:54:34.234Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042791008Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1", "perf": { "duration": 0, "event": "loaddb", - "records": 0, "kind": "PerfBatchLoad", + "records": 0, "table": "NOSGROUP_ADD_STG" } }, + "log": { + "level": "Perf", + "logger": "iddiscover.exe" + }, + "message": "PerfBatchLoad. Duration: {0} | Event: {loaddb} | Records: {0} | Table: {NOSGROUP_ADD_STG}", "process": { "pid": 5356, "thread": { "id": 10572 } }, - "@timestamp": "2021-01-16T11:54:34.234Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Perf", - "logger": "iddiscover.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.482761900Z", - "timezone": "UTC" - }, - "message": "PerfBatchLoad. Duration: {0} | Event: {loaddb} | Records: {0} | Table: {NOSGROUP_ADD_STG}", "user": { "id": "" } }, { + "@timestamp": "2021-10-21T19:13:31.679Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042791175Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", - "instancename": "default" + "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1" }, + "log": { + "level": "Debug", + "logger": "mobworker.exe" + }, + "message": "#1 r522057: The HTTP client read returned: 408, [HTTP/1.1 408 Request Timeout\nConnection: Upgrade, close\nDate: Thu, 21 Oct 2021 19:12:40 GMT\nUpgrade: h2,h2c\nContent-Length: 49\nContent-Type: text/html; charset=utf-8\nServer: Apache/2.4.51 () OpenSSL/1.0.2k-fips\n\n] [Timed out for waiting a client( timeout = 51000 )]", "process": { "pid": 3628, "thread": { "id": 4320 } }, - "@timestamp": "2021-10-21T19:13:31.679Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Debug", - "logger": "mobworker.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.482781100Z", - "timezone": "UTC" - }, - "message": "#1 r522057: The HTTP client read returned: 408, [HTTP/1.1 408 Request Timeout\nConnection: Upgrade, close\nDate: Thu, 21 Oct 2021 19:12:40 GMT\nUpgrade: h2,h2c\nContent-Length: 49\nContent-Type: text/html; charset=utf-8\nServer: Apache/2.4.51 () OpenSSL/1.0.2k-fips\n\n] [Timed out for waiting a client( timeout = 51000 )]", "user": { "id": "" } }, { + "@timestamp": "2021-01-16T00:35:32.941Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042791383Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "request": { - "id": "09bc17eb-7b1d-4b1a-8c66-42c49384a552" - }, - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1", "perf": { - "duration": 21030, - "result": 1, "address": "[script=\"E:\\Program Files\\Hitachi ID\\IDM Suite\\default\\agent\\64\\agtlinux.psl\"; server=1.128.3.4;port=22; compression=false; hostkeys=AllowAppend; privEscType=sudo; passwdAccessOnly=true; maxReadTimeout=6; maxWriteTimeout=20; maxReadSize=16384; maxReadLines=50000; pubkeyfiles=id_rsa.pub,id_dsa.pub; ]", - "targetid": "D989E43017B94D78963CBB7113467696", - "sysid": "", - "kind": "PerfConnector", "adminid": "sys_padm", - "message": "Network error: Connection timed out. Could not connect to address [[script=\"E:\\Program Files\\Hitachi ID\\IDM Suite\\default\\agent\\64\\agtlinux.psl\"; server=1.128.3.4;port=22; compression=false; hostkeys=AllowAppend; privEscType=sudo; passwdAccessOnly=true; maxReadTimeout=6; maxWriteTimeout=20; maxReadSize=16384; maxReadLines=50000; pubkeyfiles=id_rsa.pub,id_dsa.pub; ]].", + "duration": 21030, "event": "connector-operation", - "operation": "Connect" + "kind": "PerfConnector", + "message": "Network error: Connection timed out. Could not connect to address [[script=\"E:\\Program Files\\Hitachi ID\\IDM Suite\\default\\agent\\64\\agtlinux.psl\"; server=1.128.3.4;port=22; compression=false; hostkeys=AllowAppend; privEscType=sudo; passwdAccessOnly=true; maxReadTimeout=6; maxWriteTimeout=20; maxReadSize=16384; maxReadLines=50000; pubkeyfiles=id_rsa.pub,id_dsa.pub; ]].", + "operation": "Connect", + "result": 1, + "sysid": "", + "targetid": "D989E43017B94D78963CBB7113467696" + }, + "request": { + "id": "09bc17eb-7b1d-4b1a-8c66-42c49384a552" } }, + "log": { + "level": "Perf", + "logger": "agtssh.exe" + }, + "message": "PerfConnector. Address: {[script=\"E:\\Program Files\\Hitachi ID\\IDM Suite\\default\\agent\\64\\agtlinux.psl\"; server=1.128.3.4;port=22; compression=false; hostkeys=AllowAppend; privEscType=sudo; passwdAccessOnly=true; maxReadTimeout=6; maxWriteTimeout=20; maxReadSize=16384; maxReadLines=50000; pubkeyfiles=id_rsa.pub,id_dsa.pub; ]} | AdminID: {sys_padm} | Duration: {21030} | Event: {connector-operation} | Message: {Network error: Connection timed out. Could not connect to address [[script=\"E:\\Program Files\\Hitachi ID\\IDM Suite\\default\\agent\\64\\agtlinux.psl\"; server=1.128.3.4;port=22; compression=false; hostkeys=AllowAppend; privEscType=sudo; passwdAccessOnly=true; maxReadTimeout=6; maxWriteTimeout=20; maxReadSize=16384; maxReadLines=50000; pubkeyfiles=id_rsa.pub,id_dsa.pub; ]].} | Operation: {Connect} | Result: {1} | SysID: {} | TargetID: {D989E43017B94D78963CBB7113467696}", "process": { "pid": 19360, "thread": { "id": 54164 } - }, - "@timestamp": "2021-01-16T00:35:32.941Z", + } + }, + { + "@timestamp": "2021-01-16T11:54:18.663Z", "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Perf", - "logger": "agtssh.exe" + "version": "8.3.0" }, "event": { - "ingested": "2021-11-03T20:53:16.482840Z", + "ingested": "2022-06-28T17:52:56.042791591Z", "timezone": "UTC" }, - "message": "PerfConnector. Address: {[script=\"E:\\Program Files\\Hitachi ID\\IDM Suite\\default\\agent\\64\\agtlinux.psl\"; server=1.128.3.4;port=22; compression=false; hostkeys=AllowAppend; privEscType=sudo; passwdAccessOnly=true; maxReadTimeout=6; maxWriteTimeout=20; maxReadSize=16384; maxReadLines=50000; pubkeyfiles=id_rsa.pub,id_dsa.pub; ]} | AdminID: {sys_padm} | Duration: {21030} | Event: {connector-operation} | Message: {Network error: Connection timed out. Could not connect to address [[script=\"E:\\Program Files\\Hitachi ID\\IDM Suite\\default\\agent\\64\\agtlinux.psl\"; server=1.128.3.4;port=22; compression=false; hostkeys=AllowAppend; privEscType=sudo; passwdAccessOnly=true; maxReadTimeout=6; maxWriteTimeout=20; maxReadSize=16384; maxReadLines=50000; pubkeyfiles=id_rsa.pub,id_dsa.pub; ]].} | Operation: {Connect} | Result: {1} | SysID: {} | TargetID: {D989E43017B94D78963CBB7113467696}" - }, - { "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1", "perf": { "duration": 625, "exe": "psf.exe", - "kind": "PerfExe", "kernel": 93, - "transid": "C_AUTHCHAIN_LOGIN", + "kind": "PerfExe", "sessionid": "S39ccf8f2-c7ab-4baa-bc7a-37c2b0a154b3", + "transid": "C_AUTHCHAIN_LOGIN", "user": 15 } }, + "log": { + "level": "Perf", + "logger": "psf.exe" + }, + "message": "PerfExe. Duration: {625} | Kernel: {93} | SessionID: {S39ccf8f2-c7ab-4baa-bc7a-37c2b0a154b3} | TransID: {C_AUTHCHAIN_LOGIN} | User: {15}", "process": { "pid": 55252, "thread": { "id": 51340 } }, - "@timestamp": "2021-01-16T11:54:18.663Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Perf", - "logger": "psf.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.482869700Z", - "timezone": "UTC" - }, - "message": "PerfExe. Duration: {625} | Kernel: {93} | SessionID: {S39ccf8f2-c7ab-4baa-bc7a-37c2b0a154b3} | TransID: {C_AUTHCHAIN_LOGIN} | User: {15}", "user": { "id": "joe.test" } }, { + "@timestamp": "2021-02-05T08:41:11.845Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042791758Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1", "perf": { - "duration": 0, "destination": "hitachi-id.test.net", - "file": "\\\\psupdate_finish", + "duration": 0, "event": "filerep-sendreg", + "file": "\\\\psupdate_finish", "kind": "PerfFileRep" } }, + "log": { + "level": "Perf", + "logger": "updinst.exe" + }, + "message": "PerfFileRep. Destination: {hitachi-id.test.net} | Duration: {0} | Event: {filerep-sendreg} | File: {\\\\psupdate_finish}", "process": { "pid": 4248, "thread": { "id": 10876 } }, + "user": { + "id": "psupdate8112_10120" + } + }, + { "@timestamp": "2021-02-05T08:41:11.845Z", "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Perf", - "logger": "updinst.exe" + "version": "8.3.0" }, "event": { - "ingested": "2021-11-03T20:53:16.482894200Z", + "ingested": "2022-06-28T17:52:56.042792050Z", "timezone": "UTC" }, - "message": "PerfFileRep. Destination: {hitachi-id.test.net} | Duration: {0} | Event: {filerep-sendreg} | File: {\\\\psupdate_finish}", - "user": { - "id": "psupdate8112_10120" - } - }, - { "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1", "perf": { "duration": 3, - "kind": "PerfIDAPI", - "function": "AccountAttrsGet" + "function": "AccountAttrsGet", + "kind": "PerfIDAPI" } }, + "log": { + "level": "Perf", + "logger": "idapi.exe" + }, + "message": "PerfIDAPI. Duration: {3} | Function: {AccountAttrsGet}", "process": { "pid": 4248, "thread": { "id": 10876 } }, - "@timestamp": "2021-02-05T08:41:11.845Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Perf", - "logger": "idapi.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.482976Z", - "timezone": "UTC" - }, - "message": "PerfIDAPI. Duration: {3} | Function: {AccountAttrsGet}", "user": { "id": "" } }, { + "@timestamp": "2021-02-05T08:43:13.839Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042792383Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1", "perf": { - "duration": 0, "caller": "IDAQueue::PostInsert_Prot", - "type": "Queue", - "kind": "PerfIDWFM" + "duration": 0, + "kind": "PerfIDWFM", + "type": "Queue" } }, + "log": { + "level": "Perf", + "logger": "idwfm.exe" + }, + "message": "PerfIDWFM. Caller: {IDAQueue::PostInsert_Prot} | Duration: {0} | Type: {Queue}", "process": { "pid": 4512, "thread": { "id": 7644 } }, - "@timestamp": "2021-02-05T08:43:13.839Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Perf", - "logger": "idwfm.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.482995500Z", - "timezone": "UTC" - }, - "message": "PerfIDWFM. Caller: {IDAQueue::PostInsert_Prot} | Duration: {0} | Type: {Queue}", "user": { "id": "" } }, { + "@timestamp": "2021-01-16T11:54:25.839Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042793258Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1", "perf": { - "duration": 6, "dbcommand": "GroupMemberAny", + "duration": 6, "event": "loaddb", "kind": "PerfPsupdate" } }, + "log": { + "level": "Perf", + "logger": "iddiscover.exe" + }, + "message": "PerfPsupdate. DBCommand: {GroupMemberAny} | Duration: {6} | Event: {loaddb}", "process": { "pid": 5356, "thread": { "id": 10572 } }, - "@timestamp": "2021-01-16T11:54:25.839Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Perf", - "logger": "iddiscover.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.483010100Z", - "timezone": "UTC" - }, - "message": "PerfPsupdate. DBCommand: {GroupMemberAny} | Duration: {6} | Event: {loaddb}", "user": { "id": "" } }, { + "@timestamp": "2021-01-27T14:36:47.026Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042793508Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1", "perf": { - "duration": 3951, - "receivequeue": "node01", "dbcommand": "Call", + "duration": 3951, + "function": "RequestActionUpdate", "kind": "PerfReplication", - "function": "RequestActionUpdate" + "receivequeue": "node01" } }, + "log": { + "level": "Perf", + "logger": "iddb.exe" + }, + "message": "PerfReplication. DBCommand: {Call} | Duration: {3951} | Function: {RequestActionUpdate} | ReceiveQueue: {node01}", "process": { "pid": 4584, "thread": { "id": 664 } }, - "@timestamp": "2021-01-27T14:36:47.026Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Perf", - "logger": "iddb.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.483024300Z", - "timezone": "UTC" - }, - "message": "PerfReplication. DBCommand: {Call} | Duration: {3951} | Function: {RequestActionUpdate} | ReceiveQueue: {node01}", "user": { "id": "" } }, { + "@timestamp": "2021-02-04T18:03:38.605Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042793675Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { - "node": "Node1", - "instancetype": "Privilege-Identity-Password", "environment": "DEVELOPMENT", "instancename": "default", + "instancetype": "Privilege-Identity-Password", + "node": "Node1", "perf": { - "duration": 16087, "caller": "main", + "duration": 16087, "file": "ui\\tools\\kvgtodb.cpp", - "line": 62, + "function": "LanguageStageMerge", "kind": "PerfSproc", - "function": "LanguageStageMerge" + "line": 62 } }, + "log": { + "level": "Perf", + "logger": "kvgtodb.exe" + }, + "message": "PerfSproc. Caller: {main} | Duration: {16087} | File: {ui\\tools\\kvgtodb.cpp} | Function: {LanguageStageMerge} | Line: {62}", "process": { "pid": 8516, "thread": { "id": 10044 } }, - "@timestamp": "2021-02-04T18:03:38.605Z", - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "Perf", - "logger": "kvgtodb.exe" - }, - "event": { - "ingested": "2021-11-03T20:53:16.483038300Z", - "timezone": "UTC" - }, - "message": "PerfSproc. Caller: {main} | Duration: {16087} | File: {ui\\tools\\kvgtodb.cpp} | Function: {LanguageStageMerge} | Line: {62}", "user": { "id": "" } }, { + "@timestamp": "2021-01-16T00:35:32.958Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "ingested": "2022-06-28T17:52:56.042793883Z", + "timezone": "UTC" + }, "hid_bravura_monitor": { + "environment": "DEVELOPMENT", + "instancename": "default", + "instancetype": "Privilege-Identity-Password", "node": "Node1", "request": { "id": "09bc17eb-7b1d-4b1a-8c66-42c49384a552" - }, - "instancetype": "Privilege-Identity-Password", - "environment": "DEVELOPMENT", - "instancename": "default" - }, - "process": { - "pid": 4960, - "thread": { - "id": 47448 } }, - "@timestamp": "2021-01-16T00:35:32.958Z", - "ecs": { - "version": "1.12.0" - }, "log": { "level": "Warning", "logger": "idarch.exe" }, - "event": { - "ingested": "2021-11-03T20:53:16.483052Z", - "timezone": "UTC" - }, - "message": "Agent failed: return code [1] message [Failed: Network error: Connection timed out. Could not connect to address [{script=\"E:\\Program Files\\Hitachi ID\\IDM Suite\\default\\agent\\64\\agtlinux.psl\"; server=1.128.3.4;port=22; compression=false; hostkeys=AllowAppend; privEscType=sudo; passwdAccessOnly=true; maxReadTimeout=6; maxWriteTimeout=20; maxReadSize=16384; maxReadLines=50000; pubkeyfiles=id_rsa.pub,id_dsa.pub; }].]" + "message": "Agent failed: return code [1] message [Failed: Network error: Connection timed out. Could not connect to address [{script=\"E:\\Program Files\\Hitachi ID\\IDM Suite\\default\\agent\\64\\agtlinux.psl\"; server=1.128.3.4;port=22; compression=false; hostkeys=AllowAppend; privEscType=sudo; passwdAccessOnly=true; maxReadTimeout=6; maxWriteTimeout=20; maxReadSize=16384; maxReadLines=50000; pubkeyfiles=id_rsa.pub,id_dsa.pub; }].]", + "process": { + "pid": 4960, + "thread": { + "id": 47448 + } + } } ] } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 23a2795b4e9..5b490689619 100644 --- a/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing hid_bravura_monitor logs processors: - set: field: ecs.version - value: 1.12.0 + value: 8.3.0 description: Set ecs.version to 1.12.0 - set: field: event.ingested diff --git a/packages/hid_bravura_monitor/data_stream/log/sample_event.json b/packages/hid_bravura_monitor/data_stream/log/sample_event.json index 1fc4a9226bb..a6619fa684b 100644 --- a/packages/hid_bravura_monitor/data_stream/log/sample_event.json +++ b/packages/hid_bravura_monitor/data_stream/log/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", diff --git a/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json b/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json index d09c8bf1935..c54b6fb3b25 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json +++ b/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json @@ -2,139 +2,139 @@ "expected": [ { "@timestamp": "2020-05-13T09:04:04.755Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "code": "118", + "ingested": "2022-06-28T17:52:56.206643800Z", + "kind": "event", + "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite" + }, + "host": { + "name": "domain.hitachi1.corp" + }, + "log": { + "level": "warning" + }, "winlog": { + "channel": "Hitachi-Hitachi ID Systems-Hitachi ID Suite/Operational", "computer_name": "domain.hitachi1.corp", - "record_id": "1548167", + "event_data": { + "DelayThreshold": 14400, + "Description": "Database replication queue delay exceeded configured threshold.", + "Message": "Database replication queue delay exceeded configured threshold.", + "Node": "domain.hitachi1.corp_pmim", + "QueueDelay": 89239 + }, + "event_id": "118", + "level": "warning", "process": { "pid": 4204, "thread": { "id": 1476 } }, - "event_id": "118", - "level": "warning", "provider_guid": "{a0c1853b-5c40-4b15-8766-3cf1c58f985a}", + "provider_name": "Hitachi-Hitachi ID Systems-Hitachi ID Suite", + "record_id": "1548167", "symbolic_id": "DB_REPLICATION_QUEUE_DELAY_PAST_THRESHOLD", - "channel": "Hitachi-Hitachi ID Systems-Hitachi ID Suite/Operational", "time_created": "2020-05-13T09:04:04.755Z", - "event_data": { - "QueueDelay": 89239, - "Description": "Database replication queue delay exceeded configured threshold.", - "Message": "Database replication queue delay exceeded configured threshold.", - "Node": "domain.hitachi1.corp_pmim", - "DelayThreshold": 14400 - }, - "provider_name": "Hitachi-Hitachi ID Systems-Hitachi ID Suite", "version": 1 - }, + } + }, + { + "@timestamp": "2021-11-03T20:05:14.092Z", "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, - "log": { - "level": "warning" + "event": { + "code": "64", + "ingested": "2022-06-28T17:52:56.206647508Z", + "kind": "event", + "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite" }, "host": { "name": "domain.hitachi1.corp" }, - "event": { - "ingested": "2021-11-03T20:53:18.461232Z", - "code": "118", - "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite", - "kind": "event" - } - }, - { - "@timestamp": "2021-11-03T20:05:14.092Z", + "log": { + "level": "error" + }, "winlog": { - "computer_name": "domain.hitachi1.corp", - "record_id": "2097980", - "process": { - "pid": 13272, - "thread": { - "id": 6992 - } - }, - "event_id": "64", - "level": "error", - "provider_guid": "{5a744344-18a9-480d-8a3a-0560ac58b841}", - "symbolic_id": "USER_PW_RESET_FAILURE", "activity_id": "{9d5ae52c-b943-4cb5-8f03-d4cb5d63d154}", "channel": "Hitachi-Hitachi ID Systems-Hitachi ID Suite/Operational", + "computer_name": "domain.hitachi1.corp", "event_data": { "Description": "Self-service password reset failed.", - "Message": "Self-service password reset failed.", - "Profile": "Random", "FailedTargets": [ "AZURE", "AD", "LDAP" - ] + ], + "Message": "Self-service password reset failed.", + "Profile": "Random" }, + "event_id": "64", + "level": "error", + "process": { + "pid": 13272, + "thread": { + "id": 6992 + } + }, + "provider_guid": "{5a744344-18a9-480d-8a3a-0560ac58b841}", "provider_name": "Hitachi-Hitachi ID Systems-Hitachi ID Suite", + "record_id": "2097980", + "symbolic_id": "USER_PW_RESET_FAILURE", "version": 1 - }, + } + }, + { + "@timestamp": "2021-11-03T20:05:14.092Z", "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, - "log": { - "level": "error" + "event": { + "code": "94", + "ingested": "2022-06-28T17:52:56.206647800Z", + "kind": "event", + "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite" }, "host": { "name": "domain.hitachi1.corp" }, - "event": { - "ingested": "2021-11-03T20:53:18.461263500Z", - "code": "64", - "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite", - "kind": "event" - } - }, - { - "@timestamp": "2021-11-03T20:05:14.092Z", + "log": { + "level": "information" + }, "winlog": { - "computer_name": "domain.hitachi1.corp", - "record_id": "2097980", - "process": { - "pid": 13272, - "thread": { - "id": 6992 - } - }, - "event_id": "94", - "level": "information", - "provider_guid": "{5a744344-18a9-480d-8a3a-0560ac58b841}", - "symbolic_id": "FEDIDP_IDENTIFY_SUCCESS", "activity_id": "{9d5ae52c-b943-4cb5-8f03-d4cb5d63d154}", "channel": "Hitachi-Hitachi ID Systems-Hitachi ID Suite/Operational", + "computer_name": "domain.hitachi1.corp", "event_data": { "ClientIPs": [ "175.16.199.1", "1.128.3.4" ], "Description": "Federated authn request successfully parsed.", - "Message": "Federated authn request successfully parsed.", - "RequestID": "ihikhiagiilnkipblfilbkmjmgmdbhmbgblhihdm", "Issuer": "google.com", + "Message": "Federated authn request successfully parsed.", + "MessageType": "AuthnRequest", "Method": "GET", - "MessageType": "AuthnRequest" + "RequestID": "ihikhiagiilnkipblfilbkmjmgmdbhmbgblhihdm" + }, + "event_id": "94", + "level": "information", + "process": { + "pid": 13272, + "thread": { + "id": 6992 + } }, + "provider_guid": "{5a744344-18a9-480d-8a3a-0560ac58b841}", "provider_name": "Hitachi-Hitachi ID Systems-Hitachi ID Suite", + "record_id": "2097980", + "symbolic_id": "FEDIDP_IDENTIFY_SUCCESS", "version": 1 - }, - "ecs": { - "version": "1.12.0" - }, - "log": { - "level": "information" - }, - "host": { - "name": "domain.hitachi1.corp" - }, - "event": { - "ingested": "2021-11-03T20:53:18.461306300Z", - "code": "94", - "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite", - "kind": "event" } } ] diff --git a/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml b/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml index ee6d39de049..b63a6554426 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml @@ -356,7 +356,7 @@ processors: - set: field: ecs.version - value: '1.12.0' + value: '8.3.0' - set: field: log.level diff --git a/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json b/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json index 18ae9247b1e..0fdff9a5252 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json +++ b/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json @@ -85,6 +85,6 @@ "type": "filebeat" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" } } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/docs/README.md b/packages/hid_bravura_monitor/docs/README.md index e23374a7f02..1d0e293d434 100644 --- a/packages/hid_bravura_monitor/docs/README.md +++ b/packages/hid_bravura_monitor/docs/README.md @@ -168,7 +168,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", @@ -243,7 +243,7 @@ An example event for `log` looks as following: |---|---|---| | @timestamp | Event timestamp. | date | | client.address | Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | -| client.domain | Client domain. | keyword | +| client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | client.ip | IP address of the client (IPv4 or IPv6). | ip | | client.port | Port of the client. | long | | client.user.name | Short name or login of the user. | keyword | @@ -269,7 +269,7 @@ An example event for `log` looks as following: | destination.as.organization.name | Organization name. | keyword | | destination.as.organization.name.text | Multi-field of `destination.as.organization.name`. | match_only_text | | destination.bytes | Bytes sent from the destination to the source. | long | -| destination.domain | Destination domain. | keyword | +| destination.domain | The domain name of the destination system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | destination.geo.city_name | City name. | keyword | | destination.geo.continent_name | Name of the continent. | keyword | | destination.geo.country_iso_code | Country ISO code. | keyword | @@ -364,9 +364,9 @@ An example event for `log` looks as following: | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | | network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | | network.inner.vlan.name | Optional VLAN name as reported by the observer. | keyword | -| network.protocol | L7 Network protocol name. ex. http, lumberjack, transport protocol. The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | -| network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | -| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | +| network.protocol | In the OSI Model this would be the Application Layer protocol. For example, `http`, `dns`, or `ssh`. The field value must be normalized to lowercase for querying. | keyword | +| network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | +| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. | keyword | | observer.egress.interface.name | Interface name as reported by the system. | keyword | | observer.egress.zone | Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. | keyword | | observer.hostname | Hostname of the observer. | keyword | @@ -386,7 +386,7 @@ An example event for `log` looks as following: | related.ip | All of the IPs seen on your event. | ip | | related.user | All the user names or other user identifiers seen on the event. | keyword | | server.address | Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | -| server.domain | Server domain. | keyword | +| server.domain | The domain name of the server system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | server.ip | IP address of the server (IPv4 or IPv6). | ip | | server.port | Port of the server. | long | | source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | @@ -394,7 +394,7 @@ An example event for `log` looks as following: | source.as.organization.name | Organization name. | keyword | | source.as.organization.name.text | Multi-field of `source.as.organization.name`. | match_only_text | | source.bytes | Bytes sent from the source to the destination. | long | -| source.domain | Source domain. | keyword | +| source.domain | The domain name of the source system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | source.geo.city_name | City name. | keyword | | source.geo.continent_name | Name of the continent. | keyword | | source.geo.country_iso_code | Country ISO code. | keyword | @@ -525,7 +525,7 @@ An example event for `winlog` looks as following: "type": "filebeat" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" } } ``` @@ -610,7 +610,7 @@ An example event for `winlog` looks as following: | related.user | All the user names or other user identifiers seen on the event. | keyword | | service.name | Name of the service data is collected from. The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. | keyword | | service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | -| source.domain | Source domain. | keyword | +| source.domain | The domain name of the source system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | source.ip | IP address of the source (IPv4 or IPv6). | ip | | source.port | Port of the source. | long | | tags | List of keywords used to tag each event. | keyword | diff --git a/packages/hid_bravura_monitor/manifest.yml b/packages/hid_bravura_monitor/manifest.yml index d9abe868bef..b8243db72ac 100644 --- a/packages/hid_bravura_monitor/manifest.yml +++ b/packages/hid_bravura_monitor/manifest.yml @@ -1,6 +1,6 @@ name: hid_bravura_monitor title: Hitachi ID Bravura Monitor -version: 1.0.3 +version: "1.1.0" categories: ["security"] release: ga description: Collect logs from Hitachi ID Security Fabric with Elastic Agent. diff --git a/packages/http_endpoint/_dev/build/build.yml b/packages/http_endpoint/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/http_endpoint/_dev/build/build.yml +++ b/packages/http_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/http_endpoint/changelog.yml b/packages/http_endpoint/changelog.yml index 8873c447b19..a1142f57021 100644 --- a/packages/http_endpoint/changelog.yml +++ b/packages/http_endpoint/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.1.0" changes: - description: Update ECS to 8.2 diff --git a/packages/http_endpoint/manifest.yml b/packages/http_endpoint/manifest.yml index 3894daea768..fd5d67e5684 100644 --- a/packages/http_endpoint/manifest.yml +++ b/packages/http_endpoint/manifest.yml @@ -3,7 +3,7 @@ name: http_endpoint title: Custom HTTP Endpoint Logs description: Collect JSON data from listening HTTP port with Elastic Agent. type: integration -version: 1.1.0 +version: "1.2.0" release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" diff --git a/packages/httpjson/_dev/build/build.yml b/packages/httpjson/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/httpjson/_dev/build/build.yml +++ b/packages/httpjson/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/httpjson/changelog.yml b/packages/httpjson/changelog.yml index de3cbba77b7..df5f3e118c6 100644 --- a/packages/httpjson/changelog.yml +++ b/packages/httpjson/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.2.4" changes: - description: Add correct field mapping for event.created diff --git a/packages/httpjson/manifest.yml b/packages/httpjson/manifest.yml index adb9ec7de6e..92e484b630b 100644 --- a/packages/httpjson/manifest.yml +++ b/packages/httpjson/manifest.yml @@ -3,7 +3,7 @@ name: httpjson title: Custom HTTPJSON Input description: Collect custom data from REST API's with Elastic Agent. type: integration -version: 1.2.4 +version: "1.3.0" release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" diff --git a/packages/imperva/_dev/build/build.yml b/packages/imperva/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/imperva/_dev/build/build.yml +++ b/packages/imperva/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/imperva/changelog.yml b/packages/imperva/changelog.yml index 7b520319361..9ba56f14323 100644 --- a/packages/imperva/changelog.yml +++ b/packages/imperva/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json b/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json index 5decd80626c..8d765e2e7db 100644 --- a/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.70.155.35,dstPort=892,dbUsername=tatno,srcIP=10.81.122.126,srcPort=4141,creatTime=29 January 2016 06:09:59,srvGroup=uam,service=untutl,appName=rad,event#=taliqu,eventType=Login,usrGroup=ommod,usrAuth=True,application=\"scivel\",osUsername=aqui,srcHost=radipis5408.mail.local,dbName=enatuse,schemaName=magn,bindVar=equuntu,sqlError=failure,respSize=5910,respTime=10.347000,affRows=sum,action=\"cancel\",rawQuery=\"sit\"", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=nimadmin,createTime=2016-02-12 13:12:33,eventType=erep,eventSev=low,username=temq,subsystem=ugiatqu,message=\"eacomm\"", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.58.116.231,dstPort=996,dbUsername=qua,srcIP=10.159.182.171,srcPort=3947,creatTime=2016-02-26 20:15:08,srvGroup=apariat,service=mol,appName=pteursi,event#=onse,eventType=rumet,usrGroup=oll,usrAuth=erc,application=\"taliqu\",osUsername=temUten,srcHost=ccusan7572.api.home,dbName=aveniam,schemaName=uradi,bindVar=nimadmin,sqlError=failure,respSize=3626,respTime=79.328000,affRows=ender,action=\"accept\",rawQuery=\"ehenderi\"", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.232.27.250,dstPort=7838,dbUsername=mquidol,srcIP=10.18.124.28,srcPort=7668,creatTime=12 March 2016 03:17:42,srvGroup=rsitamet,service=lupt,appName=xea,event#=qua,eventType=Login,usrGroup=luptatev,usrAuth=False,application=\"admi\",osUsername=modocons,srcHost=elaudant5931.internal.invalid,dbName=lores,schemaName=lapariat,bindVar=eddoei,sqlError=failure,respSize=6564,respTime=87.496000,affRows=nimadmin,action=\"cancel\",rawQuery=\"xercitat\"", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=ationemu,event#=ice,createTime=2016-03-26 10:20:16,updateTime=estiae,alertSev=high,group=laborum,ruleName=\"tionof\",evntDesc=\"snostrud\",category=nama,disposition=quisnos,eventType=ite,proto=icmp,srcPort=2707,srcIP=10.6.137.200,dstPort=5697,dstIP=10.197.250.10,policyName=\"bor\",occurrences=7243,httpHost=hitect,webMethod=dol,url=\"https://internal.example.net/namali/taevit.html?nsecte=itame#eumfug\",webQuery=\"lit\",soapAction=asun,resultCode=estia,sessionID=eaq,username=occae,addUsername=ctetura,responseTime=labore,responseSize=texp,direction=external,dbUsername=adeseru,queryGroup=emoe,application=\"eaq\",srcHost=amest4147.mail.host,osUsername=intoc,schemaName=oluptas,dbName=tNequepo,hdrName=lup,action=cancel", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=sperna,event#=eabilloi,createTime=2016-04-09 17:22:51,updateTime=estia,alertSev=medium,group=tlab,ruleName=\"volupt\",evntDesc=\"osqui\",category=xerc,disposition=iutali,eventType=fdeFi,proto=igmp,srcPort=1696,srcIP=10.179.124.125,dstPort=5473,dstIP=10.36.194.106,policyName=\"eprehend\",occurrences=2462,httpHost=dutper,webMethod=lamcolab,url=\"https://example.net/tlabo/uames.gif?mpo=offi#giatnu\",webQuery=\"ulapa\",soapAction=liqui,resultCode=quioffi,sessionID=uptate,username=ncidid,addUsername=quaturve,responseTime=sequa,responseSize=aera,direction=outbound,dbUsername=rvel,queryGroup=uid,application=\"onsecte\",srcHost=eratv6205.internal.lan,osUsername=reme,schemaName=acommod,dbName=uaUteni,hdrName=udantium,action=accept", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.129.149.43,dstPort=3304,dbUsername=eveli,srcIP=10.211.105.204,srcPort=2742,creatTime=2016-04-24 00:25:25,srvGroup=aliquide,service=ofde,appName=equat,event#=derit,eventType=Logout,usrGroup=dexea,usrAuth=True,application=\"atcu\",osUsername=labor,srcHost=didunt1355.corp,dbName=udan,schemaName=orema,bindVar=invento,sqlError=failure,respSize=6855,respTime=74.098000,affRows=nofdeFin,action=\"accept\",rawQuery=\"rau\"", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.214.191.180,dstPort=5848,dbUsername=ipsumdol,srcIP=10.112.250.193,srcPort=5705,creatTime=2016-05-08 07:27:59,srvGroup=urerepr,service=ese,appName=isaute,event#=ptatemq,eventType=Logout,usrGroup=luptatev,usrAuth=False,application=\"tlabore\",osUsername=Exc,srcHost=pora6854.www5.home,dbName=nevo,schemaName=ide,bindVar=aali,sqlError=success,respSize=6852,respTime=49.573000,affRows=etcons,action=\"cancel\",rawQuery=\"tenbyCi\"", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.251.20.13,dstPort=264,dbUsername=iquipe,srcIP=10.192.34.76,srcPort=1450,creatTime=2016-05-22 14:30:33,srvGroup=upida,service=tvolupt,appName=eufugi,event#=pici,eventType=abor,usrGroup=utpe,usrAuth=onsequ,application=\"temqu\",osUsername=ovol,srcHost=ptasn6599.www.localhost,dbName=lore,schemaName=tnonpro,bindVar=ionemu,sqlError=success,respSize=3645,respTime=20.909000,affRows=tanimid,action=\"deny\",rawQuery=\"uamni\"", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.74.105.218,dstPort=2438,dbUsername=archite,srcIP=10.59.138.212,srcPort=7829,creatTime=2016-06-05 21:33:08,srvGroup=asi,service=datatno,appName=siutali,event#=amnih,eventType=Logout,usrGroup=ium,usrAuth=True,application=\"esciuntN\",osUsername=idunt,srcHost=ptasnu6684.mail.lan,dbName=orumSe,schemaName=boree,bindVar=intoc,sqlError=success,respSize=248,respTime=158.450000,affRows=eeufugia,action=\"block\",rawQuery=\"ofdeFini\"", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.168.159.13,dstPort=3319,dbUsername=inci,srcIP=10.230.173.4,srcPort=2631,creatTime=2016-06-20 04:35:42,srvGroup=avol,service=icero,appName=xer,event#=emipsumd,eventType=Logout,usrGroup=isisten,usrAuth=False,application=\"cusant\",osUsername=atemq,srcHost=rinre2977.api.corp,dbName=totamre,schemaName=isnostr,bindVar=umqu,sqlError=success,respSize=6135,respTime=86.668000,affRows=inesci,action=\"accept\",rawQuery=\"uia\"", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.49.167.57,dstPort=2119,dbUsername=tali,srcIP=10.41.21.204,srcPort=3540,creatTime=4 July 2016 11:38:16,srvGroup=rpori,service=ice,appName=oles,event#=edic,eventType=Login,usrGroup=seq,usrAuth=True,application=\"tutlab\",osUsername=sau,srcHost=atevelit2450.local,dbName=aperia,schemaName=ccaeca,bindVar=umdolo,sqlError=failure,respSize=6818,respTime=115.224000,affRows=stenatu,action=\"block\",rawQuery=\"orumSe\"", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=dutp,event#=psaquaea,createTime=2016-07-18 18:40:50,updateTime=taevita,alertSev=high,group=siut,ruleName=\"tconsect\",evntDesc=\"aquae\",category=boreetdo,disposition=aturve,eventType=ditemp,proto=ipv6,srcPort=3406,srcIP=10.216.125.252,dstPort=5592,dstIP=10.62.147.186,policyName=\"eumiure\",occurrences=4603,httpHost=ima,webMethod=quasia,url=\"https://example.org/umwrit/uptate.html?ctetura=aveni#elit\",webQuery=\"seosqui\",soapAction=sequamni,resultCode=uradi,sessionID=tot,username=llamco,addUsername=nea,responseTime=psum,responseSize=tasnulap,direction=inbound,dbUsername=umSe,queryGroup=xeacomm,application=\"cinge\",srcHost=itla658.api.localhost,osUsername=lorsita,schemaName=dolore,dbName=uptate,hdrName=quidexea,action=\"accept\",errormsg=\"unknown\"", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=ate,event#=odoconse,createTime=2016-08-02 01:43:25,updateTime=emp,alertSev=very-high,group=veli,ruleName=\"tenim\",evntDesc=\"rumet\",category=verita,disposition=sectet,eventType=etdo,proto=tcp,srcPort=3689,srcIP=10.52.125.9,dstPort=2538,dstIP=10.204.128.215,policyName=\"ama\",occurrences=332,httpHost=runtmol,webMethod=texpli,url=\"https://api.example.org/roidents/tem.txt?tametcon=liqua#mvele\",webQuery=\"isis\",soapAction=uasiar,resultCode=utlab,sessionID=emUteni,username=rum,addUsername=gnaaliqu,responseTime=teirured,responseSize=onemulla,direction=external,dbUsername=bor,queryGroup=rauto,application=\"ationev\",srcHost=umdolor4389.api.home,osUsername=paquioff,schemaName=nci,dbName=isau,hdrName=rautodi,action=deny", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.200.68.129,dstPort=2558,dbUsername=icabo,srcIP=10.34.148.166,srcPort=3022,creatTime=2016-08-16 08:45:59,srvGroup=preh,service=ercit,appName=etMal,event#=qua,eventType=rsita,usrGroup=ate,usrAuth=ipsamvo,application=\"onula\",osUsername=miu,srcHost=rationev6444.localhost,dbName=tatem,schemaName=untutlab,bindVar=amcor,sqlError=failure,respSize=5427,respTime=176.685000,affRows=oremq,action=\"block\",rawQuery=\"uisaute\"", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.226.101.180,dstPort=1000,dbUsername=siu,srcIP=10.134.5.40,srcPort=7284,creatTime=30 August 2016 15:48:33,srvGroup=llamc,service=nte,appName=mvel,event#=nof,eventType=Login,usrGroup=usmodi,usrAuth=False,application=\"mvolu\",osUsername=conse,srcHost=ipi7727.www5.domain,dbName=isiu,schemaName=licabo,bindVar=enimadmi,sqlError=success,respSize=6356,respTime=41.238000,affRows=xeaco,action=\"deny\",rawQuery=\"amcor\"", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.126.26.131,dstPort=2595,dbUsername=velite,srcIP=10.30.98.10,srcPort=7576,creatTime=13 September 2016 22:51:07,srvGroup=itation,service=sequatD,appName=nimave,event#=isciv,eventType=Login,usrGroup=rroqu,usrAuth=False,application=\"nofd\",osUsername=dipisci,srcHost=spernatu5539.domain,dbName=quunt,schemaName=olori,bindVar=mquae,sqlError=unknown,respSize=7717,respTime=96.729000,affRows=cidunt,action=\"accept\",rawQuery=\"borisnis\"", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.190.10.219,dstPort=5530,dbUsername=accusant,srcIP=10.233.120.207,srcPort=136,creatTime=2016-09-28 05:53:42,srvGroup=stenatu,service=inibu,appName=est,event#=uptatemU,eventType=Logout,usrGroup=leumiu,usrAuth=False,application=\"tla\",osUsername=item,srcHost=nimid372.api.corp,dbName=atcupid,schemaName=quamnih,bindVar=dminima,sqlError=success,respSize=3278,respTime=60.949000,affRows=tame,action=\"cancel\",rawQuery=\"reetd\"", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=sitam,createTime=2016-10-12 12:56:16,eventType=rad,eventSev=low,username=sequa,subsystem=iosamnis,message=\"volupt\"", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.100.98.56,dstPort=1089,dbUsername=boru,srcIP=10.248.184.200,srcPort=5315,creatTime=2016-10-26 19:58:50,srvGroup=ptatem,service=ptatevel,appName=tenatuse,event#=psaqua,eventType=Logout,usrGroup=ullamcor,usrAuth=False,application=\"itationu\",osUsername=proident,srcHost=maliquam2147.internal.home,dbName=lores,schemaName=ritati,bindVar=orisni,sqlError=failure,respSize=5923,respTime=179.541000,affRows=sitam,action=\"deny\",rawQuery=\"mmodoc\"", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.197.6.245,dstPort=27,dbUsername=dtempo,srcIP=10.82.28.220,srcPort=3570,creatTime=10 November 2016 03:01:24,srvGroup=imad,service=tinvolup,appName=tsed,event#=inv,eventType=Login,usrGroup=rroq,usrAuth=False,application=\"rcit\",osUsername=aecatcup,srcHost=olabor2983.internal.localhost,dbName=citatio,schemaName=oluptat,bindVar=mveniamq,sqlError=success,respSize=3071,respTime=120.142000,affRows=eaqueips,action=\"allow\",rawQuery=\"aturve\"", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.6.27.103,dstPort=3179,dbUsername=redol,srcIP=10.167.252.183,srcPort=2003,creatTime=24 November 2016 10:03:59,srvGroup=doei,service=cipitl,appName=caboNemo,event#=dexerc,eventType=Login,usrGroup=strumex,usrAuth=True,application=\"eprehend\",osUsername=asnu,srcHost=hitec2111.mail.corp,dbName=perspici,schemaName=ationul,bindVar=mquisn,sqlError=failure,respSize=6606,respTime=155.907000,affRows=emUte,action=\"cancel\",rawQuery=\"ccae\"", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=ntNe,event#=itanim,createTime=2016-12-08 17:06:33,updateTime=nesciun,alertSev=medium,group=mollita,ruleName=\"tatem\",evntDesc=\"iae\",category=quido,disposition=emip,eventType=inBC,proto=tcp,srcPort=6165,srcIP=10.88.45.111,dstPort=6735,dstIP=10.81.184.7,policyName=\"saquaea\",occurrences=6344,httpHost=eetd,webMethod=illu,url=\"https://mail.example.com/lorsi/repreh.gif?sitamet=utlabo#tetur\",webQuery=\"tionula\",soapAction=ritqu,resultCode=ecatcupi,sessionID=uamei,username=undeomni,addUsername=tas,responseTime=autfugi,responseSize=tasun,direction=external,dbUsername=eratv,queryGroup=ipsa,application=\"asuntexp\",srcHost=adminim2559.www5.invalid,osUsername=lmole,schemaName=iameaque,dbName=nderi,hdrName=ssusci,action=\"deny\",errormsg=\"failure\"", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.214.3.140,dstPort=6127,dbUsername=scipitl,srcIP=10.29.119.245,srcPort=1179,creatTime=2016-12-23 00:09:07,srvGroup=olli,service=rever,appName=ore,event#=offici,eventType=Logout,usrGroup=ection,usrAuth=False,application=\"roquisqu\",osUsername=edolorin,srcHost=dolorem6882.api.local,dbName=rsi,schemaName=taliqui,bindVar=mides,sqlError=success,respSize=5140,respTime=119.229000,affRows=tcu,action=\"cancel\",rawQuery=\"inrepreh\"", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=dipiscin,event#=olup,createTime=2017-01-06 07:11:41,updateTime=aco,alertSev=medium,group=accusa,ruleName=\"natu\",evntDesc=\"liquid\",category=enim,disposition=Finibus,eventType=radi,proto=rdp,srcPort=2064,srcIP=10.218.123.234,dstPort=57,dstIP=10.110.133.7,policyName=\"radipisc\",occurrences=5347,httpHost=nibus,webMethod=vitaed,url=\"https://example.org/etconsec/elillum.htm?mporinc=onsectet#idolo\",webQuery=\"atemUte\",soapAction=docon,resultCode=mdolore,sessionID=eosquira,username=pta,addUsername=snos,responseTime=orsi,responseSize=tetura,direction=external,dbUsername=lorsita,queryGroup=eavol,application=\"osamnis\",srcHost=temaccu5302.test,osUsername=etconsec,schemaName=caboNem,dbName=urExcept,hdrName=rumetMal,action=\"allow\",errormsg=\"unknown\"", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.105.190.170,dstPort=2519,dbUsername=doeiu,srcIP=10.182.152.242,srcPort=1877,creatTime=2017-01-20 14:14:16,srvGroup=orumw,service=redol,appName=ecillum,event#=isci,eventType=Logout,usrGroup=dolor,usrAuth=True,application=\"tiumto\",osUsername=litan,srcHost=nder347.www.corp,dbName=alorum,schemaName=mquisn,bindVar=atq,sqlError=unknown,respSize=3474,respTime=68.556000,affRows=ugiatquo,action=\"block\",rawQuery=\"equamnih\"", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=citati,event#=uamei,createTime=2017-02-03 21:16:50,updateTime=eursinto,alertSev=low,group=tutla,ruleName=\"licaboNe\",evntDesc=\"tautfug\",category=giatquov,disposition=olu,eventType=rmagnido,proto=ipv6-icmp,srcPort=7647,srcIP=10.59.188.188,dstPort=7082,dstIP=10.123.166.197,policyName=\"ici\",occurrences=7102,httpHost=mips,webMethod=itae,url=\"https://internal.example.net/atnula/ditautf.jpg?iquidex=olup#remipsu\",webQuery=\"tan\",soapAction=quiac,resultCode=sunt,sessionID=autfugit,username=emUte,addUsername=iusmodi,responseTime=fdeFi,responseSize=Except,direction=inbound,dbUsername=equat,queryGroup=aliquid,application=\"usantiu\",srcHost=idunt4633.internal.host,osUsername=liquam,schemaName=min,dbName=oluptat,hdrName=odt,action=block", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.72.75.207,dstPort=6336,dbUsername=urau,srcIP=10.201.168.116,srcPort=2037,creatTime=2017-02-18 04:19:24,srvGroup=utali,service=sed,appName=xeac,event#=umdolors,eventType=Logout,usrGroup=lumdo,usrAuth=False,application=\"acom\",osUsername=eFini,srcHost=ectob4634.mail.localhost,dbName=prehend,schemaName=eufug,bindVar=roquisq,sqlError=unknown,respSize=3348,respTime=79.765000,affRows=civelits,action=\"accept\",rawQuery=\"reet\"", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.9.46.123,dstPort=586,dbUsername=mfu,srcIP=10.58.133.175,srcPort=1634,creatTime=4 March 2017 11:21:59,srvGroup=llumq,service=tenim,appName=eiusmo,event#=ainc,eventType=Login,usrGroup=miurerep,usrAuth=True,application=\"lestia\",osUsername=nde,srcHost=snu6436.www.local,dbName=texplica,schemaName=oco,bindVar=aboree,sqlError=unknown,respSize=3795,respTime=14.713000,affRows=edquian,action=\"block\",rawQuery=\"uames\"", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.169.50.59,dstPort=7693,dbUsername=pta,srcIP=10.70.29.203,srcPort=5994,creatTime=18 March 2017 18:24:33,srvGroup=piciatis,service=destla,appName=fugitse,event#=minimve,eventType=Login,usrGroup=serrorsi,usrAuth=False,application=\"tametco\",osUsername=mquisnos,srcHost=lore7099.www.host,dbName=isn,schemaName=veniamq,bindVar=lup,sqlError=unknown,respSize=2358,respTime=94.460000,affRows=ipitlabo,action=\"block\",rawQuery=\"prehen\"", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.165.182.111,dstPort=5525,dbUsername=ames,srcIP=10.137.85.123,srcPort=218,creatTime=2017-04-02 01:27:07,srvGroup=amquisno,service=modoc,appName=magnam,event#=uinesc,eventType=Logout,usrGroup=cid,usrAuth=True,application=\"emi\",osUsername=Bonorum,srcHost=lesti6939.api.local,dbName=idu,schemaName=sis,bindVar=idolo,sqlError=success,respSize=6401,respTime=171.434000,affRows=its,action=\"block\",rawQuery=\"edutp\"", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=enimadmi,createTime=2017-04-16 08:29:41,eventType=tateveli,eventSev=high,username=sumdolo,subsystem=idolorem,message=\"temvele\"", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=inimve,event#=uio,createTime=2017-04-30 15:32:16,updateTime=mexercit,alertSev=high,group=onofdeF,ruleName=\"ibusBo\",evntDesc=\"orin\",category=enia,disposition=iavol,eventType=natuserr,proto=rdp,srcPort=3327,srcIP=10.64.184.196,dstPort=6659,dstIP=10.173.178.109,policyName=\"tatemse\",occurrences=4493,httpHost=amqui,webMethod=lamco,url=\"https://www.example.net/hender/ptatemU.htm?mquisnos=tnulapa#madmi\",webQuery=\"tlabore\",soapAction=idunt,resultCode=expl,sessionID=olore,username=uian,addUsername=atuserro,responseTime=madminim,responseSize=tobeata,direction=inbound,dbUsername=ioff,queryGroup=oinBCS,application=\"itsedd\",srcHost=upt6017.api.localdomain,osUsername=nesci,schemaName=tam,dbName=sin,hdrName=idexeac,action=\"block\",errormsg=\"failure\"", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.90.50.149,dstPort=1936,dbUsername=olu,srcIP=10.168.225.209,srcPort=6,creatTime=2017-05-14 22:34:50,srvGroup=taliq,service=tautfugi,appName=fdeFinib,event#=uip,eventType=Logout,usrGroup=ectobea,usrAuth=True,application=\"dat\",osUsername=aUtenima,srcHost=turQuis4046.api.test,dbName=deomnisi,schemaName=olupta,bindVar=oll,sqlError=success,respSize=1127,respTime=55.870000,affRows=evelite,action=\"block\",rawQuery=\"iav\"", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.59.182.36,dstPort=5792,dbUsername=mtota,srcIP=10.18.150.82,srcPort=6648,creatTime=29 May 2017 05:37:24,srvGroup=rit,service=eumfu,appName=lors,event#=oluptat,eventType=Login,usrGroup=enimad,usrAuth=True,application=\"tis\",osUsername=qua,srcHost=con6049.internal.lan,dbName=quelaud,schemaName=luptat,bindVar=rinrep,sqlError=unknown,respSize=6112,respTime=135.357000,affRows=nimv,action=\"allow\",rawQuery=\"tconse\"", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=rem,createTime=2017-06-12 12:39:58,eventType=ulamcola,eventSev=very-high,username=llita,subsystem=ntsunt,message=\"nturmag\"", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.228.229.144,dstPort=3236,dbUsername=ametcons,srcIP=10.151.240.35,srcPort=3197,creatTime=2017-06-26 19:42:33,srvGroup=roquisq,service=uasi,appName=maveniam,event#=uis,eventType=lill,usrGroup=remeum,usrAuth=mmod,application=\"taevit\",osUsername=ama,srcHost=tatnonp1371.www.invalid,dbName=xercit,schemaName=lam,bindVar=asnu,sqlError=failure,respSize=4325,respTime=168.492000,affRows=eriam,action=\"cancel\",rawQuery=\"aquae\"", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.242.48.203,dstPort=1102,dbUsername=ese,srcIP=10.147.142.242,srcPort=2586,creatTime=2017-07-11 02:45:07,srvGroup=eca,service=ctionofd,appName=mpori,event#=olupt,eventType=Logout,usrGroup=ola,usrAuth=False,application=\"ptat\",osUsername=quasi,srcHost=tium3542.internal.invalid,dbName=squamest,schemaName=quisn,bindVar=pteu,sqlError=success,respSize=3970,respTime=11.548000,affRows=antium,action=\"block\",rawQuery=\"velillum\"", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=lapari,event#=Mal,createTime=2017-07-25 09:47:41,updateTime=itinvo,alertSev=very-high,group=paq,ruleName=\"emipsumq\",evntDesc=\"culpaq\",category=quamq,disposition=usan,eventType=tdolo,proto=ipv6,srcPort=4723,srcIP=10.213.165.165,dstPort=3787,dstIP=10.254.10.98,policyName=\"adipisc\",occurrences=7365,httpHost=tasnul,webMethod=uptasn,url=\"https://example.net/itati/oidentsu.gif?eporroqu=aturve#temqui\",webQuery=\"lup\",soapAction=aeca,resultCode=isau,sessionID=giat,username=ttenb,addUsername=eirure,responseTime=boreetd,responseSize=tNe,direction=outbound,dbUsername=eeufug,queryGroup=ntin,application=\"iades\",srcHost=radipis3991.mail.invalid,osUsername=civeli,schemaName=eufugia,dbName=utlabore,hdrName=tamr,action=\"cancel\",errormsg=\"success\"", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=onemul,createTime=2017-08-08 16:50:15,eventType=trudexe,eventSev=very-high,username=ura,subsystem=oreeufug,message=\"Quisa\"", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=llitani,event#=uscipit,createTime=2017-08-22 23:52:50,updateTime=luptat,alertSev=very-high,group=etco,ruleName=\"iuntN\",evntDesc=\"utfugi\",category=ursintoc,disposition=tio,eventType=mmodicon,proto=ipv6,srcPort=5439,srcIP=10.116.1.130,dstPort=3402,dstIP=10.169.28.157,policyName=\"exeacomm\",occurrences=1295,httpHost=ionula,webMethod=pexeaco,url=\"https://api.example.org/uamqua/Neq.gif?eumiu=nim#pteurs\",webQuery=\"ercitati\",soapAction=atem,resultCode=serro,sessionID=lumquid,username=eturadip,addUsername=amquaera,responseTime=rsitamet,responseSize=leumiur,direction=internal,dbUsername=utod,queryGroup=olesti,application=\"edquia\",srcHost=ihi7294.www5.localhost,osUsername=reseo,schemaName=amco,dbName=ons,hdrName=onsecte,action=\"accept\",errormsg=\"unknown\"", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.29.138.31,dstPort=5871,dbUsername=volupta,srcIP=10.45.69.152,srcPort=4083,creatTime=6 September 2017 06:55:24,srvGroup=emi,service=uaerat,appName=iduntu,event#=samvol,eventType=Login,usrGroup=equa,usrAuth=False,application=\"apari\",osUsername=tsunt,srcHost=caecat4920.api.host,dbName=enim,schemaName=umq,bindVar=sistena,sqlError=failure,respSize=744,respTime=33.416000,affRows=temquia,action=\"deny\",rawQuery=\"eumiu\"", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.152.213.228,dstPort=3387,dbUsername=ptatev,srcIP=10.100.113.11,srcPort=6971,creatTime=2017-09-20 13:57:58,srvGroup=aliqu,service=sequine,appName=utaliqui,event#=isciv,eventType=Logout,usrGroup=osqu,usrAuth=False,application=\"ptatemse\",osUsername=itationu,srcHost=setquas6188.internal.local,dbName=magnaali,schemaName=velillum,bindVar=ionev,sqlError=success,respSize=7245,respTime=131.118000,affRows=ameaq,action=\"cancel\",rawQuery=\"Except\"", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=uiac,createTime=2017-10-04 21:00:32,eventType=tquii,eventSev=low,username=reme,subsystem=emeumfu,message=\"inBCSedu\"", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.208.33.55,dstPort=1849,dbUsername=ulapari,srcIP=10.248.102.129,srcPort=3510,creatTime=2017-10-19 04:03:07,srvGroup=iatn,service=saquaeab,appName=eli,event#=rissusci,eventType=Logout,usrGroup=ectetur,usrAuth=True,application=\"dictasun\",osUsername=inimv,srcHost=nibusBo3674.www5.localhost,dbName=ntut,schemaName=mremaper,bindVar=uteirur,sqlError=unknown,respSize=6433,respTime=111.360000,affRows=isni,action=\"accept\",rawQuery=\"quovo\"", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.203.164.132,dstPort=6213,dbUsername=mporin,srcIP=10.109.230.216,srcPort=4447,creatTime=2017-11-02 11:05:41,srvGroup=uov,service=pariat,appName=icaboNe,event#=boreetd,eventType=Logout,usrGroup=uir,usrAuth=True,application=\"rumex\",osUsername=ectobea,srcHost=totamr7676.www5.home,dbName=imadm,schemaName=ibus,bindVar=lumdol,sqlError=success,respSize=547,respTime=166.971000,affRows=reprehe,action=\"block\",rawQuery=\"ihil\"", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.151.203.60,dstPort=482,dbUsername=dol,srcIP=10.117.81.75,srcPort=3365,creatTime=16 November 2017 18:08:15,srvGroup=iciatis,service=agn,appName=cul,event#=tate,eventType=Login,usrGroup=psam,usrAuth=True,application=\"itaedi\",osUsername=exeac,srcHost=idents7231.mail.home,dbName=veniamqu,schemaName=iconsequ,bindVar=ueporr,sqlError=unknown,respSize=484,respTime=27.563000,affRows=tur,action=\"block\",rawQuery=\"onorumet\"", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.224.217.153,dstPort=6339,dbUsername=eriti,srcIP=10.45.152.205,srcPort=6907,creatTime=1 December 2017 01:10:49,srvGroup=riame,service=datatn,appName=seq,event#=mquis,eventType=Login,usrGroup=tur,usrAuth=True,application=\"itation\",osUsername=utlabo,srcHost=tat50.mail.host,dbName=essequam,schemaName=imav,bindVar=mtot,sqlError=success,respSize=922,respTime=17.709000,affRows=prehend,action=\"allow\",rawQuery=\"liquid\"", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=umq,event#=ipsu,createTime=2017-12-15 08:13:24,updateTime=oremip,alertSev=low,group=odit,ruleName=\"vol\",evntDesc=\"epteurs\",category=itse,disposition=rever,eventType=sBonoru,proto=udp,srcPort=2652,srcIP=10.60.164.100,dstPort=5119,dstIP=10.1.193.187,policyName=\"yCice\",occurrences=508,httpHost=ionem,webMethod=taevitae,url=\"https://api.example.net/quam/saute.htm?nostru=docons#emipsumq\",webQuery=\"orinr\",soapAction=ineavol,resultCode=umdo,sessionID=tass,username=ugi,addUsername=riat,responseTime=atvol,responseSize=emipsum,direction=internal,dbUsername=uameiu,queryGroup=quiado,application=\"conse\",srcHost=mips3283.corp,osUsername=hite,schemaName=adipis,dbName=abo,hdrName=suntex,action=\"allow\",errormsg=\"failure\"", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.248.244.203,dstPort=806,dbUsername=mquamei,srcIP=10.146.228.234,srcPort=4346,creatTime=2017-12-29 15:15:58,srvGroup=rissusci,service=uaturQ,appName=iusmod,event#=susc,eventType=taed,usrGroup=eatae,usrAuth=siutali,application=\"oloremq\",osUsername=sum,srcHost=aliquip7229.mail.domain,dbName=doe,schemaName=eiusm,bindVar=oremipsu,sqlError=failure,respSize=3058,respTime=133.358000,affRows=llum,action=\"allow\",rawQuery=\"mto\"", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.122.127.237,dstPort=1138,dbUsername=consecte,srcIP=10.86.121.152,srcPort=3971,creatTime=2018-01-12 22:18:32,srvGroup=mquamei,service=litesse,appName=fug,event#=liquid,eventType=Logout,usrGroup=uidex,usrAuth=False,application=\"umdolo\",osUsername=nimv,srcHost=fde7756.mail.corp,dbName=usmod,schemaName=ine,bindVar=qui,sqlError=success,respSize=2771,respTime=136.167000,affRows=orsitame,action=\"block\",rawQuery=\"ipex\"", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.201.223.119,dstPort=3614,dbUsername=rcit,srcIP=10.204.223.184,srcPort=6092,creatTime=2018-01-27 05:21:06,srvGroup=giat,service=nculpa,appName=olupt,event#=tvol,eventType=Logout,usrGroup=ostru,usrAuth=True,application=\"mea\",osUsername=tuserror,srcHost=agnama5013.internal.example,dbName=boreetdo,schemaName=teni,bindVar=iin,sqlError=unknown,respSize=4113,respTime=161.837000,affRows=tNeq,action=\"block\",rawQuery=\"liq\"", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.200.12.126,dstPort=2347,dbUsername=magnido,srcIP=10.223.56.33,srcPort=5899,creatTime=10 February 2018 12:23:41,srvGroup=ing,service=amal,appName=aliq,event#=utem,eventType=Login,usrGroup=oreetd,usrAuth=True,application=\"itatis\",osUsername=Nequepo,srcHost=edictas4693.home,dbName=borisnis,schemaName=elitsedd,bindVar=hitecto,sqlError=failure,respSize=3243,respTime=75.415000,affRows=imven,action=\"block\",rawQuery=\"hende\"", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=deseru,event#=aquioff,createTime=2018-02-24 19:26:15,updateTime=cip,alertSev=very-high,group=onsequat,ruleName=\"tiumd\",evntDesc=\"atuse\",category=imad,disposition=tura,eventType=equuntur,proto=ipv6,srcPort=428,srcIP=10.94.89.177,dstPort=1752,dstIP=10.65.225.101,policyName=\"nulapari\",occurrences=2513,httpHost=ostrumex,webMethod=eruntmol,url=\"https://internal.example.com/imide/uiineav.htm?lloinve=eni#asia\",webQuery=\"edquiac\",soapAction=psamvolu,resultCode=teturad,sessionID=ritq,username=tuserror,addUsername=tla,responseTime=orroq,responseSize=modtempo,direction=outbound,dbUsername=uptate,queryGroup=sumqui,application=\"eritin\",srcHost=nibu2565.api.local,osUsername=citation,schemaName=emquel,dbName=rspiciat,hdrName=iavol,action=\"cancel\",errormsg=\"unknown\"", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.65.174.196,dstPort=472,dbUsername=iin,srcIP=10.191.184.105,srcPort=6821,creatTime=2018-03-11 02:28:49,srvGroup=iat,service=orain,appName=equaturQ,event#=llu,eventType=quaUt,usrGroup=labor,usrAuth=oris,application=\"tatemse\",osUsername=uta,srcHost=tsun7120.home,dbName=per,schemaName=tione,bindVar=nibus,sqlError=unknown,respSize=5836,respTime=61.864000,affRows=olo,action=\"deny\",rawQuery=\"BCSedutp\"", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=tdolor,event#=Ute,createTime=2018-03-25 09:31:24,updateTime=tura,alertSev=very-high,group=umSecti,ruleName=\"eabil\",evntDesc=\"ibusB\",category=rporis,disposition=etco,eventType=mip,proto=rdp,srcPort=6078,srcIP=10.224.148.48,dstPort=2803,dstIP=10.41.181.179,policyName=\"siarch\",occurrences=7468,httpHost=setq,webMethod=rumwr,url=\"https://api.example.com/ptatem/mporain.gif?corpo=commod#iumd\",webQuery=\"ntore\",soapAction=tect,resultCode=ion,sessionID=tutl,username=niam,addUsername=oru,responseTime=mcorp,responseSize=uelaud,direction=outbound,dbUsername=ameiu,queryGroup=utei,application=\"caecat\",srcHost=lumquid6940.mail.localdomain,osUsername=equepor,schemaName=iosamn,dbName=erspicia,hdrName=neavolup,action=\"deny\",errormsg=\"success\"", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.21.208.103,dstPort=5543,dbUsername=imidest,srcIP=10.21.61.134,srcPort=6124,creatTime=2018-04-08 16:33:58,srvGroup=iacon,service=ncu,appName=quaturve,event#=ciad,eventType=Logout,usrGroup=diconseq,usrAuth=False,application=\"utod\",osUsername=ostr,srcHost=amcorp7299.api.example,dbName=uptatem,schemaName=mipsa,bindVar=nproide,sqlError=success,respSize=7766,respTime=91.186000,affRows=siutali,action=\"deny\",rawQuery=\"nemullam\"", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.23.6.216,dstPort=4578,dbUsername=iarchit,srcIP=10.221.192.116,srcPort=4688,creatTime=2018-04-22 23:36:32,srvGroup=usBonor,service=mide,appName=sten,event#=enderi,eventType=Logout,usrGroup=labore,usrAuth=False,application=\"uasiarch\",osUsername=iamquisn,srcHost=magnama868.api.local,dbName=Section,schemaName=tevelite,bindVar=esciunt,sqlError=success,respSize=639,respTime=6.388000,affRows=borisnis,action=\"accept\",rawQuery=\"oremagn\"", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=rcita,event#=ataev,createTime=2018-05-07 06:39:06,updateTime=oris,alertSev=very-high,group=tate,ruleName=\"tutlabo\",evntDesc=\"nto\",category=sciv,disposition=tlabo,eventType=nsequun,proto=ipv6,srcPort=2976,srcIP=10.191.142.143,dstPort=5850,dstIP=10.240.62.238,policyName=\"sintoc\",occurrences=7580,httpHost=laboris,webMethod=ali,url=\"https://www5.example.net/aUten/edutpers.gif?apariatu=mnisis#onsequa\",webQuery=\"sunt\",soapAction=orumSe,resultCode=olupta,sessionID=emveleum,username=modtempo,addUsername=mfugi,responseTime=roqui,responseSize=ntutlabo,direction=external,dbUsername=isq,queryGroup=eacommo,application=\"amqua\",srcHost=tionevol3157.mail.invalid,osUsername=nofde,schemaName=animide,dbName=Lore,hdrName=oin,action=cancel", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=ecatcu,event#=entoreve,createTime=2018-05-21 13:41:41,updateTime=ion,alertSev=very-high,group=onev,ruleName=\"atu\",evntDesc=\"adeseru\",category=sitas,disposition=eni,eventType=cte,proto=igmp,srcPort=3124,srcIP=10.178.79.217,dstPort=7499,dstIP=10.111.22.134,policyName=\"datatno\",occurrences=3538,httpHost=siar,webMethod=orisnis,url=\"https://www.example.net/mvolup/pidat.jpg?ents=nsec#iaeco\",webQuery=\"ommodoco\",soapAction=ritinv,resultCode=rita,sessionID=oidents,username=ccusan,addUsername=inimav,responseTime=quel,responseSize=ugitsed,direction=external,dbUsername=idolor,queryGroup=xplic,application=\"stenat\",srcHost=mquis319.api.local,osUsername=inibusBo,schemaName=tqui,dbName=sequun,hdrName=nimadm,action=deny", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.161.225.172,dstPort=3708,dbUsername=meaqu,srcIP=10.77.86.215,srcPort=6390,creatTime=4 June 2018 20:44:15,srvGroup=con,service=aeabil,appName=iumtot,event#=edicta,eventType=Login,usrGroup=itaspern,usrAuth=False,application=\"tau\",osUsername=rcit,srcHost=urad5712.api.host,dbName=sitamet,schemaName=xerc,bindVar=mcolabor,sqlError=success,respSize=7286,respTime=143.926000,affRows=evita,action=\"block\",rawQuery=\"ant\"", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.186.133.184,dstPort=7864,dbUsername=boriosa,srcIP=10.211.161.187,srcPort=843,creatTime=2018-06-19 03:46:49,srvGroup=laud,service=uido,appName=uis,event#=msequin,eventType=autem,usrGroup=mporai,usrAuth=ipi,application=\"qua\",osUsername=acons,srcHost=enbyCic4659.www5.example,dbName=orroqui,schemaName=sci,bindVar=psamvolu,sqlError=unknown,respSize=1578,respTime=66.164000,affRows=temse,action=\"deny\",rawQuery=\"onevol\"", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.160.147.230,dstPort=2126,dbUsername=nimvenia,srcIP=10.254.198.47,srcPort=3925,creatTime=2018-07-03 10:49:23,srvGroup=lit,service=quin,appName=adipisc,event#=sedqui,eventType=ueporroq,usrGroup=dolo,usrAuth=adm,application=\"dolor\",osUsername=ndeomnis,srcHost=inBCSed5308.api.corp,dbName=modicons,schemaName=illoin,bindVar=rinre,sqlError=unknown,respSize=5988,respTime=34.664000,affRows=olorem,action=\"cancel\",rawQuery=\"dquiaco\"", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.40.24.93,dstPort=7487,dbUsername=mSecti,srcIP=10.182.197.243,srcPort=3687,creatTime=2018-07-17 17:51:58,srvGroup=xerci,service=qua,appName=iaecons,event#=pteurs,eventType=Logout,usrGroup=intocc,usrAuth=True,application=\"abo\",osUsername=orisnis,srcHost=reseo2067.api.localdomain,dbName=nsectetu,schemaName=exerci,bindVar=lit,sqlError=success,respSize=4129,respTime=171.277000,affRows=ono,action=\"cancel\",rawQuery=\"equuntu\"", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.249.13.159,dstPort=3023,dbUsername=uisautei,srcIP=10.108.130.106,srcPort=7601,creatTime=1 August 2018 00:54:32,srvGroup=scinge,service=lum,appName=iinea,event#=xercit,eventType=Login,usrGroup=reh,usrAuth=False,application=\"velitess\",osUsername=colab,srcHost=itte6905.mail.invalid,dbName=tesseq,schemaName=exeacomm,bindVar=uptat,sqlError=success,respSize=1044,respTime=112.679000,affRows=ptatema,action=\"cancel\",rawQuery=\"cepteurs\"", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=ioffic,event#=rumetMal,createTime=2018-08-15 07:57:06,updateTime=tiumtot,alertSev=very-high,group=caboNe,ruleName=\"ptate\",evntDesc=\"enimips\",category=Nequepor,disposition=nisiu,eventType=ptat,proto=ggp,srcPort=4082,srcIP=10.64.94.174,dstPort=3852,dstIP=10.39.244.49,policyName=\"ctas\",occurrences=7128,httpHost=sequ,webMethod=gna,url=\"https://internal.example.org/aev/uovolup.txt?aqueip=aqueip#rautod\",webQuery=\"tur\",soapAction=minimav,resultCode=uovo,sessionID=aven,username=Sedut,addUsername=stiaec,responseTime=rveli,responseSize=serr,direction=internal,dbUsername=uid,queryGroup=lamcor,application=\"rorsitv\",srcHost=caboNemo274.www.host,osUsername=estiae,schemaName=iunt,dbName=eFinibu,hdrName=uisaut,action=cancel", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=odit,createTime=2018-08-29 14:59:40,eventType=ercitati,eventSev=very-high,username=imad,subsystem=olo,message=\"deserun\"", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=scingeli,createTime=2018-09-12 22:02:15,eventType=uatDuis,eventSev=medium,username=apari,subsystem=itesseci,message=\"utali\"", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.115.203.143,dstPort=6889,dbUsername=utoditau,srcIP=10.134.135.22,srcPort=1809,creatTime=27 September 2018 05:04:49,srvGroup=serror,service=itl,appName=Bonoru,event#=rumetMa,eventType=Login,usrGroup=entor,usrAuth=False,application=\"urere\",osUsername=involu,srcHost=qui5978.api.test,dbName=amre,schemaName=orpori,bindVar=sistena,sqlError=failure,respSize=7868,respTime=5.277000,affRows=borisn,action=\"cancel\",rawQuery=\"quatu\"", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.43.244.252,dstPort=1752,dbUsername=inculp,srcIP=10.251.212.166,srcPort=3925,creatTime=11 October 2018 12:07:23,srvGroup=iur,service=aboNemo,appName=tsedquia,event#=ididun,eventType=Login,usrGroup=tatiset,usrAuth=False,application=\"enim\",osUsername=gnido,srcHost=iamq2577.internal.corp,dbName=uisa,schemaName=uptat,bindVar=siutal,sqlError=unknown,respSize=6947,respTime=144.976000,affRows=tempori,action=\"accept\",rawQuery=\"lamco\"", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=nimve,createTime=2018-10-25 19:09:57,eventType=edutpe,eventSev=medium,username=isunde,subsystem=nimadm,message=\"cepte\"", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.20.231.188,dstPort=1200,dbUsername=tesseq,srcIP=10.88.189.164,srcPort=1373,creatTime=2018-11-09 02:12:32,srvGroup=iusmod,service=aincid,appName=giatq,event#=tion,eventType=Logout,usrGroup=tNeque,usrAuth=False,application=\"uidolore\",osUsername=uatDuisa,srcHost=usB4127.localhost,dbName=ufugia,schemaName=mqu,bindVar=remagna,sqlError=failure,respSize=1623,respTime=33.468000,affRows=Uteni,action=\"cancel\",rawQuery=\"porinci\"", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=edd,createTime=2018-11-23 09:15:06,eventType=uianon,eventSev=low,username=quamquae,subsystem=aaliq,message=\"nos\"", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.231.77.26,dstPort=7082,dbUsername=rehe,srcIP=10.225.11.197,srcPort=3513,creatTime=7 December 2018 16:17:40,srvGroup=siarchi,service=seddoeiu,appName=lorinrep,event#=isq,eventType=Login,usrGroup=quines,usrAuth=False,application=\"entsu\",osUsername=ineavol,srcHost=abor3266.mail.home,dbName=voluptat,schemaName=volu,bindVar=iutaliqu,sqlError=failure,respSize=3064,respTime=61.960000,affRows=iusmo,action=\"allow\",rawQuery=\"uovo\"", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.148.3.197,dstPort=979,dbUsername=usa,srcIP=10.106.166.105,srcPort=4567,creatTime=2018-12-21 23:20:14,srvGroup=oremagna,service=siuta,appName=amnihil,event#=nderit,eventType=ficia,usrGroup=tru,usrAuth=tionu,application=\"natuser\",osUsername=olupt,srcHost=eprehe2455.www.home,dbName=smo,schemaName=avolup,bindVar=litse,sqlError=failure,respSize=2658,respTime=84.894000,affRows=untutlab,action=\"allow\",rawQuery=\"byCicer\"", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.172.121.239,dstPort=5339,dbUsername=iuta,srcIP=10.57.169.205,srcPort=3093,creatTime=2019-01-05 06:22:49,srvGroup=reeufugi,service=oloree,appName=xeaco,event#=urm,eventType=Logout,usrGroup=mpo,usrAuth=False,application=\"cept\",osUsername=ctas,srcHost=destla2110.www5.localdomain,dbName=inea,schemaName=ipsu,bindVar=iden,sqlError=failure,respSize=392,respTime=19.061000,affRows=reetd,action=\"cancel\",rawQuery=\"maven\"", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.129.234.200,dstPort=3833,dbUsername=tisundeo,srcIP=10.42.218.103,srcPort=3315,creatTime=19 January 2019 13:25:23,srvGroup=mnis,service=tametco,appName=snisiut,event#=lit,eventType=Login,usrGroup=laborio,usrAuth=False,application=\"aaliqu\",osUsername=tevelit,srcHost=exerc3694.api.home,dbName=consec,schemaName=dquia,bindVar=cep,sqlError=success,respSize=6709,respTime=34.273000,affRows=volupta,action=\"allow\",rawQuery=\"ipex\"", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.111.132.221,dstPort=2262,dbUsername=ali,srcIP=10.76.121.224,srcPort=4305,creatTime=2019-02-02 20:27:57,srvGroup=xcep,service=ehen,appName=remap,event#=mUt,eventType=Logout,usrGroup=admi,usrAuth=True,application=\"siarch\",osUsername=oloremi,srcHost=ididu5928.www5.local,dbName=tNe,schemaName=scive,bindVar=tcupi,sqlError=unknown,respSize=6155,respTime=139.491000,affRows=Sed,action=\"cancel\",rawQuery=\"ita\"", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.195.8.141,dstPort=4342,dbUsername=enimip,srcIP=10.17.214.21,srcPort=4821,creatTime=17 February 2019 03:30:32,srvGroup=umquiado,service=taspe,appName=empori,event#=mipsum,eventType=Login,usrGroup=tium,usrAuth=True,application=\"riaturE\",osUsername=ota,srcHost=boriosa7066.www.corp,dbName=Nequep,schemaName=dolo,bindVar=exeacom,sqlError=success,respSize=469,respTime=146.775000,affRows=eufugiat,action=\"accept\",rawQuery=\"non\"", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.173.13.179,dstPort=1211,dbUsername=ptasn,srcIP=10.179.60.167,srcPort=1124,creatTime=2019-03-03 10:33:06,srvGroup=amqui,service=itatise,appName=utlab,event#=ostr,eventType=Logout,usrGroup=liqu,usrAuth=True,application=\"cons\",osUsername=apar,srcHost=ssusc1892.internal.host,dbName=xplic,schemaName=isn,bindVar=quepor,sqlError=failure,respSize=758,respTime=58.800000,affRows=etur,action=\"block\",rawQuery=\"cusan\"", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.42.135.34,dstPort=4361,dbUsername=tiset,srcIP=10.178.190.123,srcPort=3288,creatTime=2019-03-17 17:35:40,srvGroup=xercitat,service=ueporr,appName=utlab,event#=entoreve,eventType=Logout,usrGroup=lmolest,usrAuth=False,application=\"ser\",osUsername=ore,srcHost=iatisund424.mail.localdomain,dbName=tametcon,schemaName=orsi,bindVar=ull,sqlError=success,respSize=2290,respTime=1.468000,affRows=etdolore,action=\"cancel\",rawQuery=\"ore\"", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=ectetur,createTime=2019-04-01 00:38:14,eventType=cons,eventSev=medium,username=fugit,subsystem=dantiu,message=\"ntutla\"", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.207.198.239,dstPort=4735,dbUsername=Loremips,srcIP=10.8.147.176,srcPort=5920,creatTime=15 April 2019 07:40:49,srvGroup=odtem,service=ite,appName=tseddo,event#=ptatems,eventType=Login,usrGroup=ori,usrAuth=False,application=\"exerc\",osUsername=aUteni,srcHost=uidolo7626.local,dbName=rchite,schemaName=incididu,bindVar=idolor,sqlError=failure,respSize=3043,respTime=36.712000,affRows=oinB,action=\"accept\",rawQuery=\"econsequ\"", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.116.26.185,dstPort=595,dbUsername=oNe,srcIP=10.206.221.180,srcPort=6818,creatTime=2019-04-29 14:43:23,srvGroup=repr,service=idu,appName=otam,event#=amquaera,eventType=rumS,usrGroup=uelau,usrAuth=quidolor,application=\"cca\",osUsername=litesseq,srcHost=dmini3435.internal.domain,dbName=rumexerc,schemaName=nseq,bindVar=quisnost,sqlError=unknown,respSize=3218,respTime=26.485000,affRows=orisnisi,action=\"block\",rawQuery=\"nul\"", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.86.180.150,dstPort=5495,dbUsername=mnisis,srcIP=10.253.127.130,srcPort=5339,creatTime=2019-05-13 21:45:57,srvGroup=isciveli,service=urve,appName=sundeomn,event#=tasu,eventType=Logout,usrGroup=equunt,usrAuth=True,application=\"uat\",osUsername=itasper,srcHost=nibusBo1864.domain,dbName=ent,schemaName=etconsec,bindVar=docons,sqlError=failure,respSize=4564,respTime=4.592000,affRows=mremap,action=\"allow\",rawQuery=\"sperna\"", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=mexe,event#=sequatDu,createTime=2019-05-28 04:48:31,updateTime=ssuscip,alertSev=high,group=ciade,ruleName=\"busBonor\",evntDesc=\"enima\",category=emseq,disposition=osamni,eventType=umetMa,proto=ipv6-icmp,srcPort=4469,srcIP=10.220.175.201,dstPort=579,dstIP=10.158.161.5,policyName=\"eab\",occurrences=4098,httpHost=ciduntut,webMethod=atisu,url=\"https://internal.example.com/architec/incul.txt?aborios=mco#amnisiu\",webQuery=\"suntincu\",soapAction=lore,resultCode=equatu,sessionID=enbyCi,username=dolo,addUsername=adipi,responseTime=beata,responseSize=evelites,direction=inbound,dbUsername=tNeq,queryGroup=umtot,application=\"eumiurer\",srcHost=inv6528.www5.example,osUsername=rrors,schemaName=dolo,dbName=tsed,hdrName=corpori,action=allow", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,event#=uioff,createTime=2019-06-11 11:51:06,eventType=ema,eventSev=low,username=mpo,subsystem=deritinv,message=\"ten\"", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.150.27.144,dstPort=5627,dbUsername=res,srcIP=10.248.16.82,srcPort=6834,creatTime=25 June 2019 18:53:40,srvGroup=loinv,service=umd,appName=madmi,event#=xercit,eventType=Login,usrGroup=avolup,usrAuth=True,application=\"etdo\",osUsername=tuserror,srcHost=nisiutal4437.www.example,dbName=uipex,schemaName=ditautf,bindVar=orr,sqlError=failure,respSize=4367,respTime=25.972000,affRows=uptas,action=\"cancel\",rawQuery=\"osquira\"", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.146.131.76,dstPort=2281,dbUsername=orsi,srcIP=10.173.19.140,srcPort=7780,creatTime=2019-07-10 01:56:14,srvGroup=atu,service=ddo,appName=veli,event#=ata,eventType=Logout,usrGroup=untmoll,usrAuth=False,application=\"ididun\",osUsername=olo,srcHost=tqui5172.www.local,dbName=untex,schemaName=Except,bindVar=elitsedd,sqlError=failure,respSize=5844,respTime=52.550000,affRows=cingel,action=\"allow\",rawQuery=\"seos\"", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.69.5.227,dstPort=5845,dbUsername=doloreme,srcIP=10.171.175.165,srcPort=5776,creatTime=2019-07-24 08:58:48,srvGroup=taspe,service=litess,appName=enimadm,event#=corpori,eventType=onemull,usrGroup=emeu,usrAuth=uisaute,application=\"tvol\",osUsername=ntocc,srcHost=intocca6708.mail.corp,dbName=dquiaco,schemaName=rumw,bindVar=ula,sqlError=failure,respSize=5201,respTime=46.690000,affRows=quam,action=\"deny\",rawQuery=\"edquian\"", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.213.214.118,dstPort=7851,dbUsername=ate,srcIP=10.253.175.129,srcPort=5547,creatTime=7 August 2019 16:01:23,srvGroup=rsi,service=tuser,appName=equinesc,event#=ectet,eventType=Login,usrGroup=emull,usrAuth=False,application=\"enatuser\",osUsername=epteurs,srcHost=isetqu2843.www.invalid,dbName=niamqu,schemaName=nrep,bindVar=lauda,sqlError=failure,respSize=6260,respTime=9.295000,affRows=aincidu,action=\"deny\",rawQuery=\"ipsamvol\"", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=estquido,event#=eufugiat,createTime=2019-08-21 23:03:57,updateTime=minima,alertSev=high,group=bor,ruleName=\"uisnos\",evntDesc=\"loi\",category=tation,disposition=seddoe,eventType=adol,proto=rdp,srcPort=7756,srcIP=10.149.91.130,dstPort=3548,dstIP=10.89.26.170,policyName=\"aqueipsa\",occurrences=5863,httpHost=ide,webMethod=atcupi,url=\"https://www.example.com/sit/ugi.gif?sitametc=rur#edut\",webQuery=\"sitametc\",soapAction=iarchite,resultCode=uide,sessionID=iono,username=aboris,addUsername=eturad,responseTime=ipiscive,responseSize=sequu,direction=internal,dbUsername=epteur,queryGroup=iqu,application=\"uptateve\",srcHost=commodo6041.mail.localhost,osUsername=atus,schemaName=orumetMa,dbName=inventor,hdrName=dolo,action=block", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=tmolli,event#=orumSe,createTime=2019-09-05 06:06:31,updateTime=mSe,alertSev=high,group=teturad,ruleName=\"alorumwr\",evntDesc=\"pis\",category=idol,disposition=mmodico,eventType=emaccu,proto=rdp,srcPort=5818,srcIP=10.52.106.68,dstPort=856,dstIP=10.81.108.232,policyName=\"atemq\",occurrences=5098,httpHost=volupta,webMethod=Quisaut,url=\"https://internal.example.net/obeatae/sedqui.jpg?nulap=onseq#amrem\",webQuery=\"plicab\",soapAction=isisten,resultCode=eiusmodt,sessionID=naaliq,username=aco,addUsername=psamvolu,responseTime=inculp,responseSize=eni,direction=inbound,dbUsername=sedqu,queryGroup=ipitlabo,application=\"olorinr\",srcHost=gitse6744.api.local,osUsername=neavolup,schemaName=uaturve,dbName=lapa,hdrName=uepor,action=\"allow\",errormsg=\"failure\"", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=umquamei,event#=nih,createTime=2019-09-19 13:09:05,updateTime=tionev,alertSev=high,group=quia,ruleName=\"eabill\",evntDesc=\"itatiset\",category=uaerat,disposition=met,eventType=isno,proto=icmp,srcPort=2572,srcIP=10.230.48.97,dstPort=1991,dstIP=10.223.10.28,policyName=\"emveleu\",occurrences=4029,httpHost=norumet,webMethod=tconse,url=\"https://mail.example.com/iaturE/inc.htm?uisaut=mnihilm#itinvo\",webQuery=\"lestia\",soapAction=anti,resultCode=eavo,sessionID=enderi,username=erit,addUsername=uptatem,responseTime=reeufug,responseSize=temveleu,direction=unknown,dbUsername=repre,queryGroup=consec,application=\"untmoll\",srcHost=par3605.internal.localdomain,osUsername=usmodte,schemaName=untex,dbName=ommodi,hdrName=ntiu,action=\"deny\",errormsg=\"success\"", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.115.42.231,dstPort=2143,dbUsername=res,srcIP=10.161.212.150,srcPort=2748,creatTime=3 October 2019 20:11:40,srvGroup=corporis,service=turExc,appName=urvelil,event#=ulapa,eventType=Login,usrGroup=abi,usrAuth=False,application=\"ameiusm\",osUsername=tasnul,srcHost=isau4356.www.home,dbName=niamqui,schemaName=sequamn,bindVar=onse,sqlError=failure,respSize=4846,respTime=6.993000,affRows=aliquaUt,action=\"deny\",rawQuery=\"natus\"", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=emp,event#=suscipit,createTime=2019-10-18 03:14:14,updateTime=iaconseq,alertSev=medium,group=sciuntNe,ruleName=\"nevo\",evntDesc=\"stiaec\",category=officia,disposition=ametcon,eventType=gnid,proto=ipv6,srcPort=5677,srcIP=10.226.75.20,dstPort=3896,dstIP=10.247.108.144,policyName=\"iutaliqu\",occurrences=3711,httpHost=onsectet,webMethod=iat,url=\"https://www5.example.org/elaud/temsequ.htm?dolo=iciatisu#eip\",webQuery=\"iquaUte\",soapAction=aborumSe,resultCode=writt,sessionID=dent,username=tema,addUsername=saquaeab,responseTime=rpo,responseSize=inr,direction=internal,dbUsername=edquiac,queryGroup=olore,application=\"urEx\",srcHost=labo3477.www5.domain,osUsername=maccusan,schemaName=fugia,dbName=psa,hdrName=iset,action=\"block\",errormsg=\"success\"", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.192.15.65,dstPort=3328,dbUsername=nimides,srcIP=10.97.22.61,srcPort=6420,creatTime=2019-11-01 10:16:48,srvGroup=labor,service=quelaud,appName=ira,event#=gna,eventType=aparia,usrGroup=ntoreve,usrAuth=remips,application=\"uptatemU\",osUsername=illumd,srcHost=itseddo2209.mail.domain,dbName=olu,schemaName=rExcep,bindVar=turExcep,sqlError=success,respSize=4173,respTime=166.270000,affRows=duntutla,action=\"block\",rawQuery=\"tmollit\"", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,alert#=venia,event#=Loremi,createTime=2019-11-15 17:19:22,updateTime=uisnostr,alertSev=medium,group=vol,ruleName=\"ommodi\",evntDesc=\"ritat\",category=dipi,disposition=asnulapa,eventType=atev,proto=tcp,srcPort=7469,srcIP=10.197.254.133,dstPort=2009,dstIP=10.116.76.161,policyName=\"tla\",occurrences=2608,httpHost=ender,webMethod=quid,url=\"https://mail.example.net/teturad/nimide.htm?ueporroq=writ#ema\",webQuery=\"ioffici\",soapAction=agni,resultCode=tat,sessionID=metconse,username=ide,addUsername=equu,responseTime=pernatur,responseSize=orem,direction=outbound,dbUsername=caecatc,queryGroup=iarc,application=\"emquia\",srcHost=duntutl3396.api.host,osUsername=idu,schemaName=trudex,dbName=ncul,hdrName=mcorpor,action=cancel", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.28.77.79,dstPort=3615,dbUsername=upta,srcIP=10.144.14.15,srcPort=1150,creatTime=30 November 2019 00:21:57,srvGroup=consequ,service=min,appName=riame,event#=gnaal,eventType=Login,usrGroup=nti,usrAuth=True,application=\"tetura\",osUsername=utlab,srcHost=colabo6686.internal.invalid,dbName=uptass,schemaName=rspic,bindVar=itsedq,sqlError=success,respSize=4810,respTime=22.348000,affRows=iut,action=\"deny\",rawQuery=\"nemu\"", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%IMPERVA-Imperva,dstIP=10.248.177.182,dstPort=317,dbUsername=quei,srcIP=10.18.15.43,srcPort=2224,creatTime=2019-12-14 07:24:31,srvGroup=reetdol,service=umtotam,appName=itaedi,event#=ant,eventType=tiumt,usrGroup=taedicta,usrAuth=mveniamq,application=\"exerci\",osUsername=quaturve,srcHost=tsunti1164.www.example,dbName=equatur,schemaName=caecat,bindVar=oreetd,sqlError=unknown,respSize=983,respTime=113.318000,affRows=nderit,action=\"accept\",rawQuery=\"icer\"", "tags": [ diff --git a/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml b/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml index 1bfc9206f29..7999aa75eb4 100644 --- a/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml +++ b/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Imperva SecureSphere processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/imperva/data_stream/securesphere/sample_event.json b/packages/imperva/data_stream/securesphere/sample_event.json index 88292fd00a6..83db52d4020 100644 --- a/packages/imperva/data_stream/securesphere/sample_event.json +++ b/packages/imperva/data_stream/securesphere/sample_event.json @@ -19,7 +19,7 @@ "port": 892 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/imperva/manifest.yml b/packages/imperva/manifest.yml index e3b683c8f8a..d6f1d824df9 100644 --- a/packages/imperva/manifest.yml +++ b/packages/imperva/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: imperva title: Imperva SecureSphere Logs -version: 0.8.0 +version: "0.9.0" description: Collect SecureSphere logs from Imperva devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/infoblox_nios/_dev/build/build.yml b/packages/infoblox_nios/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/infoblox_nios/_dev/build/build.yml +++ b/packages/infoblox_nios/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index af71c49ef4d..b972042f977 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.1.0" changes: - description: Initial draft of the package. diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json index 433cc284364..fff26ffcad8 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-03-18T13:24:41.705Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logout", @@ -57,7 +57,7 @@ { "@timestamp": "2022-04-13T16:44:36.850Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login_denied", @@ -112,7 +112,7 @@ { "@timestamp": "2022-03-21T08:53:51.087Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login_allowed", @@ -171,7 +171,7 @@ { "@timestamp": "2011-10-19T19:48:37.299Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login_allowed", @@ -224,7 +224,7 @@ { "@timestamp": "2011-10-19T14:02:32.750Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login_denied", @@ -273,7 +273,7 @@ { "@timestamp": "2011-10-19T12:43:47.375Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "first_login", @@ -321,7 +321,7 @@ { "@timestamp": "2011-10-19T13:07:33.343Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "password_reset_error", @@ -366,7 +366,7 @@ { "@timestamp": "2022-03-21T17:19:02.204Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified", @@ -413,7 +413,7 @@ { "@timestamp": "2022-03-24T09:37:29.261Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "created", @@ -460,7 +460,7 @@ { "@timestamp": "2022-03-18T11:46:38.877Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified", @@ -507,7 +507,7 @@ { "@timestamp": "2022-03-29T19:29:20.468Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "called", @@ -553,7 +553,7 @@ { "@timestamp": "2022-03-29T18:30:58.656Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "created", @@ -600,7 +600,7 @@ { "@timestamp": "2022-03-24T09:28:24.476Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "called", @@ -646,7 +646,7 @@ { "@timestamp": "2022-03-21T15:08:08.238Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "created", @@ -693,7 +693,7 @@ { "@timestamp": "2022-03-21T15:08:08.239Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "created", @@ -740,7 +740,7 @@ { "@timestamp": "2022-03-21T15:08:48.455Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deleted", @@ -787,7 +787,7 @@ { "@timestamp": "2022-03-22T13:26:54.596Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deleted", @@ -834,7 +834,7 @@ { "@timestamp": "2022-03-22T13:26:54.596Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "created", @@ -881,7 +881,7 @@ { "@timestamp": "2022-03-22T13:26:54.596Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified", @@ -928,7 +928,7 @@ { "@timestamp": "2022-03-18T12:40:05.241Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified", @@ -974,7 +974,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-18T13:40:05.000Z", @@ -1006,7 +1006,7 @@ { "@timestamp": "2022-03-29T19:29:20.468Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "called", @@ -1049,7 +1049,7 @@ { "@timestamp": "2022-03-21T17:19:02.204Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified", @@ -1092,7 +1092,7 @@ { "@timestamp": "2022-03-29T18:30:58.656Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "created", diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json index 3c5965e53a7..c69a8c6869e 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json @@ -7,7 +7,7 @@ "mac": "00-50-56-81-14-6C" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -52,7 +52,7 @@ "mac": "00-50-56-81-14-6C" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -99,7 +99,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpdiscover", @@ -148,7 +148,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpdiscover", @@ -199,7 +199,7 @@ "mac": "00-50-56-83-D0-F6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpdiscover", @@ -249,7 +249,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpdiscover", @@ -295,7 +295,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpdiscover", @@ -347,7 +347,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpoffer", @@ -408,7 +408,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpoffer", @@ -468,7 +468,7 @@ "mac": "26-9A-76-87-8A-06" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpoffer", @@ -525,7 +525,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpoffer", @@ -584,7 +584,7 @@ "mac": "CC-BB-CC-DD-EE-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpoffer", @@ -642,7 +642,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -702,7 +702,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -759,7 +759,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -815,7 +815,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -866,7 +866,7 @@ "mac": "00-50-56-83-D3-83" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -923,7 +923,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -979,7 +979,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -1033,7 +1033,7 @@ "mac": "00-50-56-83-96-03" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -1086,7 +1086,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -1136,7 +1136,7 @@ "mac": "9A-DF-6E-F6-1F-23" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -1189,7 +1189,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprequest", @@ -1247,7 +1247,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpack", @@ -1308,7 +1308,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpack", @@ -1368,7 +1368,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpack", @@ -1427,7 +1427,7 @@ "mac": "9A-DF-6E-F6-1F-23" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpack", @@ -1485,7 +1485,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpack", @@ -1546,7 +1546,7 @@ "mac": "CC-BB-CC-DD-EE-FF" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpack", @@ -1604,7 +1604,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprelease", @@ -1660,7 +1660,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcprelease", @@ -1713,7 +1713,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpexpire", @@ -1756,7 +1756,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpinform", @@ -1804,7 +1804,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpinform", @@ -1851,7 +1851,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpinform", @@ -1905,7 +1905,7 @@ "mac": "34-29-8F-71-B8-99" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpdecline", @@ -1957,7 +1957,7 @@ "mac": "00-C0-DD-07-18-E2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpdecline", @@ -2010,7 +2010,7 @@ "mac": "F4-30-B9-17-AB-0E" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpnak", @@ -2059,7 +2059,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpleasequery", @@ -2104,7 +2104,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2143,7 +2143,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2182,7 +2182,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2221,7 +2221,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2260,7 +2260,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2299,7 +2299,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2338,7 +2338,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2377,7 +2377,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2416,7 +2416,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2455,7 +2455,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2494,7 +2494,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index dbfb5bb2e90..05190cbe577 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -38,7 +38,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -96,7 +96,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -169,7 +169,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -226,7 +226,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -304,7 +304,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -352,7 +352,7 @@ "port": 59735 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-09T23:59:59.000Z", @@ -407,7 +407,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-09T23:59:59.000Z", @@ -449,7 +449,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -548,7 +548,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -602,7 +602,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -659,7 +659,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -705,7 +705,7 @@ "port": 46982 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -757,7 +757,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -809,7 +809,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -862,7 +862,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -915,7 +915,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -957,7 +957,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -1001,7 +1001,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -1046,7 +1046,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -1091,7 +1091,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -1144,7 +1144,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-04-14T16:17:20.000Z", @@ -1202,7 +1202,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-04-14T16:16:05.000Z", @@ -1253,7 +1253,7 @@ "port": 64727 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2022-04-14T16:16:05.000Z", diff --git a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 19bb214c9f7..5a31e19eb2e 100644 --- a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - grok: field: event.original patterns: diff --git a/packages/infoblox_nios/data_stream/log/sample_event.json b/packages/infoblox_nios/data_stream/log/sample_event.json index fdfd11ed44f..59ba7a36b80 100644 --- a/packages/infoblox_nios/data_stream/log/sample_event.json +++ b/packages/infoblox_nios/data_stream/log/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c7b29c0-78ea-4dd2-bbad-4092eeb1ee30", diff --git a/packages/infoblox_nios/docs/README.md b/packages/infoblox_nios/docs/README.md index 0ea4d81aad3..ab144a23f19 100644 --- a/packages/infoblox_nios/docs/README.md +++ b/packages/infoblox_nios/docs/README.md @@ -155,7 +155,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c7b29c0-78ea-4dd2-bbad-4092eeb1ee30", diff --git a/packages/infoblox_nios/manifest.yml b/packages/infoblox_nios/manifest.yml index def5dd278a5..6013d46b29b 100644 --- a/packages/infoblox_nios/manifest.yml +++ b/packages/infoblox_nios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox_nios title: Infoblox NIOS -version: 0.1.0 +version: "0.2.0" license: basic description: Collect logs from Infoblox NIOS with Elastic Agent. type: integration diff --git a/packages/iptables/_dev/build/build.yml b/packages/iptables/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/iptables/_dev/build/build.yml +++ b/packages/iptables/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index 679f2714863..06774db150a 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.11.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.10.1" changes: - description: Update sample event based on current pipeline. diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json index 076724ac819..b334c5f591a 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json @@ -8,7 +8,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -108,7 +108,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -208,7 +208,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -302,7 +302,7 @@ "mac": "90-10-28-5F-62-24" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "deny", @@ -359,7 +359,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop_input", @@ -438,7 +438,7 @@ "port": 1433 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop_input", @@ -502,7 +502,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop_input", @@ -581,7 +581,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop_input", @@ -660,7 +660,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop_input", @@ -739,7 +739,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop_input", @@ -803,7 +803,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop_input", @@ -870,7 +870,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop_input", @@ -937,7 +937,7 @@ "port": 139 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop_input", @@ -1001,7 +1001,7 @@ "port": 8088 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop_input", @@ -1072,7 +1072,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1135,7 +1135,7 @@ "mac": "90-10-12-34-56-78" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1204,7 +1204,7 @@ "port": 48689 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", @@ -1272,7 +1272,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", @@ -1348,7 +1348,7 @@ "port": 1443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -1431,7 +1431,7 @@ "port": 1443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", @@ -1506,7 +1506,7 @@ "port": 1443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json index f93dc9f5be3..691b3407e3f 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json @@ -20,7 +20,7 @@ "port": 40702 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json index 8dd960b2e8f..2d304b7b495 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json @@ -20,7 +20,7 @@ "port": 48689 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", @@ -88,7 +88,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", @@ -164,7 +164,7 @@ "port": 1443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -247,7 +247,7 @@ "port": 1443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", @@ -322,7 +322,7 @@ "port": 1443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "accept", @@ -395,7 +395,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -437,7 +437,7 @@ "port": 7914 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -479,7 +479,7 @@ "port": 51179 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -520,7 +520,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -562,7 +562,7 @@ "port": 51182 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -603,7 +603,7 @@ "port": 49209 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 0e7a4fe0b51..1bee1af60ef 100644 --- a/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for iptables logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # These two fields are treated as immutable in the case reindexing. - set: diff --git a/packages/iptables/data_stream/log/sample_event.json b/packages/iptables/data_stream/log/sample_event.json index c93360a79c4..4a6490ba3af 100644 --- a/packages/iptables/data_stream/log/sample_event.json +++ b/packages/iptables/data_stream/log/sample_event.json @@ -18,7 +18,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/iptables/docs/README.md b/packages/iptables/docs/README.md index 07ca0f3ac81..689cf04dc64 100644 --- a/packages/iptables/docs/README.md +++ b/packages/iptables/docs/README.md @@ -38,7 +38,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/iptables/manifest.yml b/packages/iptables/manifest.yml index 1e59217c77e..321ffeda57b 100644 --- a/packages/iptables/manifest.yml +++ b/packages/iptables/manifest.yml @@ -1,6 +1,6 @@ name: iptables title: Iptables Logs -version: "0.10.1" +version: "0.11.0" release: beta description: Collect and parse logs from iptables and ip6tables with Elastic Agent. type: integration diff --git a/packages/juniper_junos/_dev/build/build.yml b/packages/juniper_junos/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/juniper_junos/_dev/build/build.yml +++ b/packages/juniper_junos/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/juniper_junos/changelog.yml b/packages/juniper_junos/changelog.yml index 4d0e0d3edc3..28ddc31849c 100644 --- a/packages/juniper_junos/changelog.yml +++ b/packages/juniper_junos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.2.1" changes: - description: Added link to Jupiter Junos documentation diff --git a/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 09271e0daee..c201927371d 100644 --- a/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jan 29 06:09:59 ceroinBC.exe[6713]: RPD_SCHED_TASK_LONGRUNTIME: : exe ran for 7309(5049)", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Feb 12 13:12:33 DCD_FILTER_LIB_ERROR message repeated [7608]: llu: Filter library initialization failed", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Feb 26 20:15:08 MIB2D_TRAP_SEND_FAILURE: restart [6747]: sum: uaerat: cancel: success", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Mar 12 03:17:42 seq olorema6148.www.localdomain: fug5500.www.domain IFP trace\u003e node: dqu", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Mar 26 10:20:16 ssb SNMPD_CONTEXT_ERROR: [7400]: emq: isiu: success in 6237 context 5367", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 9 17:22:51 RPD_KRT_IFL_CELL_RELAY_MODE_UNSPECIFIED: restart [7618]: ionul: ifl : nibus, unknown", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 24 00:25:25 CHASSISD_SNMP_TRAP10 message repeated [1284]: ume: SNMP trap: failure: ono", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 8 07:27:59 sunt prehen6218.www.localhost: onse.exe[254]: RPD_KRT_IFL_CELL_RELAY_MODE_INVALID: : ifl : inibusBo, failure", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 22 14:30:33 iamquis quirat6972.www5.lan: isc.exe[3237]: SNMPD_USER_ERROR: : conseq: unknown in 6404 user 'atiset' 4068", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jun 5 21:33:08 fpc9 RPD_TASK_REINIT: [4621]: lita: Reinitializing", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jun 20 04:35:42 fpc4 LOGIN_FAILED: [2227]: oinBC: Login failed for user quameius from host ipsumdol4488.api.localdomain", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jul 4 11:38:16 NASD_PPP_SEND_PARTIAL: restart [3994]: aper: Unable to send all of message: santiumd", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jul 18 18:40:50 UI_COMMIT_AT_FAILED message repeated [7440]: temqu: success, minimav", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 2 01:43:25 rnatur ofdeFin7811.lan: emipsumd.exe[5020]: BOOTPD_NEW_CONF: : New configuration installed", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 16 08:45:59 RPD_RIP_JOIN_MULTICAST message repeated [60]: onemulla: Unable to join multicast group enp0s4292: unknown", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 30 15:48:33 FSAD_TERMINATED_CONNECTION: restart [6703]: xea: Open file ites` closed due to unknown", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Sep 13 22:51:07 RPD_KRT_IFL_GENERATION message repeated [5539]: eri: ifl lo2169 generation mismatch -- unknown", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Sep 28 05:53:42 cfeb UI_COMMIT_ROLLBACK_FAILED: [3453]: avolu: Automatic rollback failed", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Oct 12 12:56:16 mquisn.exe[3993]: RMOPD_usage : failure: midest", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Oct 26 19:58:50 undeomni.exe[4938]: RPD_ISIS_LSPCKSUM: : IS-IS 715 LSP checksum error, interface enp0s1965, LSP id tasun, sequence 3203, checksum eratv, lifetime ipsa", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 10 03:01:24 kmd: restart ", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 24 10:03:59 ever.exe[6463]: LOGIN_FAILED: : Login failed for user atq from host erspi4926.www5.test", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Dec 8 17:06:33 CHASSISD_MBUS_ERROR message repeated [72]: iadese: nisiu imad: management bus failed sanity test", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Dec 23 00:09:07 niamquis.exe[1471]: TFTPD_NAK_ERR : nak error ptatems, 357", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jan 6 07:11:41 UI_DUPLICATE_UID: restart [3350]: atqu: Users naturau have the same UID olorsita", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jan 20 14:14:16 piscivel.exe[4753]: TFTPD_CREATE_ERR: : check_space unknown", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Feb 3 21:16:50 fpc4 RPD_START: [1269]: riat: Start 181 version version built 7425", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Feb 18 04:19:24 fpc2 COSMAN: : uptasnul: delete class_to_ifl table 2069, ifl 3693", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Mar 4 11:21:59 orum oinBCSed3073.www.lan: ilm.exe[3193]: SNMPD_TRAP_QUEUE_MAX_ATTEMPTS: : fugiatqu: after 4003 attempts, deleting 4568 traps queued to exercita", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Mar 18 18:24:33 TFTPD_BIND_ERR: restart [1431]: ntut: bind: failure", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 2 01:27:07 lite ugia517.api.host: doei.exe[7073]: RPD_LDP_SESSIONDOWN: : LDP session 10.88.126.165 is down, failure", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 16 08:29:41 fpc6 SNMPD_CONTEXT_ERROR: [180]: eturadip: ent: unknown in 5848 context 316", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 30 15:32:16 NASD_CHAP_INVALID_CHAP_IDENTIFIER message repeated [796]: iumdo: lo2721: received aturv expected CHAP ID: ectetura", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 14 22:34:50 UI_LOAD_EVENT message repeated [6342]: seq: User 'moll' is performing a 'allow'", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 29 05:37:24 fdeFin.exe[4053]: SNMP_TRAP_TRACE_ROUTE_TEST_FAILED : traceRouteCtlOwnerIndex = 1450, traceRouteCtlTestName = edic", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jun 12 12:39:58 SNMPD_RTSLIB_ASYNC_EVENT: restart [508]: uae: oremip: sequence mismatch failure", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jun 26 19:42:33 tesse olupta2743.internal.localdomain: ine.exe[3181]: BOOTPD_TIMEOUT: : Timeout success unreasonable", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jul 11 02:45:07 NASD_RADIUS_MESSAGE_UNEXPECTED message repeated [33]: abore: Unknown response from RADIUS server: unknown", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jul 25 09:47:41 PWC_LOCKFILE_BAD_FORMAT: restart [3426]: illum: PID lock file has bad format: eprehe", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 8 16:50:15 snostr.exe[1613]: RPD_KRT_AFUNSUPRT : tec: received itaspe message with unsupported address family 4176", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 22 23:52:50 oreeufug.exe[6086]: PWC_PROCESS_FORCED_HOLD : Process plicaboN forcing hold down of child 619 until signal", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Sep 6 06:55:24 MIB2D_IFL_IFINDEX_FAILURE message repeated [4115]: tiu: SNMP index assigned to wri changed from 3902 to unknown", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Sep 20 13:57:58 mwr cia5990.api.localdomain: pitlabo.exe[3498]: UI_DBASE_MISMATCH_MAJOR: : Database header major version number mismatch for file 'ende': expecting 6053, got 4884", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Oct 4 21:00:32 iuntN utfugi851.www5.invalid: nul.exe[1005]: SNMPD_VIEW_INSTALL_DEFAULT: : eetdo: success installing default 1243 view 5146", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Oct 19 04:03:07 DCD_PARSE_STATE_EMERGENCY message repeated [2498]: uptatem: An unhandled state was encountered during interface parsing", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 2 11:05:41 loremagn acons3820.internal.home: ain.exe[7192]: LOGIN_PAM_MAX_RETRIES: : Too many retries while authenticating user iquipex", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 16 18:08:15 onorume.exe[3290]: BOOTPD_NO_BOOTSTRING : No boot string found for type veleu", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Dec 1 01:10:49 eirured sequamn5243.mail.home: sshd: sshd: SSHD_LOGIN_FAILED: Login failed for user 'ciatisun' from host '10.252.209.246'.", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Dec 15 08:13:24 COS: restart : Received FC-\u003eQ map, caecat", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Dec 29 15:15:58 cgatool message repeated : nvolupta: generated address is success", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jan 12 22:18:32 CHASSISD_SNMP_TRAP6 message repeated [4667]: idolor: SNMP trap generated: success (les)", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jan 27 05:21:06 ssb FLOW_REASSEMBLE_SUCCEED: : Packet merged source 10.102.228.136 destination 10.151.136.250 ipid upt succeed", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Feb 10 12:23:41 DFWD_PARSE_FILTER_EMERGENCY message repeated [2037]: serrorsi: tsedquia encountered errors while parsing filter index file", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Feb 24 19:26:15 remips laboreet5949.mail.test: tesse.exe[4358]: RPD_LDP_SESSIONDOWN: : LDP session 10.148.255.126 is down, unknown", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Mar 11 02:28:49 fpc2 NASD_CHAP_REPLAY_ATTACK_DETECTED: [mipsumqu]: turad: eth680.6195: received doloremi unknown.iciatis", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Mar 25 09:31:24 rema mcol7795.domain: mquis lsys_ssam_handler: : processing lsys root-logical-system tur", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 8 16:33:58 UI_LOST_CONN message repeated [7847]: loreeuf: Lost connection to daemon orainci", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 22 23:36:32 PWC_PROCESS_HOLD: restart [1791]: itse: Process lapari holding down child 2702 until signal", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 7 06:39:06 undeo ficiade4365.mail.domain: norum.exe[4443]: LIBSERVICED_SOCKET_BIND: : dantium: unable to bind socket ors: failure", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 21 13:41:41 liq eleumiu2852.lan: mfugiat.exe[3946]: LOGIN_FAILED: : Login failed for user olu from host mSect5899.domain", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jun 4 20:44:15 idolo.exe[6535]: MIB2D_IFL_IFINDEX_FAILURE: : SNMP index assigned to deseru changed from 6460 to unknown", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jun 19 03:46:49 modtempo.exe[5276]: CHASSISD_RELEASE_MASTERSHIP: : Release mastership notification", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jul 3 10:49:23 fpc4 PWC_PROCESS_HOLD: [3450]: dexea: Process aturExc holding down child 7343 until signal", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jul 17 17:51:58 ame.exe[226]: SERVICED_RTSOCK_SEQUENCE : boreet: routing socket sequence error, unknown", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 1 00:54:32 consect6919.mail.localdomain iset.exe[940]: idpinfo: urere", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 15 07:57:06 RPD_KRT_NOIFD: restart [4822]: oreeufug: No device 5020 for interface lo4593", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 29 14:59:40 eprehen oinB3432.api.invalid: citatio.exe[5029]: craftd: , unknown", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Sep 12 22:02:15 ACCT_CU_RTSLIB_error message repeated [7583]: eetd: liquide getting class usage statistics for interface enp0s2674: success", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Sep 27 05:04:49 userro oree nimadmi7341.www.home RT_FLOW - kmd [", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Oct 11 12:07:23 LOGIN_PAM_NONLOCAL_USER: restart [686]: rauto: User rese authenticated but has no local login ID", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Oct 25 19:09:57 doconse.exe[6184]: RPD_KRT_NOIFD : No device 5991 for interface enp0s7694", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 9 02:12:32 quidolor1064.www.domain: uspinfo: : flow_print_session_summary_output received rcita", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 23 09:15:06 RPD_TASK_REINIT: restart [1810]: mfugi: Reinitializing", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Dec 7 16:17:40 inibusBo.exe[2509]: ECCD_TRACE_FILE_OPEN_FAILED : allow: failure", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Dec 21 23:20:14 ECCD_TRACE_FILE_OPEN_FAILED message repeated [2815]: rudexer: accept: unknown", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jan 5 06:22:49 eseosqu oeius641.api.home: laud.exe[913]: LOGIN_FAILED: : Login failed for user turQ from host tod6376.mail.host", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jan 19 13:25:23 ine.exe[1578]: FSAD_CONNTIMEDOUT : Connection timed out to the client (oreve2538.www.localdomain, 10.44.24.103) having request type reprehen", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Feb 2 20:27:57 UI_SCHEMA_SEQUENCE_ERROR: restart [734]: rinre: Schema sequence number mismatch", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Feb 17 03:30:32 LIBJNX_EXEC_PIPE: restart [946]: olors: Unable to create pipes for command 'deny': unknown", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Mar 3 10:33:06 UI_DBASE_MISMATCH_EXTENT: restart [4686]: isnost: Database header extent mismatch for file 'lumdolor': expecting 559, got 7339", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Mar 17 17:35:40 NASD_usage message repeated [7744]: eumfu: unknown: quidex", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 1 00:38:14 /kmd: ", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 15 07:40:49 sshd message repeated : very-high: can't get client address: unknown", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Apr 29 14:43:23 fpc4 RPD_LDP_NBRUP: [4279]: stlaboru: LDP neighbor 10.248.68.242 (eth1282) is success", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 13 21:45:57 uun iduntutl4723.example: uel.exe[5770]: SNMPD_TRAP_QUEUE_DRAINED: : metco: traps queued to vel sent successfully", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 28 04:48:31 fpc8 ECCD_PCI_WRITE_FAILED: [4837]: radip: cancel: success", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jun 11 11:51:06 TFTPD_RECVCOMPLETE_INFO message repeated [7501]: piciatis: Received 3501 blocks of 5877 size for file 'tatisetq'", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jun 25 18:53:40 usp_trace_ipc_reconnect message repeated illum.exe:USP trace client cannot reconnect to server", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jul 10 01:56:14 amnis atevelit2799.internal.host: tatiset.exe IFP trace\u003e BCHIP: : cannot write ucode mask reg", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Jul 24 08:58:48 RPD_MPLS_LSP_DOWN message repeated [5094]: moditemp: MPLS LSP eth2042 unknown", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 7 16:01:23 CHASSISD_PARSE_INIT: restart [4153]: uatDuisa: Parsing configuration file 'usB'", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Aug 21 23:03:57 RMOPD_ROUTING_INSTANCE_NO_INFO: restart [6922]: upidatat: No information for routing instance non: failure", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Sep 5 06:06:31 Utenimad.exe[4305]: CHASSISD_TERM_SIGNAL: : Received SIGTERM request, success", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Sep 19 13:09:05 tseddo.exe[484]: RPD_OSPF_NBRUP : OSPF neighbor 10.49.190.163 (lo50) aUteni due to failure", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Oct 3 20:11:40 cfeb NASD_usage: [6968]: litseddo: failure: metconse", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Oct 18 03:14:14 RPD_LDP_NBRDOWN message repeated [4598]: emu: LDP neighbor 10.101.99.109 (eth4282) is success", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 1 10:16:48 RPD_RDISC_NOMULTI message repeated [4764]: con: Ignoring interface 594 on lo7449 -- unknown", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 15 17:19:22 BOOTPD_NEW_CONF: restart [1768]: isquames: New configuration installed", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Nov 30 00:21:57 SNMP_TRAP_LINK_DOWN message repeated [7368]: ngelit: ifIndex 4197, ifAdminStatus ons, ifOperStatus unknown, ifName lo3193", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "Dec 14 07:24:31 MIB2D_ATM_ERROR message repeated [4927]: udexerci: voluptat: failure", "tags": [ diff --git a/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml index ada8fd74ece..e17de445caf 100644 --- a/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Juniper JUNOS processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/juniper_junos/data_stream/log/sample_event.json b/packages/juniper_junos/data_stream/log/sample_event.json index 571e780ab8e..e37da3517d6 100644 --- a/packages/juniper_junos/data_stream/log/sample_event.json +++ b/packages/juniper_junos/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_junos/docs/README.md b/packages/juniper_junos/docs/README.md index 077678084fb..30b7fd9a463 100644 --- a/packages/juniper_junos/docs/README.md +++ b/packages/juniper_junos/docs/README.md @@ -24,7 +24,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_junos/manifest.yml b/packages/juniper_junos/manifest.yml index 23d0d28294e..82df0288247 100644 --- a/packages/juniper_junos/manifest.yml +++ b/packages/juniper_junos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_junos title: Juniper JunOS -version: 0.2.1 +version: "0.3.0" description: Collect logs from Juniper JunOS with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_netscreen/_dev/build/build.yml b/packages/juniper_netscreen/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/juniper_netscreen/_dev/build/build.yml +++ b/packages/juniper_netscreen/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/juniper_netscreen/changelog.yml b/packages/juniper_netscreen/changelog.yml index 722ca318d5b..41c3c150e8d 100644 --- a/packages/juniper_netscreen/changelog.yml +++ b/packages/juniper_netscreen/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.2.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index d5cb80af30f..86ee750bcfe 100644 --- a/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "modtempo: NetScreen device_id=olab system-low-00628(rci): audit log queue Event Alarm Log is overwritten (2016-1-29 06:09:59)", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "luptat: NetScreen device_id=isiutal [moenimi]system-low-00620(gnaali): RTSYNC: Timer to purge the DRP backup routes is stopped. (2016-2-12 13:12:33)", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "deomni: NetScreen device_id=tquovol [ntsuntin]system-medium-00062(tatno): Track IP IP address 10.159.227.210 succeeded. (ofdeF)", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "untutlab: NetScreen device_id=tem [ons]system-medium-00004: DNS lookup time has been changed to start at ationu:ali with an interval of nsect", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eve: NetScreen device_id=tatiset [eprehen]system-medium-00034(piscing): Ethernet driver ran out of rx bd (port 1044)", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eomnisis: NetScreen device_id=mqui [civeli]system-high-00026: SCS: SCS has been tasuntex for enp0s5377 .", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "rehender: NetScreen device_id=eporroqu [uat]system-high-00026(atquovo): SSH: Maximum number of PKA keys (suntinc) has been bound to user 'xeac' Key not bound. (Key ID nidolo)", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "intoccae: NetScreen device_id=ents [pida]system-low-00535(idolor): PKCS #7 data cannot be decapsulated", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "numqu: NetScreen device_id=qui [No Name]system-medium-00520: Active Server Switchover: New requests for equi server will try agnaali from now on. (2016-5-22 14:30:33)", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ipitla: NetScreen device_id=quae [maccusa]system-high-00072(rQuisau): NSRP: Unit idex of VSD group xerci aqu", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "atu: NetScreen device_id=umexerci [ern]system-low-00084(iadese): RTSYNC: NSRP route synchronization is nsectet", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dol: NetScreen device_id=leumiu [namali]system-medium-00527(atevel): MAC address 01:00:5e:11:0a:26 has detected an IP conflict and has declined address 10.90.127.74", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "acc: NetScreen device_id=amc [atur]system-low-00050(corp): Track IP enabled (2016-7-18 18:40:50)", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tper: NetScreen device_id=olor [Neque]system-medium-00524(xerc): SNMP request from an unknown SNMP community public at 10.61.30.190:2509 has been received. (2016-8-2 01:43:25)", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "etdol: NetScreen device_id=uela [boN]system-medium-00521: Can't connect to E-mail server 10.210.240.175", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ati: NetScreen device_id=tlabo [uames]system-medium-00553(mpo): SCAN-MGR: Set maximum content size to offi.", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "umwr: NetScreen device_id=oluptate [issus]system-high-00005(uaUteni): SYN flood udantium has been changed to pre", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tate: NetScreen device_id=imvenia [spi]system-high-00038(etdo): OSPF routing instance in vrouter urerepr is ese", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "smo: NetScreen device_id=etcons [iusmodi]system-medium-00012: ate Service group uiac has epte member idolo from host 10.170.139.87", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ersp: NetScreen device_id=tquov [diconseq]system-high-00551(mod): Rapid Deployment cannot start because gateway has undergone configuration changes. (2016-10-26 19:58:50)", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "mquame: NetScreen device_id=nihilmol [xercita]system-medium-00071(tiumt): The local device reetdolo in the Virtual Security Device group norum changed state", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "isnisi: NetScreen device_id=ritatise [uamei]system-medium-00057(quatur): uisa: static multicast route src=10.198.41.214, grp=cusant input ifp = lo2786 output ifp = eth3657 added", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "isis: NetScreen device_id=uasiar [utlab]system-high-00075(loremqu): The local device dantium in the Virtual Security Device group lor velillu", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "bor: NetScreen device_id=rauto [ationev]system-low-00039(mdol): BGP instance name created for vr itation", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "iaeco: NetScreen device_id=equaturv [siu]system-high-00262(veniamqu): Admin user rum has been rejected via the quaea server at 10.11.251.51", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "orroq: NetScreen device_id=vitaedic [orin]system-high-00038(ons): OSPF routing instance in vrouter remagn ecillu", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "enderit: NetScreen device_id=taut [tanimi]system-medium-00515(commodi): emporain Admin User \"ntiumto\" logged in for umetMalo(https) management (port 2206) from 10.80.237.27:2883", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ori: NetScreen device_id=tconsect [rum]system-high-00073(eporroq): NSRP: Unit ulla of VSD group iqu oin", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "mipsum: NetScreen device_id=lmo [aliquamq]system-medium-00030: X509 certificate for ScreenOS image authentication is invalid", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "orroqu: NetScreen device_id=elitsed [labore]system-medium-00034(erc): PPPoE Settings changed", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntNe: NetScreen device_id=itanim [nesciun]system-medium-00612: Switch event: the status of ethernet port mollita changed to link down , duplex full , speed 10 M. (2017-4-2 01:27:07)", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "quide: NetScreen device_id=quaU [undeomni]system-medium-00077(acomm): NSRP: local unit= iutali of VSD group itat stlaboru", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "emq: NetScreen device_id=plicaboN [amc]system-high-00536(acommo): IKE 10.10.77.119: Dropped packet because remote gateway OK is not used in any VPN tunnel configurations", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "scivel: NetScreen device_id=henderi [iusmodt]system-medium-00536(tquas): IKE 10.200.22.41: Received incorrect ID payload: IP address lorinr instead of IP address ercita", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "equu: NetScreen device_id=sintoc [atae]system-medium-00203(tem): mestq lsa flood on interface eth82 has dropped a packet.", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "iqui: NetScreen device_id=tesseci [tat]system-high-00011(cive): The virtual router nse has been made unsharable", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "rroqui: NetScreen device_id=ursin [utemvel]system-medium-00002: ADMIN AUTH: Privilege requested for unknown user atu. Possible HA syncronization problem.", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "orumSe: NetScreen device_id=dolor [isiut]system-high-00206(emagn): OSPF instance with router-id emulla received a Hello packet flood from neighbor (IP address 10.219.1.151, router ID mnihilm) on Interface enp0s3375 forcing the interface to drop the packet.", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eque: NetScreen device_id=eufug [est]system-medium-00075: The local device ntincul in the Virtual Security Device group reet tquo", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "imadmini: NetScreen device_id=ide [edq]system-medium-00026(tise): SSH: Attempt to unbind PKA key from admin user 'ntut' (Key ID emullam)", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ihilmole: NetScreen device_id=saquaea [ons]system-high-00048(quas): Route map entry with sequence number gia in route map binck-ospf in virtual router itatio was porinc (2017-8-22 23:52:50)", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "orum: NetScreen device_id=oinBCSed [orem]system-medium-00050(ilm): Track IP enabled (2017-9-6 06:55:24)", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ncididun: NetScreen device_id=hen [periamea]system-medium-00555: Vrouter ali PIMSM cannot process non-multicast address 10.158.18.51", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "umwri: NetScreen device_id=odoc [atura]system-high-00030: SYSTEM CPU utilization is high (oreeu \u003e nvo ) iamqui times in tassita minute (2017-10-4 21:00:32)\u003c\u003ccolabori\u003e", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inc: NetScreen device_id=tect [uiad]system-low-00003: The console debug buffer has been roinBCSe", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "nseq: NetScreen device_id=borumSec [tatemseq]system-medium-00026(dmi): SCS has been tam for eth7686 .", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "uiineavo: NetScreen device_id=sistena [uidexeac]system-high-00620(amquisno): RTSYNC: Event posted to send all the DRP routes to backup device. (2017-11-16 18:08:15)", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "sunt: NetScreen device_id=dquianon [urExc]system-high-00025(iamqui): PKI: The current device quide to save the certificate authority configuration.", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "etdol: NetScreen device_id=Sed [oremeumf]system-high-00076: The local device etur in the Virtual Security Device group fugiatn enima", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "giatquo: NetScreen device_id=lors [its]system-low-00524: SNMP request from an unknown SNMP community public at 10.46.217.155:76 has been received. (2017-12-29 15:15:58)", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "magnaa: NetScreen device_id=sumquiad [No Name]system-high-00628: audit log queue Event Log is overwritten (2018-1-12 22:18:32)", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tnulapa: NetScreen device_id=madmi [No Name]system-high-00628(adeser): audit log queue Event Log is overwritten (2018-1-27 05:21:06)", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "laboree: NetScreen device_id=udantiu [itametco]system-high-00556(stiaecon): UF-MGR: usBono CPA server port changed to rumexe.", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "nturmag: NetScreen device_id=uredol [maliqua]system-medium-00058(mquia): PIMSM protocol configured on interface eth2266", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ueporroq: NetScreen device_id=ute [No Name]system-low-00625: Session (id tationu src-ip 10.142.21.251 dst-ip 10.154.16.147 dst port 6881) route is valid. (2018-3-11 02:28:49)", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "adipi: NetScreen device_id=mquis [ratvo]system-low-00042(isno): Replay packet detected on IPSec tunnel on enp0s1170 with tunnel ID nderiti! From 10.105.212.51 to 10.119.53.68/1783, giatqu (2018-3-25 09:31:24)", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "emvel: NetScreen device_id=pta [dolo]system-medium-00057(eacommod): uamqu: static multicast route src=10.174.2.175, grp=aparia input ifp = lo6813 output ifp = enp0s90 added", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "giat: NetScreen device_id=ttenb [eirure]system-high-00549(rem): add-route-\u003e untrust-vr: exer", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "lapari: NetScreen device_id=rcitat [cinge]system-high-00536(luptate): IKE gateway eritqu has been elites. pariat", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "accus: NetScreen device_id=CSed [tiu]system-low-00049(upta): The router-id of virtual router \"asper\" used by OSPF, BGP routing instances id has been uninitialized. (dictasun)", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "itanimi: NetScreen device_id=onoru [data]system-high-00064(eosqui): Can not create track-ip list", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "int: NetScreen device_id=ionevo [llitani]system-high-00541(itametco): The system killed OSPF neighbor because the current router could not see itself in the hello packet. Neighbor changed state from etcons to etco state, (neighbor router-id 1iuntN, ip-address 10.89.179.48). (2018-6-19 03:46:49)", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "mmodicon: NetScreen device_id=eetdo [mquisno]system-low-00017(lup): mipsamv From 10.57.108.5:5523 using protocol icmp on interface enp0s4987. The attack occurred 2282 times", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "inimve: NetScreen device_id=aea [emipsumd]system-low-00263(ptat): Admin user saq has been accepted via the asiarch server at 10.197.10.110", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "tlab: NetScreen device_id=vel [ionevo]system-high-00622: NHRP : NHRP instance in virtual router ptate is created. (2018-8-1 00:54:32)", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "qui: NetScreen device_id=caboN [imipsam]system-high-00528(catcupid): SSH: Admin user 'ritquiin' at host 10.59.51.171 requested unsupported authentication method texplica", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "udexerci: NetScreen device_id=uae [imveni]system-medium-00071(ptatemse): NSRP: Unit itationu of VSD group setquas nbyCi", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "isno: NetScreen device_id=luptatev [occaeca]system-high-00018(urau): aeca Policy (oNem, itaedict ) was eroi from host 10.80.103.229 by admin fugitsed (2018-9-12 22:02:15)", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "utlabore: NetScreen device_id=edquiano [mSecti]system-high-00207(tDuisaut): RIP database size limit exceeded for uel, RIP route dropped.", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "agn: NetScreen device_id=iqu [quamqua]system-high-00075: NSRP: Unit equeporr of VSD group amremap oremagna", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ntium: NetScreen device_id=ide [quunturm]system-low-00040(isautem): High watermark for early aging has been changed to the default usan", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "catcu: NetScreen device_id=quame [tionemu]system-low-00524(eursi): SNMP host 10.163.9.35 cannot be removed from community uatDu because failure", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "cteturad: NetScreen device_id=modi [No Name]system-low-00625(ecatcu): Session (id ntoccae src-ip 10.51.161.245 dst-ip 10.193.80.21 dst port 5657) route is valid. (2018-11-23 09:15:06)", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "chit: NetScreen device_id=iusmodit [lor]system-high-00524(adeserun): SNMP request has been received, but success", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "vento: NetScreen device_id=litsed [ciun]system-medium-00072: The local device inrepr in the Virtual Security Device group lla changed state", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "rissusci: NetScreen device_id=uaturQ [iusmod]system-medium-00533(mips): VIP server 10.41.222.7 is now responding", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "upta: NetScreen device_id=ivel [tmollita]system-low-00070(deFinib): NSRP: nsrp control channel change to lo4065", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ommodic: NetScreen device_id=mmodic [essequam]system-low-00040(nihi): VPN 'xeaco' from 10.134.20.213 is eavolupt (2019-2-2 20:27:57)", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ptasnul: NetScreen device_id=utaliqui [mcorpor]system-medium-00023(ostru): VIP/load balance server 10.110.144.189 cannot be contacted", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "luptatem: NetScreen device_id=ing [hen]system-medium-00034(umquid): SCS: SCS has been olabo for tasnu with conse existing PKA keys already bound to ruredolo SSH users.", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "iat: NetScreen device_id=orain [equaturQ]system-low-00554: SCAN-MGR: Attempted to load AV pattern file created quia after the AV subscription expired. (Exp: Exce)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "dese: NetScreen device_id=ptasn [liqui]system-low-00541: ScreenOS invol serial # Loremips: Asset recovery has been cidun", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ole: NetScreen device_id=odi [tper]system-medium-00628(ectetur): audit log queue Event Log is overwritten (2019-4-15 07:40:49)", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "iadolo: NetScreen device_id=ecatcup [No Name]system-high-00628: audit log queue Traffic Log is overwritten (2019-4-29 14:43:23)", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "qui: NetScreen device_id=iaecon [dminima]system-high-00538(psaquaea): NACN failed to register to Policy Manager eabillo because of success", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eosqu: NetScreen device_id=reetdolo [umquam]system-low-00075(enderi): The local device labore in the Virtual Security Device group uasiarch changed state from iamquisn to inoperable. (2019-5-28 04:48:31)", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "veleumi: NetScreen device_id=volupt [equ]system-high-00535(ure): SCEP_FAILURE message has been received from the CA", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "reseo: NetScreen device_id=entoreve [rudexer]system-medium-00026(iruredol): IKE iad: Missing heartbeats have exceeded the threshold. All Phase 1 and 2 SAs have been removed", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "ptate: NetScreen device_id=oloreeu [imipsa]system-high-00038: OSPF routing instance in vrouter uame taevitae", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "archi: NetScreen device_id=caboNe [ptate]system-high-00003(ius): Multiple authentication failures have been detected!", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "remap: NetScreen device_id=ntium [veniamqu]system-high-00529: DNS entries have been refreshed by HA", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "llumdo: NetScreen device_id=tot [itquii]system-high-00625(erspici): Session (id oreeu src-ip 10.126.150.15 dst-ip 10.185.50.112 dst port 7180) route is invalid. (2019-8-21 23:03:57)", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "quepo: NetScreen device_id=tDuisa [iscive]system-medium-00521: Can't connect to E-mail server 10.152.90.59", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "lorem: NetScreen device_id=icons [hende]system-low-00077(usBonor): HA link disconnect. Begin to use second path of HA", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "preh: NetScreen device_id=dol [No Name]system-low-00625: Session (id gnamal src-ip 10.119.181.171 dst-ip 10.166.144.66 dst port 3051) route is invalid. (2019-10-3 20:11:40)", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "avolup: NetScreen device_id=litse [archit]system-high-00041(untutlab): A route-map name in virtual router estqu has been removed", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "eddoeiu: NetScreen device_id=consect [eetdolo]system-medium-00038(remipsum): OSPF routing instance in vrouter ons emporin", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "texpl: NetScreen device_id=isquames [No Name]system-low-00021: DIP port-translation stickiness was atio by utla via ntm from host 10.96.165.147 to 10.96.218.99:277 (2019-11-15 17:19:22)", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "elaudant: NetScreen device_id=ratvolu [odte]system-medium-00021(eum): DIP port-translation stickiness was uidol by repr via idu from host 10.201.72.59 to 10.230.29.67:7478 (2019-11-30 00:21:57)", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "toc: NetScreen device_id=rau [sciuntN]system-low-00602: PIMSM Error in initializing interface state change", "tags": [ diff --git a/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 95cb59ce15d..f14a2cebc8e 100644 --- a/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Netscreen processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/juniper_netscreen/data_stream/log/sample_event.json b/packages/juniper_netscreen/data_stream/log/sample_event.json index fe4297f7bb0..4794339b14f 100644 --- a/packages/juniper_netscreen/data_stream/log/sample_event.json +++ b/packages/juniper_netscreen/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_netscreen/docs/README.md b/packages/juniper_netscreen/docs/README.md index 1918d22d5c6..7c738e6234c 100644 --- a/packages/juniper_netscreen/docs/README.md +++ b/packages/juniper_netscreen/docs/README.md @@ -24,7 +24,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_netscreen/manifest.yml b/packages/juniper_netscreen/manifest.yml index c446eabb620..0ed41c7edba 100644 --- a/packages/juniper_netscreen/manifest.yml +++ b/packages/juniper_netscreen/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_netscreen title: Juniper NetScreen -version: 0.2.0 +version: "0.3.0" description: Collect logs from Juniper NetScreen with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_srx/_dev/build/build.yml b/packages/juniper_srx/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/juniper_srx/_dev/build/build.yml +++ b/packages/juniper_srx/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/juniper_srx/changelog.yml b/packages/juniper_srx/changelog.yml index d55dfa39aa4..137ea64780b 100644 --- a/packages/juniper_srx/changelog.yml +++ b/packages/juniper_srx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.1" changes: - description: Add link to juniper documentation diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json index 15bfedfcd29..dafb879a818 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json @@ -23,7 +23,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malware_detected", @@ -105,7 +105,7 @@ { "@timestamp": "2016-09-20T17:43:30.330Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malware_detected", @@ -168,7 +168,7 @@ { "@timestamp": "2016-09-20T17:40:30.050Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -246,7 +246,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json index 59d7120a187..a907d5fde1f 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json @@ -30,7 +30,7 @@ "port": 10400 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -131,7 +131,7 @@ "port": 161 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_deny", @@ -225,7 +225,7 @@ "port": 2003 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_deny", @@ -337,7 +337,7 @@ "port": 902 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -463,7 +463,7 @@ "port": 768 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -579,7 +579,7 @@ "port": 46384 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -689,7 +689,7 @@ "port": 46384 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -809,7 +809,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -926,7 +926,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -1045,7 +1045,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -1177,7 +1177,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -1287,7 +1287,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -1407,7 +1407,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -1526,7 +1526,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -1654,7 +1654,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -1784,7 +1784,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -1921,7 +1921,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -2056,7 +2056,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -2192,7 +2192,7 @@ "port": 768 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -2301,7 +2301,7 @@ "port": 161 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_deny", @@ -2406,7 +2406,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -2546,7 +2546,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -2667,7 +2667,7 @@ "port": 8883 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", @@ -2794,7 +2794,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -2909,7 +2909,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_close", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json index d8b76951cfa..740fdb5d8c2 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json @@ -22,7 +22,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "security_threat", @@ -150,7 +150,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "security_threat", @@ -278,7 +278,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "security_threat", @@ -397,7 +397,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "security_threat", @@ -501,7 +501,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "application_ddos", @@ -577,7 +577,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "application_ddos", @@ -672,7 +672,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "application_ddos", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json index f9da37f354d..1a5a6ae3e07 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json @@ -23,7 +23,7 @@ "port": 1433 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "sweep_detected", @@ -114,7 +114,7 @@ "port": 139 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "attack_detected", @@ -204,7 +204,7 @@ "port": 50010 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flood_detected", @@ -298,7 +298,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flood_detected", @@ -389,7 +389,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "fragment_detected", @@ -478,7 +478,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -567,7 +567,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "tunneling_screen", @@ -657,7 +657,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "tunneling_screen", @@ -748,7 +748,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flood_detected", @@ -807,7 +807,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flood_detected", @@ -883,7 +883,7 @@ "port": 10778 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "scan_detected", @@ -953,7 +953,7 @@ "port": 7 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "illegal_tcp_flag_detected", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json index c7d6082e540..ada8864527f 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json @@ -23,7 +23,7 @@ "port": 24039 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malware_detected", @@ -127,7 +127,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "malware_detected", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json index c06aa2a2642..c5106e77151 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json @@ -23,7 +23,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "web_filter", @@ -113,7 +113,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -199,7 +199,7 @@ "port": 47095 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "virus_detected", @@ -299,7 +299,7 @@ "port": 33578 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -387,7 +387,7 @@ "port": 51727 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -444,7 +444,7 @@ "ip": "10.10.10.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "antispam_filter", @@ -515,7 +515,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "content_filter", @@ -610,7 +610,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "web_filter", @@ -700,7 +700,7 @@ "port": 47095 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "virus_detected", @@ -800,7 +800,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -889,7 +889,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "web_filter", @@ -969,7 +969,7 @@ "port": 58954 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 7399a1fe75b..9a3658fb63b 100644 --- a/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ description: Pipeline for parsing junipersrx firewall logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/juniper_srx/data_stream/log/sample_event.json b/packages/juniper_srx/data_stream/log/sample_event.json index ea03571008f..2f4880e6c7e 100644 --- a/packages/juniper_srx/data_stream/log/sample_event.json +++ b/packages/juniper_srx/data_stream/log/sample_event.json @@ -33,7 +33,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/juniper_srx/docs/README.md b/packages/juniper_srx/docs/README.md index f642b59969c..4bcaeb19c10 100644 --- a/packages/juniper_srx/docs/README.md +++ b/packages/juniper_srx/docs/README.md @@ -47,7 +47,7 @@ The following processes and tags are supported: | agent.build.original | Extended build information for the agent. This field is intended to contain any build information that a data source may provide, no specific formatting is required. | keyword | | agent.ephemeral_id | Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not. | keyword | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | -| agent.name | Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty. | keyword | +| agent.name | Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. | keyword | | agent.type | Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. | keyword | | agent.version | Version of the agent. | keyword | | as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | diff --git a/packages/juniper_srx/manifest.yml b/packages/juniper_srx/manifest.yml index e92c8a32d96..da21871ca3a 100644 --- a/packages/juniper_srx/manifest.yml +++ b/packages/juniper_srx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_srx title: Juniper SRX -version: 1.3.1 +version: "1.4.0" description: Collect logs from Juniper SRX devices with Elastic Agent. categories: ["network", "security"] release: ga diff --git a/packages/keycloak/_dev/build/build.yml b/packages/keycloak/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/keycloak/_dev/build/build.yml +++ b/packages/keycloak/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/keycloak/changelog.yml b/packages/keycloak/changelog.yml index 5017744458d..49cb3e12061 100644 --- a/packages/keycloak/changelog.yml +++ b/packages/keycloak/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.1" changes: - description: Add link to keycloak documentation diff --git a/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index 74117fd2f4c..f453430c62c 100644 --- a/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -1,211 +1,229 @@ { "expected": [ { - "process": { - "thread": { - "name": "ServerService Thread Pool -- 64" - } - }, "@timestamp": "2021-10-22T21:01:42.548-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "original": "2021-10-22 21:01:42,548 INFO [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0009: Added user 'admin' to realm 'master'", + "timezone": "America/Chicago" }, "log": { "level": "INFO", "logger": "org.keycloak.services" }, - "event": { - "timezone": "America/Chicago", - "original": "2021-10-22 21:01:42,548 INFO [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0009: Added user 'admin' to realm 'master'" - }, "message": "KC-SERVICES0009: Added user 'admin' to realm 'master'", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "thread": { "name": "ServerService Thread Pool -- 64" } }, + "tags": [ + "preserve_original_event" + ] + }, + { "@timestamp": "2021-10-22T21:01:42.667-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "original": "2021-10-22 21:01:42,667 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication", + "timezone": "America/Chicago" }, "log": { "level": "INFO", "logger": "org.jboss.resteasy.resteasy_jaxrs.i18n" }, - "event": { - "timezone": "America/Chicago", - "original": "2021-10-22 21:01:42,667 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication" - }, "message": "RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "thread": { "name": "ServerService Thread Pool -- 64" } }, + "tags": [ + "preserve_original_event" + ] + }, + { "@timestamp": "2021-10-22T21:01:42.912-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "original": "2021-10-22 21:01:42,912 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 64) WFLYUT002021-10-22 21: Registered web context: '/auth' for server 'default-server' ", + "timezone": "America/Chicago" }, "log": { "level": "INFO", "logger": "org.wildfly.extension.undertow" }, - "event": { - "timezone": "America/Chicago", - "original": "2021-10-22 21:01:42,912 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 64) WFLYUT002021-10-22 21: Registered web context: '/auth' for server 'default-server' " - }, "message": "WFLYUT002021-10-22 21: Registered web context: '/auth' for server 'default-server' ", + "process": { + "thread": { + "name": "ServerService Thread Pool -- 64" + } + }, "tags": [ "preserve_original_event" ] }, { - "process": { - "thread": { - "name": "ServerService Thread Pool -- 46" - } - }, "@timestamp": "2021-10-22T21:01:43.208-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "original": "2021-10-22 21:01:43,208 INFO [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed \"keycloak-server.war\" (runtime-name : \"keycloak-server.war\") ", + "timezone": "America/Chicago" }, "log": { "level": "INFO", "logger": "org.jboss.as.server" }, - "event": { - "timezone": "America/Chicago", - "original": "2021-10-22 21:01:43,208 INFO [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed \"keycloak-server.war\" (runtime-name : \"keycloak-server.war\") " - }, "message": "WFLYSRV0010: Deployed \"keycloak-server.war\" (runtime-name : \"keycloak-server.war\") ", + "process": { + "thread": { + "name": "ServerService Thread Pool -- 46" + } + }, "tags": [ "preserve_original_event" ] }, { - "process": { - "thread": { - "name": "Controller Boot Thread" - } - }, "@timestamp": "2021-10-22T21:01:43.299-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "original": "2021-10-22 21:01:43,299 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server", + "timezone": "America/Chicago" }, "log": { "level": "INFO", "logger": "org.jboss.as.server" }, - "event": { - "timezone": "America/Chicago", - "original": "2021-10-22 21:01:43,299 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server" - }, "message": "WFLYSRV0212: Resuming server", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "thread": { "name": "Controller Boot Thread" } }, + "tags": [ + "preserve_original_event" + ] + }, + { "@timestamp": "2021-10-22T21:01:43.307-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "original": "2021-10-22 21:01:43,307 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 28315ms - Started 692 of 977 services (686 services are lazy, passive or on-demand)", + "timezone": "America/Chicago" }, "log": { "level": "INFO", "logger": "org.jboss.as" }, - "event": { - "timezone": "America/Chicago", - "original": "2021-10-22 21:01:43,307 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 28315ms - Started 692 of 977 services (686 services are lazy, passive or on-demand)" - }, "message": "WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 28315ms - Started 692 of 977 services (686 services are lazy, passive or on-demand)", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "thread": { "name": "Controller Boot Thread" } }, + "tags": [ + "preserve_original_event" + ] + }, + { "@timestamp": "2021-10-22T21:01:43.327-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management", + "timezone": "America/Chicago" }, "log": { "level": "INFO", "logger": "org.jboss.as" }, - "event": { - "timezone": "America/Chicago", - "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management" - }, "message": "WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "thread": { "name": "Controller Boot Thread" } }, + "tags": [ + "preserve_original_event" + ] + }, + { "@timestamp": "2021-10-22T21:01:43.327-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990", + "timezone": "America/Chicago" }, "log": { "level": "INFO", "logger": "org.jboss.as" }, - "event": { - "timezone": "America/Chicago", - "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990" - }, "message": "WFLYSRV0051: Admin console listening on http://127.0.0.1:9990", + "process": { + "thread": { + "name": "Controller Boot Thread" + } + }, "tags": [ "preserve_original_event" ] }, { - "process": { - "thread": { - "name": "default task-1" - } + "@timestamp": "2021-10-22T21:01:45.403-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "LOGIN_ERROR", + "category": [ + "authentication" + ], + "code": "invalid_redirect_uri", + "kind": "event", + "original": "2021-10-22 21:01:45,403 WARN [org.keycloak.events] (default task-1) type=LOGIN_ERROR, realmId=test, clientId=test, userId=null, ipAddress=172.18.0.1, error=invalid_redirect_uri, redirect_uri=http://localhost:8080", + "timezone": "America/Chicago", + "type": [ + "info", + "denied" + ] }, "keycloak": { "client": { "id": "test" }, - "realm": { - "id": "test" - }, "event_type": "login", "login": { - "type": "LOGIN_ERROR", - "redirect_uri": "http://localhost:8080" + "redirect_uri": "http://localhost:8080", + "type": "LOGIN_ERROR" + }, + "realm": { + "id": "test" } }, - "@timestamp": "2021-10-22T21:01:45.403-05:00", - "ecs": { - "version": "8.2.0" + "log": { + "level": "WARN", + "logger": "org.keycloak.events" + }, + "process": { + "thread": { + "name": "default task-1" + } }, "related": { "hosts": [ @@ -215,140 +233,140 @@ "172.18.0.1" ] }, - "log": { - "level": "WARN", - "logger": "org.keycloak.events" - }, "source": { "address": "172.18.0.1", "ip": "172.18.0.1" }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "localhost", + "original": "http://localhost:8080", + "port": 8080, + "scheme": "http" + } + }, + { + "@timestamp": "2021-10-22T21:20:42.120-05:00", + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "2021-10-22 21:01:45,403 WARN [org.keycloak.events] (default task-1) type=LOGIN_ERROR, realmId=test, clientId=test, userId=null, ipAddress=172.18.0.1, error=invalid_redirect_uri, redirect_uri=http://localhost:8080", - "code": "invalid_redirect_uri", - "timezone": "America/Chicago", - "kind": "event", "action": "LOGIN_ERROR", "category": [ "authentication" ], + "code": "invalid_user_credentials", + "kind": "event", + "original": "2021-10-22 21:20:42,120 WARN [org.keycloak.events] (default task-2) type=LOGIN_ERROR, realmId=test, clientId=test, userId=cc74404c-de7e-482a-98f7-b271ff3c49be, ipAddress=172.18.0.1, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:8080, code_id=3a76b735-e324-42b1-aa15-7c1f69f22eb8, username=admin, authSessionParentId=3a76b735-e324-42b1-aa15-7c1f69f22eb8, authSessionTabId=oJpF-WjDC04", + "timezone": "America/Chicago", "type": [ "info", "denied" ] }, - "url": { - "original": "http://localhost:8080", - "scheme": "http", - "port": 8080, - "domain": "localhost" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "process": { - "thread": { - "name": "default task-2" - } - }, "keycloak": { "client": { "id": "test" }, - "realm": { - "id": "test" - }, "event_type": "login", "login": { "auth_method": "openid-connect", - "auth_type": "code", "auth_session_parent_id": "3a76b735-e324-42b1-aa15-7c1f69f22eb8", "auth_session_tab_id": "oJpF-WjDC04", + "auth_type": "code", + "code_id": "3a76b735-e324-42b1-aa15-7c1f69f22eb8", "redirect_uri": "http://127.0.0.1:8080", - "type": "LOGIN_ERROR", - "code_id": "3a76b735-e324-42b1-aa15-7c1f69f22eb8" + "type": "LOGIN_ERROR" + }, + "realm": { + "id": "test" } }, "log": { "level": "WARN", "logger": "org.keycloak.events" }, + "process": { + "thread": { + "name": "default task-2" + } + }, + "related": { + "hosts": [ + "127.0.0.1" + ], + "ip": [ + "172.18.0.1" + ], + "user": [ + "cc74404c-de7e-482a-98f7-b271ff3c49be" + ] + }, "source": { "address": "172.18.0.1", "ip": "172.18.0.1" }, + "tags": [ + "preserve_original_event" + ], "url": { + "domain": "127.0.0.1", "original": "http://127.0.0.1:8080", - "scheme": "http", "port": 8080, - "domain": "127.0.0.1" + "scheme": "http" }, - "tags": [ - "preserve_original_event" - ], - "@timestamp": "2021-10-22T21:20:42.120-05:00", + "user": { + "id": "cc74404c-de7e-482a-98f7-b271ff3c49be", + "name": "admin" + } + }, + { + "@timestamp": "2021-10-22T21:24:41.076-05:00", "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "cc74404c-de7e-482a-98f7-b271ff3c49be" - ], - "hosts": [ - "127.0.0.1" - ], - "ip": [ - "172.18.0.1" - ] + "version": "8.3.0" }, "event": { - "original": "2021-10-22 21:20:42,120 WARN [org.keycloak.events] (default task-2) type=LOGIN_ERROR, realmId=test, clientId=test, userId=cc74404c-de7e-482a-98f7-b271ff3c49be, ipAddress=172.18.0.1, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:8080, code_id=3a76b735-e324-42b1-aa15-7c1f69f22eb8, username=admin, authSessionParentId=3a76b735-e324-42b1-aa15-7c1f69f22eb8, authSessionTabId=oJpF-WjDC04", - "code": "invalid_user_credentials", - "timezone": "America/Chicago", - "kind": "event", "action": "LOGIN_ERROR", "category": [ "authentication" ], + "code": "user_not_found", + "kind": "event", + "original": "2021-10-22 21:24:41,076 WARN [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=172.18.0.1, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:9090/auth/admin/master/console/, code_id=f9d4300d-d052-4eb6-9aeb-e8fcf642a21f, authSessionParentId=f9d4300d-d052-4eb6-9aeb-e8fcf642a21f, authSessionTabId=C8EtUrcFMsg", + "timezone": "America/Chicago", "type": [ "info", "denied" ] }, - "user": { - "name": "admin", - "id": "cc74404c-de7e-482a-98f7-b271ff3c49be" - } - }, - { - "process": { - "thread": { - "name": "default task-10" - } - }, "keycloak": { "client": { "id": "security-admin-console" }, - "realm": { - "id": "master" - }, "event_type": "login", "login": { "auth_method": "openid-connect", - "auth_type": "code", "auth_session_parent_id": "f9d4300d-d052-4eb6-9aeb-e8fcf642a21f", "auth_session_tab_id": "C8EtUrcFMsg", + "auth_type": "code", + "code_id": "f9d4300d-d052-4eb6-9aeb-e8fcf642a21f", "redirect_uri": "http://127.0.0.1:9090/auth/admin/master/console/", - "type": "LOGIN_ERROR", - "code_id": "f9d4300d-d052-4eb6-9aeb-e8fcf642a21f" + "type": "LOGIN_ERROR" + }, + "realm": { + "id": "master" } }, - "@timestamp": "2021-10-22T21:24:41.076-05:00", - "ecs": { - "version": "8.2.0" + "log": { + "level": "WARN", + "logger": "org.keycloak.events" + }, + "process": { + "thread": { + "name": "default task-10" + } }, "related": { "hosts": [ @@ -358,61 +376,61 @@ "172.18.0.1" ] }, - "log": { - "level": "WARN", - "logger": "org.keycloak.events" - }, "source": { "address": "172.18.0.1", "ip": "172.18.0.1" }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "127.0.0.1", + "original": "http://127.0.0.1:9090/auth/admin/master/console/", + "path": "/auth/admin/master/console/", + "port": 9090, + "scheme": "http" + } + }, + { + "@timestamp": "2021-10-22T21:31:31.555-05:00", + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "2021-10-22 21:24:41,076 WARN [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=172.18.0.1, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:9090/auth/admin/master/console/, code_id=f9d4300d-d052-4eb6-9aeb-e8fcf642a21f, authSessionParentId=f9d4300d-d052-4eb6-9aeb-e8fcf642a21f, authSessionTabId=C8EtUrcFMsg", - "code": "user_not_found", - "timezone": "America/Chicago", - "kind": "event", "action": "LOGIN_ERROR", "category": [ "authentication" ], + "code": "invalid_redirect_uri", + "kind": "event", + "original": "2021-10-22 21:31:31,555 WARN [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=test, clientId=test, userId=null, ipAddress=172.18.0.1, error=invalid_redirect_uri, redirect_uri=http://localhost:8080", + "timezone": "America/Chicago", "type": [ "info", "denied" ] }, - "url": { - "path": "/auth/admin/master/console/", - "original": "http://127.0.0.1:9090/auth/admin/master/console/", - "scheme": "http", - "port": 9090, - "domain": "127.0.0.1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "process": { - "thread": { - "name": "default task-10" - } - }, "keycloak": { "client": { "id": "test" }, - "realm": { - "id": "test" - }, "event_type": "login", "login": { - "type": "LOGIN_ERROR", - "redirect_uri": "http://localhost:8080" + "redirect_uri": "http://localhost:8080", + "type": "LOGIN_ERROR" + }, + "realm": { + "id": "test" } }, - "@timestamp": "2021-10-22T21:31:31.555-05:00", - "ecs": { - "version": "8.2.0" + "log": { + "level": "WARN", + "logger": "org.keycloak.events" + }, + "process": { + "thread": { + "name": "default task-10" + } }, "related": { "hosts": [ @@ -422,409 +440,351 @@ "172.18.0.1" ] }, - "log": { - "level": "WARN", - "logger": "org.keycloak.events" - }, "source": { "address": "172.18.0.1", "ip": "172.18.0.1" }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "localhost", + "original": "http://localhost:8080", + "port": 8080, + "scheme": "http" + } + }, + { + "@timestamp": "2021-10-22T20:58:02.700-05:00", + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "2021-10-22 21:31:31,555 WARN [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=test, clientId=test, userId=null, ipAddress=172.18.0.1, error=invalid_redirect_uri, redirect_uri=http://localhost:8080", - "code": "invalid_redirect_uri", - "timezone": "America/Chicago", - "kind": "event", "action": "LOGIN_ERROR", "category": [ "authentication" ], + "code": "invalid_user_credentials", + "kind": "event", + "original": "2021-10-22 20:58:02,700 WARN [org.keycloak.events] (default task-18) type=LOGIN_ERROR, realmId=ABCD TEST, clientId=https://www.example.com/shibboleth, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, error=invalid_user_credentials, auth_method=saml, redirect_uri=https://www.example.com/Shibboleth.sso/SAML2/POST, code_id=cbefe0ca-bc11-48b4-b7fa-f1a59d220980, username=admin, authSessionParentId=cbefe0ca-bc11-48b4-b7fa-f1a59d220980, authSessionTabId=97qImXws36A", + "timezone": "America/Chicago", "type": [ "info", "denied" ] }, - "url": { - "original": "http://localhost:8080", - "scheme": "http", - "port": 8080, - "domain": "localhost" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "process": { - "thread": { - "name": "default task-18" - } - }, "keycloak": { "client": { "id": "https://www.example.com/shibboleth" }, - "realm": { - "id": "ABCD TEST" - }, "event_type": "login", "login": { "auth_method": "saml", "auth_session_parent_id": "cbefe0ca-bc11-48b4-b7fa-f1a59d220980", - "redirect_uri": "https://www.example.com/Shibboleth.sso/SAML2/POST", - "type": "LOGIN_ERROR", "auth_session_tab_id": "97qImXws36A", - "code_id": "cbefe0ca-bc11-48b4-b7fa-f1a59d220980" + "code_id": "cbefe0ca-bc11-48b4-b7fa-f1a59d220980", + "redirect_uri": "https://www.example.com/Shibboleth.sso/SAML2/POST", + "type": "LOGIN_ERROR" + }, + "realm": { + "id": "ABCD TEST" } }, "log": { "level": "WARN", "logger": "org.keycloak.events" }, + "process": { + "thread": { + "name": "default task-18" + } + }, + "related": { + "hosts": [ + "www.example.com" + ], + "ip": [ + "10.2.2.156" + ], + "user": [ + "ce637d23-b89c-4fca-9088-1aea1d053e19" + ] + }, "source": { "address": "10.2.2.156", "ip": "10.2.2.156" }, + "tags": [ + "preserve_original_event" + ], "url": { - "path": "/Shibboleth.sso/SAML2/POST", + "domain": "www.example.com", "extension": "sso/SAML2/POST", "original": "https://www.example.com/Shibboleth.sso/SAML2/POST", - "scheme": "https", - "domain": "www.example.com" + "path": "/Shibboleth.sso/SAML2/POST", + "scheme": "https" }, - "tags": [ - "preserve_original_event" - ], - "@timestamp": "2021-10-22T20:58:02.700-05:00", + "user": { + "id": "ce637d23-b89c-4fca-9088-1aea1d053e19", + "name": "admin" + } + }, + { + "@timestamp": "2021-10-22T22:11:31.257-05:00", "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ce637d23-b89c-4fca-9088-1aea1d053e19" - ], - "hosts": [ - "www.example.com" - ], - "ip": [ - "10.2.2.156" - ] + "version": "8.3.0" }, "event": { - "original": "2021-10-22 20:58:02,700 WARN [org.keycloak.events] (default task-18) type=LOGIN_ERROR, realmId=ABCD TEST, clientId=https://www.example.com/shibboleth, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, error=invalid_user_credentials, auth_method=saml, redirect_uri=https://www.example.com/Shibboleth.sso/SAML2/POST, code_id=cbefe0ca-bc11-48b4-b7fa-f1a59d220980, username=admin, authSessionParentId=cbefe0ca-bc11-48b4-b7fa-f1a59d220980, authSessionTabId=97qImXws36A", - "code": "invalid_user_credentials", - "timezone": "America/Chicago", - "kind": "event", - "action": "LOGIN_ERROR", + "action": "LOGIN", "category": [ "authentication" ], + "kind": "event", + "original": "2021-10-22 22:11:31,257 DEBUG [org.keycloak.events] (default task-2) type=LOGIN, realmId=test, clientId=security-admin-console, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, auth_method=openid-connect, auth_type=code, redirect_uri=https://www.example.com/auth/admin/test/console/#/realms/test/events, consent=no_consent_required, code_id=bae6e56e-368f-4809-89f3-48cfb6279f5e, username=admin, authSessionParentId=bae6e56e-368f-4809-89f3-48cfb6279f5e, authSessionTabId=Kz_ye2UvP6M", + "timezone": "America/Chicago", "type": [ "info", - "denied" + "start", + "allowed" ] }, - "user": { - "name": "admin", - "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" - } - }, - { - "process": { - "thread": { - "name": "default task-2" - } - }, "keycloak": { "client": { "id": "security-admin-console" }, - "realm": { - "id": "test" - }, "event_type": "login", "login": { "auth_method": "openid-connect", - "auth_type": "code", "auth_session_parent_id": "bae6e56e-368f-4809-89f3-48cfb6279f5e", "auth_session_tab_id": "Kz_ye2UvP6M", + "auth_type": "code", + "code_id": "bae6e56e-368f-4809-89f3-48cfb6279f5e", "redirect_uri": "https://www.example.com/auth/admin/test/console/#/realms/test/events", - "type": "LOGIN", - "code_id": "bae6e56e-368f-4809-89f3-48cfb6279f5e" + "type": "LOGIN" + }, + "realm": { + "id": "test" } }, "log": { "level": "DEBUG", "logger": "org.keycloak.events" }, + "process": { + "thread": { + "name": "default task-2" + } + }, + "related": { + "hosts": [ + "www.example.com" + ], + "ip": [ + "10.2.2.156" + ], + "user": [ + "ce637d23-b89c-4fca-9088-1aea1d053e19" + ] + }, "source": { "address": "10.2.2.156", "ip": "10.2.2.156" }, + "tags": [ + "preserve_original_event" + ], "url": { - "path": "/auth/admin/test/console/", + "domain": "www.example.com", "fragment": "/realms/test/events", "original": "https://www.example.com/auth/admin/test/console/#/realms/test/events", - "scheme": "https", - "domain": "www.example.com" + "path": "/auth/admin/test/console/", + "scheme": "https" }, - "tags": [ - "preserve_original_event" - ], - "@timestamp": "2021-10-22T22:11:31.257-05:00", + "user": { + "id": "ce637d23-b89c-4fca-9088-1aea1d053e19", + "name": "admin" + } + }, + { + "@timestamp": "2021-10-22T22:11:32.131-05:00", "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ce637d23-b89c-4fca-9088-1aea1d053e19" - ], - "hosts": [ - "www.example.com" - ], - "ip": [ - "10.2.2.156" - ] + "version": "8.3.0" }, "event": { - "original": "2021-10-22 22:11:31,257 DEBUG [org.keycloak.events] (default task-2) type=LOGIN, realmId=test, clientId=security-admin-console, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, auth_method=openid-connect, auth_type=code, redirect_uri=https://www.example.com/auth/admin/test/console/#/realms/test/events, consent=no_consent_required, code_id=bae6e56e-368f-4809-89f3-48cfb6279f5e, username=admin, authSessionParentId=bae6e56e-368f-4809-89f3-48cfb6279f5e, authSessionTabId=Kz_ye2UvP6M", - "timezone": "America/Chicago", - "kind": "event", - "action": "LOGIN", + "action": "CODE_TO_TOKEN", "category": [ "authentication" ], + "kind": "event", + "original": "2021-10-22 22:11:32,131 DEBUG [org.keycloak.events] (default task-3) type=CODE_TO_TOKEN, realmId=test, clientId=security-admin-console, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, token_id=561459c0-75f1-46d4-986d-d1c96d12b513, grant_type=authorization_code, refresh_token_type=Refresh, scope=openid, refresh_token_id=07434488-ca99-412a-99a0-c2e47c93d6d1, code_id=bae6e56e-368f-4809-89f3-48cfb6279f5e, client_auth_method=client-secret", + "timezone": "America/Chicago", "type": [ - "info", - "start", - "allowed" + "info" ] }, - "user": { - "name": "admin", - "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" - } - }, - { - "process": { - "thread": { - "name": "default task-3" - } - }, "keycloak": { "client": { "id": "security-admin-console" }, - "realm": { - "id": "test" - }, "event_type": "login", "login": { - "type": "CODE_TO_TOKEN", - "code_id": "bae6e56e-368f-4809-89f3-48cfb6279f5e" + "code_id": "bae6e56e-368f-4809-89f3-48cfb6279f5e", + "type": "CODE_TO_TOKEN" + }, + "realm": { + "id": "test" } }, - "@timestamp": "2021-10-22T22:11:32.131-05:00", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ce637d23-b89c-4fca-9088-1aea1d053e19" - ], - "ip": [ - "10.2.2.156" - ] - }, "log": { "level": "DEBUG", "logger": "org.keycloak.events" }, - "source": { - "address": "10.2.2.156", - "ip": "10.2.2.156" - }, - "event": { - "original": "2021-10-22 22:11:32,131 DEBUG [org.keycloak.events] (default task-3) type=CODE_TO_TOKEN, realmId=test, clientId=security-admin-console, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, token_id=561459c0-75f1-46d4-986d-d1c96d12b513, grant_type=authorization_code, refresh_token_type=Refresh, scope=openid, refresh_token_id=07434488-ca99-412a-99a0-c2e47c93d6d1, code_id=bae6e56e-368f-4809-89f3-48cfb6279f5e, client_auth_method=client-secret", - "timezone": "America/Chicago", - "kind": "event", - "action": "CODE_TO_TOKEN", - "category": [ - "authentication" - ], - "type": [ - "info" - ] - }, - "user": { - "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" - }, - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "thread": { "name": "default task-3" } }, - "keycloak": { - "admin": { - "resource": { - "type": "USER", - "path": "users/07972d16-b173-4c99-803d-90f211080f40" - }, - "operation": "CREATE" - }, - "client": { - "id": "7bcaf1cb-820a-40f1-91dd-75ced03ef03b" - }, - "realm": { - "id": "test" - }, - "event_type": "admin" - }, - "@timestamp": "2021-10-22T22:12:09.871-05:00", - "ecs": { - "version": "8.2.0" - }, "related": { - "user": [ - "ce637d23-b89c-4fca-9088-1aea1d053e19", - "07972d16-b173-4c99-803d-90f211080f40" - ], "ip": [ "10.2.2.156" + ], + "user": [ + "ce637d23-b89c-4fca-9088-1aea1d053e19" ] }, - "log": { - "level": "DEBUG", - "logger": "org.keycloak.events" - }, "source": { "address": "10.2.2.156", "ip": "10.2.2.156" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" + } + }, + { + "@timestamp": "2021-10-22T22:12:09.871-05:00", + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "2021-10-22 22:12:09,871 DEBUG [org.keycloak.events] (default task-3) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=USER, resourcePath=users/07972d16-b173-4c99-803d-90f211080f40", + "action": "CREATE-USER", + "category": [ + "iam" + ], "code": "CREATE-USER", - "timezone": "America/Chicago", "kind": "event", - "action": "CREATE-USER", + "original": "2021-10-22 22:12:09,871 DEBUG [org.keycloak.events] (default task-3) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=USER, resourcePath=users/07972d16-b173-4c99-803d-90f211080f40", + "timezone": "America/Chicago", "type": [ "info", "admin", "creation" - ], - "category": [ - "iam" ] }, - "user": { - "id": "ce637d23-b89c-4fca-9088-1aea1d053e19", - "target": { - "id": "07972d16-b173-4c99-803d-90f211080f40" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "process": { - "thread": { - "name": "default task-1" - } - }, "keycloak": { "admin": { + "operation": "CREATE", "resource": { - "type": "USER", - "path": "users/07972d16-b173-4c99-803d-90f211080f40" - }, - "operation": "UPDATE" + "path": "users/07972d16-b173-4c99-803d-90f211080f40", + "type": "USER" + } }, "client": { "id": "7bcaf1cb-820a-40f1-91dd-75ced03ef03b" }, + "event_type": "admin", "realm": { "id": "test" - }, - "event_type": "admin" + } }, - "@timestamp": "2021-10-22T22:12:13.599-05:00", - "ecs": { - "version": "8.2.0" + "log": { + "level": "DEBUG", + "logger": "org.keycloak.events" + }, + "process": { + "thread": { + "name": "default task-3" + } }, "related": { + "ip": [ + "10.2.2.156" + ], "user": [ "ce637d23-b89c-4fca-9088-1aea1d053e19", "07972d16-b173-4c99-803d-90f211080f40" - ], - "ip": [ - "10.2.2.156" ] }, - "log": { - "level": "DEBUG", - "logger": "org.keycloak.events" - }, "source": { "address": "10.2.2.156", "ip": "10.2.2.156" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "ce637d23-b89c-4fca-9088-1aea1d053e19", + "target": { + "id": "07972d16-b173-4c99-803d-90f211080f40" + } + } + }, + { + "@timestamp": "2021-10-22T22:12:13.599-05:00", + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "2021-10-22 22:12:13,599 DEBUG [org.keycloak.events] (default task-1) operationType=UPDATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=USER, resourcePath=users/07972d16-b173-4c99-803d-90f211080f40", + "action": "UPDATE-USER", + "category": [ + "iam" + ], "code": "UPDATE-USER", - "timezone": "America/Chicago", "kind": "event", - "action": "UPDATE-USER", + "original": "2021-10-22 22:12:13,599 DEBUG [org.keycloak.events] (default task-1) operationType=UPDATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=USER, resourcePath=users/07972d16-b173-4c99-803d-90f211080f40", + "timezone": "America/Chicago", "type": [ "info", "admin", "change" - ], - "category": [ - "iam" ] }, - "user": { - "id": "ce637d23-b89c-4fca-9088-1aea1d053e19", - "target": { - "id": "07972d16-b173-4c99-803d-90f211080f40" - } - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "process": { - "thread": { - "name": "default task-9" - } - }, "keycloak": { "admin": { + "operation": "UPDATE", "resource": { - "type": "GROUP", - "path": "groups/d043d5af-6100-483a-9c41-b1a30d5149f7" - }, - "operation": "CREATE" + "path": "users/07972d16-b173-4c99-803d-90f211080f40", + "type": "USER" + } }, "client": { "id": "7bcaf1cb-820a-40f1-91dd-75ced03ef03b" }, + "event_type": "admin", "realm": { "id": "test" - }, - "event_type": "admin" + } }, "log": { "level": "DEBUG", "logger": "org.keycloak.events" }, + "process": { + "thread": { + "name": "default task-1" + } + }, + "related": { + "ip": [ + "10.2.2.156" + ], + "user": [ + "ce637d23-b89c-4fca-9088-1aea1d053e19", + "07972d16-b173-4c99-803d-90f211080f40" + ] + }, "source": { "address": "10.2.2.156", "ip": "10.2.2.156" @@ -832,198 +792,194 @@ "tags": [ "preserve_original_event" ], + "user": { + "id": "ce637d23-b89c-4fca-9088-1aea1d053e19", + "target": { + "id": "07972d16-b173-4c99-803d-90f211080f40" + } + } + }, + { "@timestamp": "2021-10-22T22:14:29.031-05:00", "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ce637d23-b89c-4fca-9088-1aea1d053e19" - ], - "ip": [ - "10.2.2.156" - ] + "version": "8.3.0" }, "event": { - "original": "2021-10-22 22:14:29,031 DEBUG [org.keycloak.events] (default task-9) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=GROUP, resourcePath=groups/d043d5af-6100-483a-9c41-b1a30d5149f7", + "action": "CREATE-GROUP", + "category": [ + "iam" + ], "code": "CREATE-GROUP", - "timezone": "America/Chicago", "kind": "event", - "action": "CREATE-GROUP", + "original": "2021-10-22 22:14:29,031 DEBUG [org.keycloak.events] (default task-9) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=GROUP, resourcePath=groups/d043d5af-6100-483a-9c41-b1a30d5149f7", + "timezone": "America/Chicago", "type": [ "info", "admin", "creation" - ], - "category": [ - "iam" ] }, - "user": { - "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" - }, "group": { "id": "d043d5af-6100-483a-9c41-b1a30d5149f7" - } - }, - { - "process": { - "thread": { - "name": "default task-8" - } }, "keycloak": { "admin": { + "operation": "CREATE", "resource": { - "type": "CLIENT_SCOPE", - "path": "client-scopes/3b4139b4-66e1-4309-88c1-63ee5abc93a6" - }, - "operation": "CREATE" + "path": "groups/d043d5af-6100-483a-9c41-b1a30d5149f7", + "type": "GROUP" + } }, "client": { "id": "7bcaf1cb-820a-40f1-91dd-75ced03ef03b" }, + "event_type": "admin", "realm": { "id": "test" - }, - "event_type": "admin" + } }, - "@timestamp": "2021-10-22T22:16:12.150-05:00", - "ecs": { - "version": "8.2.0" + "log": { + "level": "DEBUG", + "logger": "org.keycloak.events" + }, + "process": { + "thread": { + "name": "default task-9" + } }, "related": { - "user": [ - "ce637d23-b89c-4fca-9088-1aea1d053e19" - ], "ip": [ "10.2.2.156" + ], + "user": [ + "ce637d23-b89c-4fca-9088-1aea1d053e19" ] }, - "log": { - "level": "DEBUG", - "logger": "org.keycloak.events" - }, "source": { "address": "10.2.2.156", "ip": "10.2.2.156" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" + } + }, + { + "@timestamp": "2021-10-22T22:16:12.150-05:00", + "ecs": { + "version": "8.3.0" + }, "event": { - "original": "2021-10-22 22:16:12,150 DEBUG [org.keycloak.events] (default task-8) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=CLIENT_SCOPE, resourcePath=client-scopes/3b4139b4-66e1-4309-88c1-63ee5abc93a6", + "action": "CREATE-CLIENT_SCOPE", + "category": [ + "iam" + ], "code": "CREATE-CLIENT_SCOPE", - "timezone": "America/Chicago", "kind": "event", - "action": "CREATE-CLIENT_SCOPE", + "original": "2021-10-22 22:16:12,150 DEBUG [org.keycloak.events] (default task-8) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=CLIENT_SCOPE, resourcePath=client-scopes/3b4139b4-66e1-4309-88c1-63ee5abc93a6", + "timezone": "America/Chicago", "type": [ "info", "admin", "creation" - ], - "category": [ - "iam" ] }, - "user": { - "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "process": { - "thread": { - "name": "default task-8" - } - }, "keycloak": { - "login": { - "auth_session_parent_id": "bae6e56e-368f-4809-89f3-48cfb6279f5e", - "redirect_uri": "https://www.example.com/auth/admin/test/console/#/realms/test/admin-events", - "type": "LOGOUT", - "auth_session_tab_id": "GbBi74IWYc4" + "admin": { + "operation": "CREATE", + "resource": { + "path": "client-scopes/3b4139b4-66e1-4309-88c1-63ee5abc93a6", + "type": "CLIENT_SCOPE" + } + }, + "client": { + "id": "7bcaf1cb-820a-40f1-91dd-75ced03ef03b" }, + "event_type": "admin", "realm": { "id": "test" - }, - "event_type": "login" + } }, "log": { "level": "DEBUG", "logger": "org.keycloak.events" }, + "process": { + "thread": { + "name": "default task-8" + } + }, + "related": { + "ip": [ + "10.2.2.156" + ], + "user": [ + "ce637d23-b89c-4fca-9088-1aea1d053e19" + ] + }, "source": { "address": "10.2.2.156", "ip": "10.2.2.156" }, - "url": { - "path": "/auth/admin/test/console/", - "fragment": "/realms/test/admin-events", - "original": "https://www.example.com/auth/admin/test/console/#/realms/test/admin-events", - "scheme": "https", - "domain": "www.example.com" - }, "tags": [ "preserve_original_event" ], + "user": { + "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" + } + }, + { "@timestamp": "2021-10-22T22:45:12.592-05:00", "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ce637d23-b89c-4fca-9088-1aea1d053e19" - ], - "hosts": [ - "www.example.com" - ], - "ip": [ - "10.2.2.156" - ] + "version": "8.3.0" }, "event": { - "original": "2021-10-22 22:45:12,592 DEBUG [org.keycloak.events] (default task-8) type=LOGOUT, realmId=test, clientId=null, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, redirect_uri=https://www.example.com/auth/admin/test/console/#/realms/test/admin-events, authSessionParentId=bae6e56e-368f-4809-89f3-48cfb6279f5e, authSessionTabId=GbBi74IWYc4", - "timezone": "America/Chicago", - "kind": "event", "action": "LOGOUT", "category": [ "authentication" ], + "kind": "event", + "original": "2021-10-22 22:45:12,592 DEBUG [org.keycloak.events] (default task-8) type=LOGOUT, realmId=test, clientId=null, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, redirect_uri=https://www.example.com/auth/admin/test/console/#/realms/test/admin-events, authSessionParentId=bae6e56e-368f-4809-89f3-48cfb6279f5e, authSessionTabId=GbBi74IWYc4", + "timezone": "America/Chicago", "type": [ "info", "end" ] }, - "user": { - "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" - } - }, - { - "process": { - "thread": { - "name": "default task-1" - } - }, "keycloak": { - "admin": { - "resource": { - "type": "GROUP", - "path": "groups/d043d5af-6100-483a-9c41-b1a30d5149f7" - }, - "operation": "DELETE" - }, - "client": { - "id": "7bcaf1cb-820a-40f1-91dd-75ced03ef03b" + "event_type": "login", + "login": { + "auth_session_parent_id": "bae6e56e-368f-4809-89f3-48cfb6279f5e", + "auth_session_tab_id": "GbBi74IWYc4", + "redirect_uri": "https://www.example.com/auth/admin/test/console/#/realms/test/admin-events", + "type": "LOGOUT" }, "realm": { "id": "test" - }, - "event_type": "admin" + } }, "log": { "level": "DEBUG", "logger": "org.keycloak.events" }, + "process": { + "thread": { + "name": "default task-8" + } + }, + "related": { + "hosts": [ + "www.example.com" + ], + "ip": [ + "10.2.2.156" + ], + "user": [ + "ce637d23-b89c-4fca-9088-1aea1d053e19" + ] + }, "source": { "address": "10.2.2.156", "ip": "10.2.2.156" @@ -1031,66 +987,73 @@ "tags": [ "preserve_original_event" ], + "url": { + "domain": "www.example.com", + "fragment": "/realms/test/admin-events", + "original": "https://www.example.com/auth/admin/test/console/#/realms/test/admin-events", + "path": "/auth/admin/test/console/", + "scheme": "https" + }, + "user": { + "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" + } + }, + { "@timestamp": "2021-10-22T22:46:14.913-05:00", "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ce637d23-b89c-4fca-9088-1aea1d053e19" - ], - "ip": [ - "10.2.2.156" - ] + "version": "8.3.0" }, "event": { - "original": "2021-10-22 22:46:14,913 DEBUG [org.keycloak.events] (default task-1) operationType=DELETE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=GROUP, resourcePath=groups/d043d5af-6100-483a-9c41-b1a30d5149f7", + "action": "DELETE-GROUP", + "category": [ + "iam" + ], "code": "DELETE-GROUP", - "timezone": "America/Chicago", "kind": "event", - "action": "DELETE-GROUP", + "original": "2021-10-22 22:46:14,913 DEBUG [org.keycloak.events] (default task-1) operationType=DELETE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=GROUP, resourcePath=groups/d043d5af-6100-483a-9c41-b1a30d5149f7", + "timezone": "America/Chicago", "type": [ "info", "admin", "deletion" - ], - "category": [ - "iam" ] }, - "user": { - "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" - }, "group": { "id": "d043d5af-6100-483a-9c41-b1a30d5149f7" - } - }, - { - "process": { - "thread": { - "name": "default task-8" - } }, "keycloak": { "admin": { + "operation": "DELETE", "resource": { - "type": "GROUP", - "path": "groups/a57cd49f-fdfd-4d25-9fd2-2a46de44a9e6/children" - }, - "operation": "CREATE" + "path": "groups/d043d5af-6100-483a-9c41-b1a30d5149f7", + "type": "GROUP" + } }, "client": { "id": "7bcaf1cb-820a-40f1-91dd-75ced03ef03b" }, + "event_type": "admin", "realm": { "id": "test" - }, - "event_type": "admin" + } }, "log": { "level": "DEBUG", "logger": "org.keycloak.events" }, + "process": { + "thread": { + "name": "default task-1" + } + }, + "related": { + "ip": [ + "10.2.2.156" + ], + "user": [ + "ce637d23-b89c-4fca-9088-1aea1d053e19" + ] + }, "source": { "address": "10.2.2.156", "ip": "10.2.2.156" @@ -1098,38 +1061,75 @@ "tags": [ "preserve_original_event" ], + "user": { + "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" + } + }, + { "@timestamp": "2021-10-22T23:05:03.371-05:00", "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ce637d23-b89c-4fca-9088-1aea1d053e19" - ], - "ip": [ - "10.2.2.156" - ] + "version": "8.3.0" }, "event": { - "original": "2021-10-22 23:05:03,371 DEBUG [org.keycloak.events] (default task-8) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=GROUP, resourcePath=groups/a57cd49f-fdfd-4d25-9fd2-2a46de44a9e6/children", + "action": "CREATE-GROUP", + "category": [ + "iam" + ], "code": "CREATE-GROUP", - "timezone": "America/Chicago", "kind": "event", - "action": "CREATE-GROUP", + "original": "2021-10-22 23:05:03,371 DEBUG [org.keycloak.events] (default task-8) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=GROUP, resourcePath=groups/a57cd49f-fdfd-4d25-9fd2-2a46de44a9e6/children", + "timezone": "America/Chicago", "type": [ "info", "admin", "creation" + ] + }, + "group": { + "id": "a57cd49f-fdfd-4d25-9fd2-2a46de44a9e6" + }, + "keycloak": { + "admin": { + "operation": "CREATE", + "resource": { + "path": "groups/a57cd49f-fdfd-4d25-9fd2-2a46de44a9e6/children", + "type": "GROUP" + } + }, + "client": { + "id": "7bcaf1cb-820a-40f1-91dd-75ced03ef03b" + }, + "event_type": "admin", + "realm": { + "id": "test" + } + }, + "log": { + "level": "DEBUG", + "logger": "org.keycloak.events" + }, + "process": { + "thread": { + "name": "default task-8" + } + }, + "related": { + "ip": [ + "10.2.2.156" ], - "category": [ - "iam" + "user": [ + "ce637d23-b89c-4fca-9088-1aea1d053e19" ] }, + "source": { + "address": "10.2.2.156", + "ip": "10.2.2.156" + }, + "tags": [ + "preserve_original_event" + ], "user": { "id": "ce637d23-b89c-4fca-9088-1aea1d053e19" - }, - "group": { - "id": "a57cd49f-fdfd-4d25-9fd2-2a46de44a9e6" } } ] diff --git a/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml index b1005cbec64..a9712b7b15e 100644 --- a/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing keycloak logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/keycloak/data_stream/log/sample_event.json b/packages/keycloak/data_stream/log/sample_event.json index c942b9ceb64..9c0e547d466 100644 --- a/packages/keycloak/data_stream/log/sample_event.json +++ b/packages/keycloak/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/keycloak/docs/README.md b/packages/keycloak/docs/README.md index 07a2892b8dc..ffdf12b8ea4 100644 --- a/packages/keycloak/docs/README.md +++ b/packages/keycloak/docs/README.md @@ -146,7 +146,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/keycloak/manifest.yml b/packages/keycloak/manifest.yml index 437ae2779b2..1a721efe7ff 100644 --- a/packages/keycloak/manifest.yml +++ b/packages/keycloak/manifest.yml @@ -1,6 +1,6 @@ name: keycloak title: Keycloak -version: 1.3.1 +version: "1.4.0" release: ga description: Keycloak Integration type: integration diff --git a/packages/m365_defender/_dev/build/build.yml b/packages/m365_defender/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/m365_defender/_dev/build/build.yml +++ b/packages/m365_defender/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/m365_defender/changelog.yml b/packages/m365_defender/changelog.yml index 9f8bcc0fd6d..b19d05fb485 100644 --- a/packages/m365_defender/changelog.yml +++ b/packages/m365_defender/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.4" changes: - description: Update duplication handling to also support Redirect type alerts diff --git a/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json b/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json index 1ee25724052..530357929a0 100644 --- a/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json +++ b/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json @@ -6,7 +6,7 @@ "provider": "azure" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Malware", @@ -119,7 +119,7 @@ "provider": "azure" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Malware", @@ -219,7 +219,7 @@ "provider": "azure" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Malware", @@ -320,7 +320,7 @@ "provider": "azure" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Malware", @@ -413,7 +413,7 @@ "provider": "azure" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SuspiciousActivity", @@ -506,7 +506,7 @@ "provider": "azure" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SuspiciousActivity", @@ -595,7 +595,7 @@ "provider": "azure" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SuspiciousActivity", @@ -688,7 +688,7 @@ "provider": "azure" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SuspiciousActivity", @@ -759,7 +759,7 @@ "provider": "azure" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SuspiciousActivity", @@ -834,7 +834,7 @@ "provider": "azure" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SuspiciousActivity", diff --git a/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 9fe65683b8c..66374e165e9 100644 --- a/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing m365 defender logs processors: - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - rename: field: message target_field: event.original diff --git a/packages/m365_defender/data_stream/log/sample_event.json b/packages/m365_defender/data_stream/log/sample_event.json index 626f08d23b0..3bf348538a1 100644 --- a/packages/m365_defender/data_stream/log/sample_event.json +++ b/packages/m365_defender/data_stream/log/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "66ee0cf6-0f3a-4a85-bb44-eb9ba0cc0863", diff --git a/packages/m365_defender/docs/README.md b/packages/m365_defender/docs/README.md index 988305213a9..965ef6b14f1 100644 --- a/packages/m365_defender/docs/README.md +++ b/packages/m365_defender/docs/README.md @@ -41,7 +41,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "66ee0cf6-0f3a-4a85-bb44-eb9ba0cc0863", diff --git a/packages/m365_defender/manifest.yml b/packages/m365_defender/manifest.yml index af9523bc4c4..055641f9f27 100644 --- a/packages/m365_defender/manifest.yml +++ b/packages/m365_defender/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: m365_defender title: M365 Defender Logs -version: 1.0.4 +version: "1.1.0" description: Collect logs from M365 Defender API with Elastic Agent. categories: - "network" diff --git a/packages/mattermost/_dev/build/build.yml b/packages/mattermost/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/mattermost/_dev/build/build.yml +++ b/packages/mattermost/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/mattermost/changelog.yml b/packages/mattermost/changelog.yml index 6ec45519a79..b075f0a6a7b 100644 --- a/packages/mattermost/changelog.yml +++ b/packages/mattermost/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index ce2f1b3b0f2..b4cd7b6bfb8 100644 --- a/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,718 +3,723 @@ { "@timestamp": "2021-12-04T23:19:32.051Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "updateConfig", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-04 23:19:32.051 Z\",\"event\":\"updateConfig\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"pjh4n69j3p883k7hhzippskcba\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/config\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/config", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/config", "session": { "id": "pjh4n69j3p883k7hhzippskcba" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-04 23:19:32.051 Z\",\"event\":\"updateConfig\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"pjh4n69j3p883k7hhzippskcba\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/config\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "updateConfig", - "category": [ - "configuration" - ], - "type": [ - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/config", + "path": "/api/v4/config" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/config", - "original": "/api/v4/config" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-04T23:19:48.599Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "updateConfig", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-04 23:19:48.599 Z\",\"event\":\"updateConfig\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"pjh4n69j3p883k7hhzippskcba\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/config\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/config", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/config", "session": { "id": "pjh4n69j3p883k7hhzippskcba" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-04 23:19:48.599 Z\",\"event\":\"updateConfig\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"pjh4n69j3p883k7hhzippskcba\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/config\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "updateConfig", - "category": [ - "configuration" - ], - "type": [ - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/config", + "path": "/api/v4/config" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/config", - "original": "/api/v4/config" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-04T23:19:51.324Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "Logout", + "category": [ + "authentication", + "session" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-04 23:19:51.324 Z\",\"event\":\"Logout\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"pjh4n69j3p883k7hhzippskcba\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/logout\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "end" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/users/logout", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/users/logout", "session": { "id": "pjh4n69j3p883k7hhzippskcba" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-04 23:19:51.324 Z\",\"event\":\"Logout\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"pjh4n69j3p883k7hhzippskcba\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/logout\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "Logout", - "category": [ - "authentication", - "session" - ], - "type": [ - "end" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/users/logout", + "path": "/api/v4/users/logout" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/users/logout", - "original": "/api/v4/users/logout" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-04T23:19:58.729Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "login", + "category": [ + "authentication", + "session" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-04 23:19:58.729 Z\",\"event\":\"login\",\"status\":\"success\",\"user_id\":\"\",\"session_id\":\"\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/login\",\"device_id\":\"\",\"login_id\":\"admin\",\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "start" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/users/login", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" - }, - "api_path": "/api/v4/users/login" + } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-04 23:19:58.729 Z\",\"event\":\"login\",\"status\":\"success\",\"user_id\":\"\",\"session_id\":\"\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/login\",\"device_id\":\"\",\"login_id\":\"admin\",\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "login", - "category": [ - "authentication", - "session" - ], - "type": [ - "start" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/users/login", + "path": "/api/v4/users/login" }, "user": { "target": { + "id": "ag99yu4i1if63jrui63tsmq57y", "name": "admin", "roles": [ "system_admin", "system_user" - ], - "id": "ag99yu4i1if63jrui63tsmq57y" + ] } }, - "url": { - "path": "/api/v4/users/login", - "original": "/api/v4/users/login" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-04T23:20:33.027Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "patchUser", + "category": [ + "iam" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-04 23:20:33.027 Z\",\"event\":\"patchUser\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/me/patch\",\"patch\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "user", + "change" ] }, "mattermost": { "audit": { - "patch": { - "name": "admin", - "roles": "system_admin system_user", - "id": "ag99yu4i1if63jrui63tsmq57y" - }, + "api_path": "/api/v4/users/me/patch", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/users/me/patch", + "patch": { + "id": "ag99yu4i1if63jrui63tsmq57y", + "name": "admin", + "roles": "system_admin system_user" + }, "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-04 23:20:33.027 Z\",\"event\":\"patchUser\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/me/patch\",\"patch\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "patchUser", - "category": [ - "iam" - ], - "type": [ - "user", - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/users/me/patch", + "path": "/api/v4/users/me/patch" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", "target": { + "id": "ag99yu4i1if63jrui63tsmq57y", "name": "admin", "roles": [ "system_admin", "system_user" - ], - "id": "ag99yu4i1if63jrui63tsmq57y" + ] } }, - "url": { - "path": "/api/v4/users/me/patch", - "original": "/api/v4/users/me/patch" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-04T23:20:37.771Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "patchUser", + "category": [ + "iam" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-04 23:20:37.771 Z\",\"event\":\"patchUser\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/me/patch\",\"patch\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "user", + "change" ] }, "mattermost": { "audit": { - "patch": { - "name": "admin", - "roles": "system_admin system_user", - "id": "ag99yu4i1if63jrui63tsmq57y" - }, + "api_path": "/api/v4/users/me/patch", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/users/me/patch", + "patch": { + "id": "ag99yu4i1if63jrui63tsmq57y", + "name": "admin", + "roles": "system_admin system_user" + }, "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-04 23:20:37.771 Z\",\"event\":\"patchUser\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/me/patch\",\"patch\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "patchUser", - "category": [ - "iam" - ], - "type": [ - "user", - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/users/me/patch", + "path": "/api/v4/users/me/patch" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", "target": { + "id": "ag99yu4i1if63jrui63tsmq57y", "name": "admin", "roles": [ "system_admin", "system_user" - ], - "id": "ag99yu4i1if63jrui63tsmq57y" + ] } }, - "url": { - "path": "/api/v4/users/me/patch", - "original": "/api/v4/users/me/patch" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-04T23:20:53.063Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "updatePassword", + "category": [ + "iam" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-04 23:20:53.063 Z\",\"event\":\"updatePassword\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/ag99yu4i1if63jrui63tsmq57y/password\",\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "user", + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/password", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/password", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-04 23:20:53.063 Z\",\"event\":\"updatePassword\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/ag99yu4i1if63jrui63tsmq57y/password\",\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "updatePassword", - "category": [ - "iam" - ], - "type": [ - "user", - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/password", + "path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/password" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", "target": { + "id": "ag99yu4i1if63jrui63tsmq57y", "name": "admin", "roles": [ "system_admin", "system_user" - ], - "id": "ag99yu4i1if63jrui63tsmq57y" + ] } }, - "url": { - "path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/password", - "original": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/password" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-04T23:28:18.032Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "updatePreferences", + "category": [ + "iam" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-04 23:28:18.032 Z\",\"event\":\"updatePreferences\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/ag99yu4i1if63jrui63tsmq57y/preferences\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "user", + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/preferences", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/preferences", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-04 23:28:18.032 Z\",\"event\":\"updatePreferences\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/ag99yu4i1if63jrui63tsmq57y/preferences\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "updatePreferences", - "category": [ - "iam" - ], - "type": [ - "user", - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/preferences", + "path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/preferences" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/preferences", - "original": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/preferences" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-04T23:28:19.342Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "createPost", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-04 23:28:19.342 Z\",\"event\":\"createPost\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/posts\",\"post\":{\"id\":\"gbuu48qc17bbjq4xdg5ciq4iao\",\"channel_id\":\"hkmb8e53ijdkbc8agbpuxe8qxc\",\"type\":\"\",\"pinned\":false},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "creation" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/posts", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, @@ -722,97 +727,97 @@ "channel": { "id": "hkmb8e53ijdkbc8agbpuxe8qxc" }, - "pinned": false, - "id": "gbuu48qc17bbjq4xdg5ciq4iao" + "id": "gbuu48qc17bbjq4xdg5ciq4iao", + "pinned": false }, "related": { "channel": [ "hkmb8e53ijdkbc8agbpuxe8qxc" ] }, - "api_path": "/api/v4/posts", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-04 23:28:19.342 Z\",\"event\":\"createPost\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/posts\",\"post\":{\"id\":\"gbuu48qc17bbjq4xdg5ciq4iao\",\"channel_id\":\"hkmb8e53ijdkbc8agbpuxe8qxc\",\"type\":\"\",\"pinned\":false},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "createPost", - "category": [ - "configuration" - ], - "type": [ - "creation" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/posts", + "path": "/api/v4/posts" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/posts", - "original": "/api/v4/posts" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T00:01:23.974Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "createChannel", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:01:23.974 Z\",\"event\":\"createChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "creation" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/channels", "channel": { + "id": "cje83zmowjds9ywg6m4jf8w7oe", "name": "public-channel", - "type": "O", - "id": "cje83zmowjds9ywg6m4jf8w7oe" + "type": "O" }, "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" @@ -822,186 +827,186 @@ "cje83zmowjds9ywg6m4jf8w7oe" ] }, - "api_path": "/api/v4/channels", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:01:23.974 Z\",\"event\":\"createChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "createChannel", - "category": [ - "configuration" - ], - "type": [ - "creation" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/channels", + "path": "/api/v4/channels" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/channels", - "original": "/api/v4/channels" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T00:01:48.946Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "patchChannel", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:01:48.946 Z\",\"event\":\"patchChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/patch\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"patch\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "change" ] }, "mattermost": { "audit": { - "patch": { - "name": "public-channel", - "type": "O", - "id": "cje83zmowjds9ywg6m4jf8w7oe" - }, + "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/patch", "channel": { + "id": "cje83zmowjds9ywg6m4jf8w7oe", "name": "public-channel", - "type": "O", - "id": "cje83zmowjds9ywg6m4jf8w7oe" + "type": "O" }, "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, + "patch": { + "id": "cje83zmowjds9ywg6m4jf8w7oe", + "name": "public-channel", + "type": "O" + }, "related": { "channel": [ "cje83zmowjds9ywg6m4jf8w7oe" ] }, - "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/patch", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", - "ip": "89.160.20.156" - }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:01:48.946 Z\",\"event\":\"patchChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/patch\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"patch\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "patchChannel", - "category": [ - "configuration" - ], - "type": [ - "change" - ], - "outcome": "success" + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.156" + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/patch", + "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/patch" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/patch", - "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/patch" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T00:01:52.914Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "deleteChannel", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:01:52.914 Z\",\"event\":\"deleteChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe\",\"channeld\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "deletion" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe", "channel": { + "id": "cje83zmowjds9ywg6m4jf8w7oe", "name": "public-channel", - "type": "O", - "id": "cje83zmowjds9ywg6m4jf8w7oe" + "type": "O" }, "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" @@ -1011,77 +1016,97 @@ "cje83zmowjds9ywg6m4jf8w7oe" ] }, - "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:01:52.914 Z\",\"event\":\"deleteChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe\",\"channeld\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "deleteChannel", - "category": [ - "configuration" - ], - "type": [ - "deletion" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe", + "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe", - "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-12-05T00:02:01.482Z", + "ecs": { + "version": "8.3.0" + }, + "error": { + "code": "api.channel.delete_channel.deleted.app_error" + }, + "event": { + "action": "deleteChannel", + "category": [ + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:02:01.482 Z\",\"event\":\"deleteChannel\",\"status\":\"fail\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe\",\"channeld\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"code\":400,\"err\":\"api.channel.delete_channel.deleted.app_error\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "failure", + "type": [ + "deletion" + ] + }, + "http": { + "response": { + "status_code": 400 + } + }, "mattermost": { "audit": { + "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe", "channel": { + "id": "cje83zmowjds9ywg6m4jf8w7oe", "name": "public-channel", - "type": "O", - "id": "cje83zmowjds9ywg6m4jf8w7oe" + "type": "O" }, "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" @@ -1091,97 +1116,97 @@ "cje83zmowjds9ywg6m4jf8w7oe" ] }, - "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "error": { - "code": "api.channel.delete_channel.deleted.app_error" - }, - "url": { - "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe", - "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe" - }, "tags": [ "preserve_original_event" ], - "@timestamp": "2021-12-05T00:02:01.482Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" - ], - "ip": [ - "89.160.20.156" - ] - }, - "http": { - "response": { - "status_code": 400 - } - }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:02:01.482 Z\",\"event\":\"deleteChannel\",\"status\":\"fail\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe\",\"channeld\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"code\":400,\"err\":\"api.channel.delete_channel.deleted.app_error\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "deleteChannel", - "category": [ - "configuration" - ], - "type": [ - "deletion" - ], - "outcome": "failure" + "url": { + "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe", + "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" } }, { + "@timestamp": "2021-12-05T00:02:09.835Z", + "ecs": { + "version": "8.3.0" + }, + "error": { + "code": "app.channel.update.bad_id" + }, + "event": { + "action": "convertChannelToPrivate", + "category": [ + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:02:09.835 Z\",\"event\":\"convertChannelToPrivate\",\"status\":\"fail\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"code\":400,\"err\":\"app.channel.update.bad_id\",\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "failure", + "type": [ + "change" + ] + }, + "http": { + "response": { + "status_code": 400 + } + }, "mattermost": { "audit": { + "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert", "channel": { + "id": "cje83zmowjds9ywg6m4jf8w7oe", "name": "public-channel", - "type": "O", - "id": "cje83zmowjds9ywg6m4jf8w7oe" + "type": "O" }, "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" @@ -1191,94 +1216,69 @@ "cje83zmowjds9ywg6m4jf8w7oe" ] }, - "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "error": { - "code": "app.channel.update.bad_id" - }, - "url": { - "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert", - "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert" - }, "tags": [ "preserve_original_event" ], - "@timestamp": "2021-12-05T00:02:09.835Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" - ], - "ip": [ - "89.160.20.156" - ] - }, - "http": { - "response": { - "status_code": 400 - } - }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:02:09.835 Z\",\"event\":\"convertChannelToPrivate\",\"status\":\"fail\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"code\":400,\"err\":\"app.channel.update.bad_id\",\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "convertChannelToPrivate", - "category": [ - "configuration" - ], - "type": [ - "change" - ], - "outcome": "failure" + "url": { + "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert", + "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", "target": { + "id": "ag99yu4i1if63jrui63tsmq57y", "name": "admin", "roles": [ "system_admin", "system_user" - ], - "id": "ag99yu4i1if63jrui63tsmq57y" + ] } }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" } @@ -1286,22 +1286,27 @@ { "@timestamp": "2021-12-05T00:02:25.202Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "restoreChannel", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:02:25.202 Z\",\"event\":\"restoreChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/restore\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/restore", "channel": { + "id": "cje83zmowjds9ywg6m4jf8w7oe", "name": "public-channel", - "type": "O", - "id": "cje83zmowjds9ywg6m4jf8w7oe" + "type": "O" }, "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" @@ -1311,89 +1316,89 @@ "cje83zmowjds9ywg6m4jf8w7oe" ] }, - "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/restore", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:02:25.202 Z\",\"event\":\"restoreChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/restore\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "restoreChannel", - "category": [ - "configuration" - ], - "type": [ - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/restore", + "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/restore" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/restore", - "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/restore" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T00:02:31.485Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "convertChannelToPrivate", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:02:31.485 Z\",\"event\":\"convertChannelToPrivate\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert", "channel": { + "id": "cje83zmowjds9ywg6m4jf8w7oe", "name": "public-channel", - "type": "O", - "id": "cje83zmowjds9ywg6m4jf8w7oe" + "type": "O" }, "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" @@ -1403,97 +1408,97 @@ "cje83zmowjds9ywg6m4jf8w7oe" ] }, - "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:02:31.485 Z\",\"event\":\"convertChannelToPrivate\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"O\"},\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "convertChannelToPrivate", - "category": [ - "configuration" - ], - "type": [ - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert", + "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", "target": { + "id": "ag99yu4i1if63jrui63tsmq57y", "name": "admin", "roles": [ "system_admin", "system_user" - ], - "id": "ag99yu4i1if63jrui63tsmq57y" + ] } }, - "url": { - "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert", - "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/convert" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T00:02:56.786Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "removeChannelMember", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:02:56.786 Z\",\"event\":\"removeChannelMember\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/members/ag99yu4i1if63jrui63tsmq57y\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"P\"},\"remove_user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/members/ag99yu4i1if63jrui63tsmq57y", "channel": { + "id": "cje83zmowjds9ywg6m4jf8w7oe", "name": "public-channel", - "type": "P", - "id": "cje83zmowjds9ywg6m4jf8w7oe" + "type": "P" }, "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" @@ -1503,45 +1508,47 @@ "cje83zmowjds9ywg6m4jf8w7oe" ] }, - "api_path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/members/ag99yu4i1if63jrui63tsmq57y", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:02:56.786 Z\",\"event\":\"removeChannelMember\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/members/ag99yu4i1if63jrui63tsmq57y\",\"channel\":{\"id\":\"cje83zmowjds9ywg6m4jf8w7oe\",\"name\":\"public-channel\",\"type\":\"P\"},\"remove_user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "removeChannelMember", - "category": [ - "configuration" - ], - "type": [ - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/members/ag99yu4i1if63jrui63tsmq57y", + "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/members/ag99yu4i1if63jrui63tsmq57y" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", @@ -1549,129 +1556,127 @@ "id": "ag99yu4i1if63jrui63tsmq57y" } }, - "url": { - "path": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/members/ag99yu4i1if63jrui63tsmq57y", - "original": "/api/v4/channels/cje83zmowjds9ywg6m4jf8w7oe/members/ag99yu4i1if63jrui63tsmq57y" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T00:03:01.043Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "getConfig", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:03:01.043 Z\",\"event\":\"getConfig\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/config\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "admin", + "info" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/config", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/config", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, - "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, + "source": { + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:03:01.043 Z\",\"event\":\"getConfig\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/config\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "getConfig", - "category": [ - "configuration" - ], - "type": [ - "admin", - "info" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/config", + "path": "/api/v4/config" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/config", - "original": "/api/v4/config" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T00:03:13.849Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "createChannel", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:03:13.849 Z\",\"event\":\"createChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels\",\"channel\":{\"id\":\"j3g9ysx6q3nh3q5kiyh3wrugha\",\"name\":\"test\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "creation" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/channels", "channel": { + "id": "j3g9ysx6q3nh3q5kiyh3wrugha", "name": "test", - "type": "O", - "id": "j3g9ysx6q3nh3q5kiyh3wrugha" + "type": "O" }, "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" @@ -1681,89 +1686,89 @@ "j3g9ysx6q3nh3q5kiyh3wrugha" ] }, - "api_path": "/api/v4/channels", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:03:13.849 Z\",\"event\":\"createChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels\",\"channel\":{\"id\":\"j3g9ysx6q3nh3q5kiyh3wrugha\",\"name\":\"test\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "createChannel", - "category": [ - "configuration" - ], - "type": [ - "creation" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/channels", + "path": "/api/v4/channels" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/channels", - "original": "/api/v4/channels" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T00:04:01.294Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "deleteChannel", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:04:01.294 Z\",\"event\":\"deleteChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/j3g9ysx6q3nh3q5kiyh3wrugha\",\"channeld\":{\"id\":\"j3g9ysx6q3nh3q5kiyh3wrugha\",\"name\":\"test\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "deletion" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/channels/j3g9ysx6q3nh3q5kiyh3wrugha", "channel": { + "id": "j3g9ysx6q3nh3q5kiyh3wrugha", "name": "test", - "type": "O", - "id": "j3g9ysx6q3nh3q5kiyh3wrugha" + "type": "O" }, "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" @@ -1773,705 +1778,707 @@ "j3g9ysx6q3nh3q5kiyh3wrugha" ] }, - "api_path": "/api/v4/channels/j3g9ysx6q3nh3q5kiyh3wrugha", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:04:01.294 Z\",\"event\":\"deleteChannel\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/channels/j3g9ysx6q3nh3q5kiyh3wrugha\",\"channeld\":{\"id\":\"j3g9ysx6q3nh3q5kiyh3wrugha\",\"name\":\"test\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "deleteChannel", - "category": [ - "configuration" - ], - "type": [ - "deletion" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/channels/j3g9ysx6q3nh3q5kiyh3wrugha", + "path": "/api/v4/channels/j3g9ysx6q3nh3q5kiyh3wrugha" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/channels/j3g9ysx6q3nh3q5kiyh3wrugha", - "original": "/api/v4/channels/j3g9ysx6q3nh3q5kiyh3wrugha" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T00:12:11.211Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "getConfig", + "category": [ + "configuration" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:12:11.211 Z\",\"event\":\"getConfig\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/config\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "admin", + "info" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/config", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/config", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:12:11.211 Z\",\"event\":\"getConfig\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/config\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "getConfig", - "category": [ - "configuration" - ], - "type": [ - "admin", - "info" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/config", + "path": "/api/v4/config" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/config", - "original": "/api/v4/config" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-12-05T00:12:23.085Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "patchTeam", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:12:23.085 Z\",\"event\":\"patchTeam\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch\",\"patched\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "group", + "change" + ] + }, + "group": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test" + }, "mattermost": { "audit": { - "patch": { - "name": "test", - "type": "O", - "id": "knrndtys13rzzk48ugm7mssnke" - }, + "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "team": { + "patch": { + "id": "knrndtys13rzzk48ugm7mssnke", "name": "test", - "type": "O", - "id": "knrndtys13rzzk48ugm7mssnke" + "type": "O" }, "related": { "team": [ "knrndtys13rzzk48ugm7mssnke" ] }, - "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" + }, + "team": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test", + "type": "O" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "url": { - "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch", - "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch" - }, "tags": [ "preserve_original_event" ], - "@timestamp": "2021-12-05T00:12:23.085Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" - ], - "ip": [ - "89.160.20.156" - ] - }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:12:23.085 Z\",\"event\":\"patchTeam\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch\",\"patched\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "patchTeam", - "category": [ - "iam" - ], - "type": [ - "group", - "change" - ], - "outcome": "success" + "url": { + "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch", + "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "group": { - "name": "test", - "id": "knrndtys13rzzk48ugm7mssnke" } }, { + "@timestamp": "2021-12-05T00:12:29.655Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "patchTeam", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:12:29.655 Z\",\"event\":\"patchTeam\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch\",\"patched\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "group", + "change" + ] + }, + "group": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test" + }, "mattermost": { "audit": { - "patch": { - "name": "test", - "type": "O", - "id": "knrndtys13rzzk48ugm7mssnke" - }, + "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "team": { + "patch": { + "id": "knrndtys13rzzk48ugm7mssnke", "name": "test", - "type": "O", - "id": "knrndtys13rzzk48ugm7mssnke" + "type": "O" }, "related": { "team": [ "knrndtys13rzzk48ugm7mssnke" ] }, - "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" + }, + "team": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test", + "type": "O" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "url": { - "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch", - "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch" - }, "tags": [ "preserve_original_event" ], - "@timestamp": "2021-12-05T00:12:29.655Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" - ], - "ip": [ - "89.160.20.156" - ] - }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:12:29.655 Z\",\"event\":\"patchTeam\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch\",\"patched\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "patchTeam", - "category": [ - "iam" - ], - "type": [ - "group", - "change" - ], - "outcome": "success" + "url": { + "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch", + "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/patch" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "group": { - "name": "test", - "id": "knrndtys13rzzk48ugm7mssnke" } }, { + "@timestamp": "2021-12-05T00:12:46.044Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "createTeam", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:12:46.044 Z\",\"event\":\"createTeam\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams\",\"team\":{\"id\":\"dqpybz1o3pbuzf7876u834nura\",\"name\":\"another-team\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "dqpybz1o3pbuzf7876u834nura", + "name": "another-team" + }, "mattermost": { "audit": { + "api_path": "/api/v4/teams", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "team": { - "name": "another-team", - "type": "O", - "id": "dqpybz1o3pbuzf7876u834nura" - }, "related": { "team": [ "dqpybz1o3pbuzf7876u834nura" ] }, - "api_path": "/api/v4/teams", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" + }, + "team": { + "id": "dqpybz1o3pbuzf7876u834nura", + "name": "another-team", + "type": "O" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "url": { - "path": "/api/v4/teams", - "original": "/api/v4/teams" - }, "tags": [ "preserve_original_event" ], - "@timestamp": "2021-12-05T00:12:46.044Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" - ], - "ip": [ - "89.160.20.156" - ] - }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:12:46.044 Z\",\"event\":\"createTeam\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams\",\"team\":{\"id\":\"dqpybz1o3pbuzf7876u834nura\",\"name\":\"another-team\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "createTeam", - "category": [ - "iam" - ], - "type": [ - "group", - "creation" - ], - "outcome": "success" + "url": { + "original": "/api/v4/teams", + "path": "/api/v4/teams" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "group": { - "name": "another-team", - "id": "dqpybz1o3pbuzf7876u834nura" } }, { "@timestamp": "2021-12-05T00:18:13.183Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "removeTeamMember", + "category": [ + "iam" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:18:13.183 Z\",\"event\":\"removeTeamMember\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/dqpybz1o3pbuzf7876u834nura/members/ag99yu4i1if63jrui63tsmq57y\",\"team\":{\"id\":\"dqpybz1o3pbuzf7876u834nura\",\"name\":\"another-team\",\"type\":\"O\"},\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "group", + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/teams/dqpybz1o3pbuzf7876u834nura/members/ag99yu4i1if63jrui63tsmq57y", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "team": { - "name": "another-team", - "type": "O", - "id": "dqpybz1o3pbuzf7876u834nura" - }, "related": { "team": [ "dqpybz1o3pbuzf7876u834nura" ] }, - "api_path": "/api/v4/teams/dqpybz1o3pbuzf7876u834nura/members/ag99yu4i1if63jrui63tsmq57y", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" + }, + "team": { + "id": "dqpybz1o3pbuzf7876u834nura", + "name": "another-team", + "type": "O" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:18:13.183 Z\",\"event\":\"removeTeamMember\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/dqpybz1o3pbuzf7876u834nura/members/ag99yu4i1if63jrui63tsmq57y\",\"team\":{\"id\":\"dqpybz1o3pbuzf7876u834nura\",\"name\":\"another-team\",\"type\":\"O\"},\"user\":{\"id\":\"ag99yu4i1if63jrui63tsmq57y\",\"name\":\"admin\",\"roles\":\"system_admin system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "removeTeamMember", - "category": [ - "iam" - ], - "type": [ - "group", - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/teams/dqpybz1o3pbuzf7876u834nura/members/ag99yu4i1if63jrui63tsmq57y", + "path": "/api/v4/teams/dqpybz1o3pbuzf7876u834nura/members/ag99yu4i1if63jrui63tsmq57y" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", "target": { - "name": "admin", + "group": { + "id": "dqpybz1o3pbuzf7876u834nura", + "name": "another-team" + }, "id": "ag99yu4i1if63jrui63tsmq57y", + "name": "admin", "roles": [ "system_admin", "system_user" - ], - "group": { - "name": "another-team", - "id": "dqpybz1o3pbuzf7876u834nura" - } + ] } }, - "url": { - "path": "/api/v4/teams/dqpybz1o3pbuzf7876u834nura/members/ag99yu4i1if63jrui63tsmq57y", - "original": "/api/v4/teams/dqpybz1o3pbuzf7876u834nura/members/ag99yu4i1if63jrui63tsmq57y" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T00:18:17.907Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" + "event": { + "action": "revokeAllSessionsForUser", + "category": [ + "session" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 00:18:17.907 Z\",\"event\":\"revokeAllSessionsForUser\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/ag99yu4i1if63jrui63tsmq57y/sessions/revoke/all\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "end" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/sessions/revoke/all", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/sessions/revoke/all", "session": { "id": "mbz8h4gkxp8g3yzanizcpg43dc" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", - "ip": "89.160.20.156" - }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 00:18:17.907 Z\",\"event\":\"revokeAllSessionsForUser\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"mbz8h4gkxp8g3yzanizcpg43dc\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/ag99yu4i1if63jrui63tsmq57y/sessions/revoke/all\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "revokeAllSessionsForUser", - "category": [ - "session" - ], - "type": [ - "end" - ], - "outcome": "success" + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.156" + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/sessions/revoke/all", + "path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/sessions/revoke/all" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, - "url": { - "path": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/sessions/revoke/all", - "original": "/api/v4/users/ag99yu4i1if63jrui63tsmq57y/sessions/revoke/all" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T01:02:56.163Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "other1", - "cuk45yubk3nq8g7udrhojbk8ty" + "event": { + "action": "patchUser", + "category": [ + "iam" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 01:02:56.163 Z\",\"event\":\"patchUser\",\"status\":\"success\",\"user_id\":\"cuk45yubk3nq8g7udrhojbk8ty\",\"session_id\":\"6s4sy7p1b3fqdc3fktsh4yznhr\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/me/patch\",\"patch\":{\"id\":\"cuk45yubk3nq8g7udrhojbk8ty\",\"name\":\"other1\",\"roles\":\"system_user system_admin\"},\"user\":{\"id\":\"cuk45yubk3nq8g7udrhojbk8ty\",\"name\":\"other\",\"roles\":\"system_user system_admin\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "user", + "change" ] }, "mattermost": { "audit": { - "patch": { - "name": "other1", - "roles": "system_user system_admin", - "id": "cuk45yubk3nq8g7udrhojbk8ty" - }, + "api_path": "/api/v4/users/me/patch", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/users/me/patch", + "patch": { + "id": "cuk45yubk3nq8g7udrhojbk8ty", + "name": "other1", + "roles": "system_user system_admin" + }, "session": { "id": "6s4sy7p1b3fqdc3fktsh4yznhr" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "other1", + "cuk45yubk3nq8g7udrhojbk8ty" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 01:02:56.163 Z\",\"event\":\"patchUser\",\"status\":\"success\",\"user_id\":\"cuk45yubk3nq8g7udrhojbk8ty\",\"session_id\":\"6s4sy7p1b3fqdc3fktsh4yznhr\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/users/me/patch\",\"patch\":{\"id\":\"cuk45yubk3nq8g7udrhojbk8ty\",\"name\":\"other1\",\"roles\":\"system_user system_admin\"},\"user\":{\"id\":\"cuk45yubk3nq8g7udrhojbk8ty\",\"name\":\"other\",\"roles\":\"system_user system_admin\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "patchUser", - "category": [ - "iam" - ], - "type": [ - "user", - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/users/me/patch", + "path": "/api/v4/users/me/patch" }, "user": { "changes": { @@ -2479,524 +2486,517 @@ }, "id": "cuk45yubk3nq8g7udrhojbk8ty", "target": { + "id": "cuk45yubk3nq8g7udrhojbk8ty", "name": "other", "roles": [ "system_user", "system_admin" - ], - "id": "cuk45yubk3nq8g7udrhojbk8ty" + ] } }, - "url": { - "path": "/api/v4/users/me/patch", - "original": "/api/v4/users/me/patch" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T01:13:26.358Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y", - "cuk45yubk3nq8g7udrhojbk8ty" + "event": { + "action": "addTeamMembers", + "category": [ + "iam" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 01:13:26.358 Z\",\"event\":\"addTeamMembers\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"f57d8pkf7iyg8xo6ttq73ggcnr\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch\",\"count\":1,\"errors\":\"[]\",\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"user_ids\":\"[cuk45yubk3nq8g7udrhojbk8ty]\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "group", + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "team": { - "name": "test", - "type": "O", - "id": "knrndtys13rzzk48ugm7mssnke" - }, "related": { "team": [ "knrndtys13rzzk48ugm7mssnke" ] }, - "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", "session": { "id": "f57d8pkf7iyg8xo6ttq73ggcnr" + }, + "team": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test", + "type": "O" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y", + "cuk45yubk3nq8g7udrhojbk8ty" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 01:13:26.358 Z\",\"event\":\"addTeamMembers\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"f57d8pkf7iyg8xo6ttq73ggcnr\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch\",\"count\":1,\"errors\":\"[]\",\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"user_ids\":\"[cuk45yubk3nq8g7udrhojbk8ty]\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "addTeamMembers", - "category": [ - "iam" - ], - "type": [ - "group", - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", + "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", "target": { + "group": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test" + }, "id": [ "cuk45yubk3nq8g7udrhojbk8ty" - ], - "group": { - "name": "test", - "id": "knrndtys13rzzk48ugm7mssnke" - } + ] } }, - "url": { - "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", - "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T01:13:08.904Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y", - "cuk45yubk3nq8g7udrhojbk8ty" + "event": { + "action": "addTeamMembers", + "category": [ + "iam" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 01:13:08.904 Z\",\"event\":\"addTeamMembers\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"f57d8pkf7iyg8xo6ttq73ggcnr\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch\",\"count\":1,\"errors\":\"[cuk45yubk3nq8g7udrhojbk8ty:JoinUserToTeam: The user cannot be added as the domain associated with the account is not permitted. Contact your System Administrator for additional details., ]\",\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"user_ids\":\"[cuk45yubk3nq8g7udrhojbk8ty]\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "failure", + "type": [ + "group", + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "team": { - "name": "test", - "type": "O", - "id": "knrndtys13rzzk48ugm7mssnke" + "error": { + "message": [ + "cuk45yubk3nq8g7udrhojbk8ty:JoinUserToTeam: The user cannot be added as the domain associated with the account is not permitted. Contact your System Administrator for additional details." + ] }, "related": { "team": [ "knrndtys13rzzk48ugm7mssnke" ] }, - "error": { - "message": [ - "cuk45yubk3nq8g7udrhojbk8ty:JoinUserToTeam: The user cannot be added as the domain associated with the account is not permitted. Contact your System Administrator for additional details." - ] - }, - "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", "session": { "id": "f57d8pkf7iyg8xo6ttq73ggcnr" + }, + "team": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test", + "type": "O" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y", + "cuk45yubk3nq8g7udrhojbk8ty" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 01:13:08.904 Z\",\"event\":\"addTeamMembers\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"f57d8pkf7iyg8xo6ttq73ggcnr\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch\",\"count\":1,\"errors\":\"[cuk45yubk3nq8g7udrhojbk8ty:JoinUserToTeam: The user cannot be added as the domain associated with the account is not permitted. Contact your System Administrator for additional details., ]\",\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"user_ids\":\"[cuk45yubk3nq8g7udrhojbk8ty]\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "addTeamMembers", - "category": [ - "iam" - ], - "type": [ - "group", - "change" - ], - "outcome": "failure" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", + "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", "target": { + "group": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test" + }, "id": [ "cuk45yubk3nq8g7udrhojbk8ty" - ], - "group": { - "name": "test", - "id": "knrndtys13rzzk48ugm7mssnke" - } + ] } }, - "url": { - "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", - "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-12-05T01:20:06.246Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y", - "cuk45yubk3nq8g7udrhojbk8ty", - "z63ehbxy47fwpc8bmz9ouuh7fe" + "event": { + "action": "addTeamMembers", + "category": [ + "iam" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 01:20:06.246 Z\",\"event\":\"addTeamMembers\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"f57d8pkf7iyg8xo6ttq73ggcnr\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch\",\"count\":2,\"errors\":\"[cuk45yubk3nq8g7udrhojbk8ty:JoinUserToTeam: The user cannot be added as the domain associated with the account is not permitted. Contact your System Administrator for additional details., z63ehbxy47fwpc8bmz9ouuh7fe:JoinUserToTeam: The user cannot be added as the domain associated with the account is not permitted. Contact your System Administrator for additional details., ]\",\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"user_ids\":\"[cuk45yubk3nq8g7udrhojbk8ty z63ehbxy47fwpc8bmz9ouuh7fe]\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "failure", + "type": [ + "group", + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "team": { - "name": "test", - "type": "O", - "id": "knrndtys13rzzk48ugm7mssnke" - }, - "related": { - "team": [ - "knrndtys13rzzk48ugm7mssnke" - ] - }, "error": { "message": [ "cuk45yubk3nq8g7udrhojbk8ty:JoinUserToTeam: The user cannot be added as the domain associated with the account is not permitted. Contact your System Administrator for additional details.", "z63ehbxy47fwpc8bmz9ouuh7fe:JoinUserToTeam: The user cannot be added as the domain associated with the account is not permitted. Contact your System Administrator for additional details." ] }, - "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", + "related": { + "team": [ + "knrndtys13rzzk48ugm7mssnke" + ] + }, "session": { "id": "f57d8pkf7iyg8xo6ttq73ggcnr" + }, + "team": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test", + "type": "O" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y", + "cuk45yubk3nq8g7udrhojbk8ty", + "z63ehbxy47fwpc8bmz9ouuh7fe" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 01:20:06.246 Z\",\"event\":\"addTeamMembers\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"f57d8pkf7iyg8xo6ttq73ggcnr\",\"ip_address\":\"89.160.20.156\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch\",\"count\":2,\"errors\":\"[cuk45yubk3nq8g7udrhojbk8ty:JoinUserToTeam: The user cannot be added as the domain associated with the account is not permitted. Contact your System Administrator for additional details., z63ehbxy47fwpc8bmz9ouuh7fe:JoinUserToTeam: The user cannot be added as the domain associated with the account is not permitted. Contact your System Administrator for additional details., ]\",\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"user_ids\":\"[cuk45yubk3nq8g7udrhojbk8ty z63ehbxy47fwpc8bmz9ouuh7fe]\",\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "addTeamMembers", - "category": [ - "iam" - ], - "type": [ - "group", - "change" - ], - "outcome": "failure" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", + "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", "target": { + "group": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test" + }, "id": [ "cuk45yubk3nq8g7udrhojbk8ty", "z63ehbxy47fwpc8bmz9ouuh7fe" - ], - "group": { - "name": "test", - "id": "knrndtys13rzzk48ugm7mssnke" - } + ] } }, - "url": { - "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch", - "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke/members/batch" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-12-05T17:21:36.724Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "deleteTeam", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 17:21:36.724 Z\",\"event\":\"deleteTeam\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"5timirrr5785mb3q1wutb5unrr\",\"ip_address\":\"127.0.0.1\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke\",\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"mmctl/5.31.0 (linux)\"}", + "outcome": "success", + "type": [ + "group", + "deletion" + ] + }, + "group": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test" + }, "mattermost": { "audit": { + "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "team": { - "name": "test", - "type": "O", - "id": "knrndtys13rzzk48ugm7mssnke" - }, "related": { "team": [ "knrndtys13rzzk48ugm7mssnke" ] }, - "api_path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke", "session": { "id": "5timirrr5785mb3q1wutb5unrr" + }, + "team": { + "id": "knrndtys13rzzk48ugm7mssnke", + "name": "test", + "type": "O" } } }, + "related": { + "ip": [ + "127.0.0.1" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y" + ] + }, "source": { "address": "127.0.0.1", "ip": "127.0.0.1" }, - "url": { - "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke", - "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke" - }, "tags": [ "preserve_original_event" ], - "@timestamp": "2021-12-05T17:21:36.724Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y" - ], - "ip": [ - "127.0.0.1" - ] - }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 17:21:36.724 Z\",\"event\":\"deleteTeam\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"5timirrr5785mb3q1wutb5unrr\",\"ip_address\":\"127.0.0.1\",\"api_path\":\"/api/v4/teams/knrndtys13rzzk48ugm7mssnke\",\"team\":{\"id\":\"knrndtys13rzzk48ugm7mssnke\",\"name\":\"test\",\"type\":\"O\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"mmctl/5.31.0 (linux)\"}", - "kind": "event", - "action": "deleteTeam", - "category": [ - "iam" - ], - "type": [ - "group", - "deletion" - ], - "outcome": "success" + "url": { + "original": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke", + "path": "/api/v4/teams/knrndtys13rzzk48ugm7mssnke" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y" }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Other", "original": "mmctl/5.31.0 (linux)", "os": { "name": "Linux" - }, - "device": { - "name": "Other" } - }, - "group": { - "name": "test", - "id": "knrndtys13rzzk48ugm7mssnke" } }, { "@timestamp": "2021-12-05T17:24:33.077Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "ag99yu4i1if63jrui63tsmq57y", - "z63ehbxy47fwpc8bmz9ouuh7fe" + "event": { + "action": "updateUserActive", + "category": [ + "iam" ], - "ip": [ - "89.160.20.156" + "kind": "event", + "original": "{\"timestamp\":\"2021-12-05 17:24:33.077 Z\",\"event\":\"updateUserActive\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"jnqqnh3onjympe4u8pa5mgtexw\",\"ip_address\":\"89.160.20.156\",\"active\":false,\"api_path\":\"/api/v4/users/z63ehbxy47fwpc8bmz9ouuh7fe/active\",\"user\":{\"id\":\"z63ehbxy47fwpc8bmz9ouuh7fe\",\"name\":\"other2\",\"roles\":\"system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", + "outcome": "success", + "type": [ + "admin", + "user", + "change" ] }, "mattermost": { "audit": { + "api_path": "/api/v4/users/z63ehbxy47fwpc8bmz9ouuh7fe/active", "cluster": { "id": "jq3utry71f8a7q9qgebmjccf4r" }, - "api_path": "/api/v4/users/z63ehbxy47fwpc8bmz9ouuh7fe/active", "session": { "id": "jnqqnh3onjympe4u8pa5mgtexw" } } }, + "related": { + "ip": [ + "89.160.20.156" + ], + "user": [ + "ag99yu4i1if63jrui63tsmq57y", + "z63ehbxy47fwpc8bmz9ouuh7fe" + ] + }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "SE-E", - "city_name": "Linköping", - "country_iso_code": "SE", - "country_name": "Sweden", - "region_name": "Östergötland County", - "location": { - "lon": 15.6167, - "lat": 58.4167 - } - }, + "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, - "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156" }, - "event": { - "original": "{\"timestamp\":\"2021-12-05 17:24:33.077 Z\",\"event\":\"updateUserActive\",\"status\":\"success\",\"user_id\":\"ag99yu4i1if63jrui63tsmq57y\",\"session_id\":\"jnqqnh3onjympe4u8pa5mgtexw\",\"ip_address\":\"89.160.20.156\",\"active\":false,\"api_path\":\"/api/v4/users/z63ehbxy47fwpc8bmz9ouuh7fe/active\",\"user\":{\"id\":\"z63ehbxy47fwpc8bmz9ouuh7fe\",\"name\":\"other2\",\"roles\":\"system_user\"},\"cluster_id\":\"jq3utry71f8a7q9qgebmjccf4r\",\"client\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36\"}", - "kind": "event", - "action": "updateUserActive", - "category": [ - "iam" - ], - "type": [ - "admin", - "user", - "change" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "/api/v4/users/z63ehbxy47fwpc8bmz9ouuh7fe/active", + "path": "/api/v4/users/z63ehbxy47fwpc8bmz9ouuh7fe/active" }, "user": { "id": "ag99yu4i1if63jrui63tsmq57y", "target": { + "id": "z63ehbxy47fwpc8bmz9ouuh7fe", "name": "other2", "roles": [ "system_user" - ], - "id": "z63ehbxy47fwpc8bmz9ouuh7fe" + ] } }, - "url": { - "path": "/api/v4/users/z63ehbxy47fwpc8bmz9ouuh7fe/active", - "original": "/api/v4/users/z63ehbxy47fwpc8bmz9ouuh7fe/active" - }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "96.0.4664.45" - }, - "tags": [ - "preserve_original_event" - ] + } } ] } \ No newline at end of file diff --git a/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 657730e0497..5e07513b1bb 100644 --- a/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Mattermost audit logs processors: - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - rename: field: message target_field: event.original diff --git a/packages/mattermost/data_stream/audit/sample_event.json b/packages/mattermost/data_stream/audit/sample_event.json index dae9de4729a..771a6c9540c 100644 --- a/packages/mattermost/data_stream/audit/sample_event.json +++ b/packages/mattermost/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/mattermost/docs/README.md b/packages/mattermost/docs/README.md index dbbcf46f066..eb65c6786df 100644 --- a/packages/mattermost/docs/README.md +++ b/packages/mattermost/docs/README.md @@ -136,7 +136,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/mattermost/manifest.yml b/packages/mattermost/manifest.yml index 5d9e94972e3..94b28aa3dd9 100644 --- a/packages/mattermost/manifest.yml +++ b/packages/mattermost/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mattermost title: "Mattermost" -version: 1.2.0 +version: "1.3.0" license: basic description: Collect and parse logs from Mattermost with Elastic Agent. type: integration diff --git a/packages/microsoft_defender_endpoint/_dev/build/build.yml b/packages/microsoft_defender_endpoint/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/microsoft_defender_endpoint/_dev/build/build.yml +++ b/packages/microsoft_defender_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index a6750f5a6c0..15b3f354ac9 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.2.1" changes: - description: Update to Readme to include link to vendor documentation diff --git a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json index 700435dcfe5..cb5ec573d99 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json @@ -1,34 +1,59 @@ { "expected": [ { - "rule": { - "description": "Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\n\nA malware is considered active if it is found running on the machine or it already has persistence mechanisms in place. Active malware detections are assigned higher severity ratings.\n\nBecause this malware was active, take precautionary measures and check for residual signs of infection." + "cloud": { + "account": { + "id": "123543-d66c-4c7e-9e30-40034eb7c6f3" + }, + "instance": { + "id": "c5a964f417c11f6277d5bf9489f0d" + }, + "provider": "azure" + }, + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "Malware", + "category": [ + "host", + "malware" + ], + "created": "2020-06-30T10:09:01.1569718Z", + "duration": 0, + "end": "2020-06-30T10:07:44.333733Z", + "id": "da637291085411733957_-1043898914", + "kind": "alert", + "original": "{\"id\":\"da637291085411733957_-1043898914\",\"incidentId\":12,\"investigationId\":9,\"assignedTo\":\"elastic@elasticuser.com\",\"severity\":\"Low\",\"status\":\"Resolved\",\"classification\":null,\"determination\":null,\"investigationState\":\"Benign\",\"detectionSource\":\"WindowsDefenderAv\",\"category\":\"Malware\",\"threatFamilyName\":null,\"title\":\"An active 'Exeselrun' malware was detected\",\"description\":\"Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\\n\\nA malware is considered active if it is found running on the machine or it already has persistence mechanisms in place. Active malware detections are assigned higher severity ratings.\\n\\nBecause this malware was active, take precautionary measures and check for residual signs of infection.\",\"alertCreationTime\":\"2020-06-30T10:09:01.1569718Z\",\"firstEventTime\":\"2020-06-30T10:07:44.333733Z\",\"lastEventTime\":\"2020-06-30T10:07:44.333733Z\",\"lastUpdateTime\":\"2020-07-03T15:15:39.13Z\",\"resolvedTime\":\"2020-06-30T11:13:12.2680434Z\",\"machineId\":\"c5a964f417c11f6277d5bf9489f0d\",\"computerDnsName\":\"testserver4\",\"rbacGroupName\":null,\"aadTenantId\":\"123543-d66c-4c7e-9e30-40034eb7c6f3\",\"relatedUser\":null,\"comments\":[],\"evidence\":{\"entityType\":\"File\",\"sha1\":null,\"sha256\":null,\"fileName\":\"SB.xsl\",\"filePath\":\"C:\\\\Windows\\\\Temp\\\\sb-sim-temp-ikyxqi\\\\sb_10554_bs_h4qpk5\",\"processId\":null,\"processCommandLine\":null,\"processCreationTime\":null,\"parentProcessId\":null,\"parentProcessCreationTime\":null,\"ipAddress\":null,\"url\":null,\"accountName\":null,\"domainName\":null,\"userSid\":null,\"aadUserId\":null,\"userPrincipalName\":null}}", + "provider": "defender_endpoint", + "severity": 2, + "start": "2020-06-30T10:07:44.333733Z", + "timezone": "UTC", + "type": [ + "end" + ] + }, + "file": { + "name": "SB.xsl", + "path": "C:\\Windows\\Temp\\sb-sim-temp-ikyxqi\\sb_10554_bs_h4qpk5" + }, + "host": { + "hostname": "testserver4", + "name": "testserver4" }, "message": "An active 'Exeselrun' malware was detected", "microsoft": { "defender_endpoint": { - "investigationId": "9", + "assignedTo": "elastic@elasticuser.com", "evidence": { "entityType": "File" }, - "resolvedTime": "2020-06-30T11:13:12.2680434Z", - "investigationState": "Benign", "incidentId": "12", - "assignedTo": "elastic@elasticuser.com", - "status": "Resolved", - "lastUpdateTime": "2020-07-03T15:15:39.13Z" - } - }, - "tags": [ - "preserve_original_event" - ], - "cloud": { - "provider": "azure", - "account": { - "id": "123543-d66c-4c7e-9e30-40034eb7c6f3" - }, - "instance": { - "id": "c5a964f417c11f6277d5bf9489f0d" + "investigationId": "9", + "investigationState": "Benign", + "lastUpdateTime": "2020-07-03T15:15:39.13Z", + "resolvedTime": "2020-06-30T11:13:12.2680434Z", + "status": "Resolved" } }, "observer": { @@ -36,85 +61,81 @@ "product": "Defender for Endpoint", "vendor": "Microsoft" }, - "file": { - "name": "SB.xsl", - "path": "C:\\Windows\\Temp\\sb-sim-temp-ikyxqi\\sb_10554_bs_h4qpk5" - }, - "ecs": { - "version": "8.2.0" - }, "related": { "hosts": [ "testserver4" ] }, - "host": { - "name": "testserver4", - "hostname": "testserver4" + "rule": { + "description": "Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\n\nA malware is considered active if it is found running on the machine or it already has persistence mechanisms in place. Active malware detections are assigned higher severity ratings.\n\nBecause this malware was active, take precautionary measures and check for residual signs of infection." }, + "tags": [ + "preserve_original_event" + ], "threat": { + "framework": "MITRE ATT\u0026CK", "technique": { "name": "Malware" + } + } + }, + { + "cloud": { + "account": { + "id": "123543-d66c-4c7e-9e30-40034eb7c6f3" }, - "framework": "MITRE ATT\u0026CK" + "instance": { + "id": "543bc5a964f417c11f6277d5bf9489f0d" + }, + "provider": "azure" + }, + "ecs": { + "version": "8.3.0" }, "event": { - "severity": 2, - "original": "{\"id\":\"da637291085411733957_-1043898914\",\"incidentId\":12,\"investigationId\":9,\"assignedTo\":\"elastic@elasticuser.com\",\"severity\":\"Low\",\"status\":\"Resolved\",\"classification\":null,\"determination\":null,\"investigationState\":\"Benign\",\"detectionSource\":\"WindowsDefenderAv\",\"category\":\"Malware\",\"threatFamilyName\":null,\"title\":\"An active 'Exeselrun' malware was detected\",\"description\":\"Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\\n\\nA malware is considered active if it is found running on the machine or it already has persistence mechanisms in place. Active malware detections are assigned higher severity ratings.\\n\\nBecause this malware was active, take precautionary measures and check for residual signs of infection.\",\"alertCreationTime\":\"2020-06-30T10:09:01.1569718Z\",\"firstEventTime\":\"2020-06-30T10:07:44.333733Z\",\"lastEventTime\":\"2020-06-30T10:07:44.333733Z\",\"lastUpdateTime\":\"2020-07-03T15:15:39.13Z\",\"resolvedTime\":\"2020-06-30T11:13:12.2680434Z\",\"machineId\":\"c5a964f417c11f6277d5bf9489f0d\",\"computerDnsName\":\"testserver4\",\"rbacGroupName\":null,\"aadTenantId\":\"123543-d66c-4c7e-9e30-40034eb7c6f3\",\"relatedUser\":null,\"comments\":[],\"evidence\":{\"entityType\":\"File\",\"sha1\":null,\"sha256\":null,\"fileName\":\"SB.xsl\",\"filePath\":\"C:\\\\Windows\\\\Temp\\\\sb-sim-temp-ikyxqi\\\\sb_10554_bs_h4qpk5\",\"processId\":null,\"processCommandLine\":null,\"processCreationTime\":null,\"parentProcessId\":null,\"parentProcessCreationTime\":null,\"ipAddress\":null,\"url\":null,\"accountName\":null,\"domainName\":null,\"userSid\":null,\"aadUserId\":null,\"userPrincipalName\":null}}", + "action": "DefenseEvasion", + "category": [ + "host", + "process" + ], + "created": "2020-06-30T09:08:11.1084877Z", + "duration": 2442699369800, + "end": "2020-06-30T09:45:39.5484377Z", + "id": "da637291048912199236_1126926584", "kind": "alert", + "original": "{\"id\":\"da637291048912199236_1126926584\",\"incidentId\":11,\"investigationId\":7,\"assignedTo\":null,\"severity\":\"Medium\",\"status\":\"New\",\"classification\":null,\"determination\":null,\"investigationState\":\"TerminatedByUser\",\"detectionSource\":\"WindowsDefenderAtp\",\"category\":\"DefenseEvasion\",\"threatFamilyName\":null,\"title\":\"Suspicious process injection observed\",\"description\":\"A process abnormally injected code into another process, As a result, unexpected code may be running in the target process memory. Injection is often used to hide malicious code execution within a trusted process. \\nAs a result, the target process may exhibit abnormal behaviors such as opening a listening port or connecting to a command and control server.\",\"alertCreationTime\":\"2020-06-30T09:08:11.1084877Z\",\"firstEventTime\":\"2020-06-30T09:04:56.8490679Z\",\"lastEventTime\":\"2020-06-30T09:45:39.5484377Z\",\"lastUpdateTime\":\"2020-06-30T15:29:44.7733333Z\",\"resolvedTime\":null,\"machineId\":\"543bc5a964f417c11f6277d5bf9489f0d\",\"computerDnsName\":\"testserver4\",\"rbacGroupName\":null,\"aadTenantId\":\"123543-d66c-4c7e-9e30-40034eb7c6f3\",\"relatedUser\":{\"userName\":\"administrator1\",\"domainName\":\"TestServer4\"},\"comments\":[],\"evidence\":{\"entityType\":\"Process\",\"sha1\":\"b6d237154f2e528f0b503b58b025862d66b02b73\",\"sha256\":\"a92056d772260b39a876d01552496b2f8b4610a0b1e084952fe1176784e2ce77\",\"fileName\":\"notepad.exe\",\"filePath\":\"C:\\\\Windows\\\\System32\",\"processId\":4104,\"processCommandLine\":\"\\\"notepad.exe\\\"\",\"processCreationTime\":\"2020-06-30T09:45:38.9784654Z\",\"parentProcessId\":6012,\"parentProcessCreationTime\":\"2020-06-30T09:04:51.487396Z\",\"ipAddress\":null,\"url\":null,\"accountName\":null,\"domainName\":null,\"userSid\":null,\"aadUserId\":null,\"userPrincipalName\":null}}", + "provider": "defender_endpoint", + "severity": 3, + "start": "2020-06-30T09:04:56.8490679Z", "timezone": "UTC", - "created": "2020-06-30T10:09:01.1569718Z", - "start": "2020-06-30T10:07:44.333733Z", "type": [ - "end" - ], - "duration": 0, - "provider": "defender_endpoint", - "action": "Malware", - "end": "2020-06-30T10:07:44.333733Z", - "id": "da637291085411733957_-1043898914", - "category": [ - "host", - "malware" + "creation", + "start" ] - } - }, - { - "process": { - "start": "2020-06-30T09:45:38.9784654Z", - "parent": { - "start": "2020-06-30T09:04:51.487396Z", - "pid": 6012 + }, + "file": { + "hash": { + "sha1": "b6d237154f2e528f0b503b58b025862d66b02b73", + "sha256": "a92056d772260b39a876d01552496b2f8b4610a0b1e084952fe1176784e2ce77" }, - "pid": 4104, - "command_line": "\"notepad.exe\"" + "name": "notepad.exe", + "path": "C:\\Windows\\System32" }, - "rule": { - "description": "A process abnormally injected code into another process, As a result, unexpected code may be running in the target process memory. Injection is often used to hide malicious code execution within a trusted process. \nAs a result, the target process may exhibit abnormal behaviors such as opening a listening port or connecting to a command and control server." + "host": { + "hostname": "testserver4", + "name": "testserver4" }, "message": "Suspicious process injection observed", "microsoft": { "defender_endpoint": { - "investigationId": "7", "evidence": { "entityType": "Process" }, - "investigationState": "TerminatedByUser", "incidentId": "11", - "status": "New", - "lastUpdateTime": "2020-06-30T15:29:44.7733333Z" - } - }, - "tags": [ - "preserve_original_event" - ], - "cloud": { - "provider": "azure", - "account": { - "id": "123543-d66c-4c7e-9e30-40034eb7c6f3" - }, - "instance": { - "id": "543bc5a964f417c11f6277d5bf9489f0d" + "investigationId": "7", + "investigationState": "TerminatedByUser", + "lastUpdateTime": "2020-06-30T15:29:44.7733333Z", + "status": "New" } }, "observer": { @@ -122,94 +143,95 @@ "product": "Defender for Endpoint", "vendor": "Microsoft" }, - "file": { - "name": "notepad.exe", - "path": "C:\\Windows\\System32", - "hash": { - "sha1": "b6d237154f2e528f0b503b58b025862d66b02b73", - "sha256": "a92056d772260b39a876d01552496b2f8b4610a0b1e084952fe1176784e2ce77" - } - }, - "ecs": { - "version": "8.2.0" + "process": { + "command_line": "\"notepad.exe\"", + "parent": { + "pid": 6012, + "start": "2020-06-30T09:04:51.487396Z" + }, + "pid": 4104, + "start": "2020-06-30T09:45:38.9784654Z" }, "related": { - "user": [ - "administrator1" + "hash": [ + "b6d237154f2e528f0b503b58b025862d66b02b73", + "a92056d772260b39a876d01552496b2f8b4610a0b1e084952fe1176784e2ce77" ], "hosts": [ "testserver4" ], - "hash": [ - "b6d237154f2e528f0b503b58b025862d66b02b73", - "a92056d772260b39a876d01552496b2f8b4610a0b1e084952fe1176784e2ce77" + "user": [ + "administrator1" ] }, - "host": { - "name": "testserver4", - "hostname": "testserver4" + "rule": { + "description": "A process abnormally injected code into another process, As a result, unexpected code may be running in the target process memory. Injection is often used to hide malicious code execution within a trusted process. \nAs a result, the target process may exhibit abnormal behaviors such as opening a listening port or connecting to a command and control server." }, + "tags": [ + "preserve_original_event" + ], "threat": { + "framework": "MITRE ATT\u0026CK", "technique": { "name": "DefenseEvasion" + } + }, + "user": { + "domain": "TestServer4", + "name": "administrator1" + } + }, + { + "cloud": { + "account": { + "id": "43521344-d66c-4c7e-9e30-40034eb7c6f3" }, - "framework": "MITRE ATT\u0026CK" + "instance": { + "id": "53425a964f417c11f6277d5bf9489f0d" + }, + "provider": "azure" + }, + "ecs": { + "version": "8.3.0" }, "event": { - "severity": 3, - "original": "{\"id\":\"da637291048912199236_1126926584\",\"incidentId\":11,\"investigationId\":7,\"assignedTo\":null,\"severity\":\"Medium\",\"status\":\"New\",\"classification\":null,\"determination\":null,\"investigationState\":\"TerminatedByUser\",\"detectionSource\":\"WindowsDefenderAtp\",\"category\":\"DefenseEvasion\",\"threatFamilyName\":null,\"title\":\"Suspicious process injection observed\",\"description\":\"A process abnormally injected code into another process, As a result, unexpected code may be running in the target process memory. Injection is often used to hide malicious code execution within a trusted process. \\nAs a result, the target process may exhibit abnormal behaviors such as opening a listening port or connecting to a command and control server.\",\"alertCreationTime\":\"2020-06-30T09:08:11.1084877Z\",\"firstEventTime\":\"2020-06-30T09:04:56.8490679Z\",\"lastEventTime\":\"2020-06-30T09:45:39.5484377Z\",\"lastUpdateTime\":\"2020-06-30T15:29:44.7733333Z\",\"resolvedTime\":null,\"machineId\":\"543bc5a964f417c11f6277d5bf9489f0d\",\"computerDnsName\":\"testserver4\",\"rbacGroupName\":null,\"aadTenantId\":\"123543-d66c-4c7e-9e30-40034eb7c6f3\",\"relatedUser\":{\"userName\":\"administrator1\",\"domainName\":\"TestServer4\"},\"comments\":[],\"evidence\":{\"entityType\":\"Process\",\"sha1\":\"b6d237154f2e528f0b503b58b025862d66b02b73\",\"sha256\":\"a92056d772260b39a876d01552496b2f8b4610a0b1e084952fe1176784e2ce77\",\"fileName\":\"notepad.exe\",\"filePath\":\"C:\\\\Windows\\\\System32\",\"processId\":4104,\"processCommandLine\":\"\\\"notepad.exe\\\"\",\"processCreationTime\":\"2020-06-30T09:45:38.9784654Z\",\"parentProcessId\":6012,\"parentProcessCreationTime\":\"2020-06-30T09:04:51.487396Z\",\"ipAddress\":null,\"url\":null,\"accountName\":null,\"domainName\":null,\"userSid\":null,\"aadUserId\":null,\"userPrincipalName\":null}}", - "kind": "alert", - "timezone": "UTC", + "action": "DefenseEvasion", + "category": [ + "host" + ], "created": "2020-06-30T09:08:11.1084877Z", + "duration": 2442699369800, + "end": "2020-06-30T09:45:39.5484377Z", + "id": "da637291048912199236_1126926584", + "kind": "alert", + "original": "{\"id\":\"da637291048912199236_1126926584\",\"incidentId\":11,\"investigationId\":7,\"assignedTo\":null,\"severity\":\"Medium\",\"status\":\"New\",\"classification\":null,\"determination\":null,\"investigationState\":\"TerminatedByUser\",\"detectionSource\":\"WindowsDefenderAtp\",\"category\":\"DefenseEvasion\",\"threatFamilyName\":null,\"title\":\"Suspicious process injection observed\",\"description\":\"A process abnormally injected code into another process, As a result, unexpected code may be running in the target process memory. Injection is often used to hide malicious code execution within a trusted process. \\nAs a result, the target process may exhibit abnormal behaviors such as opening a listening port or connecting to a command and control server.\",\"alertCreationTime\":\"2020-06-30T09:08:11.1084877Z\",\"firstEventTime\":\"2020-06-30T09:04:56.8490679Z\",\"lastEventTime\":\"2020-06-30T09:45:39.5484377Z\",\"lastUpdateTime\":\"2020-06-30T15:29:44.7733333Z\",\"resolvedTime\":null,\"machineId\":\"53425a964f417c11f6277d5bf9489f0d\",\"computerDnsName\":\"testserver4\",\"rbacGroupName\":null,\"aadTenantId\":\"43521344-d66c-4c7e-9e30-40034eb7c6f3\",\"relatedUser\":{\"userName\":\"administrator1\",\"domainName\":\"TestServer4\"},\"comments\":[],\"evidence\":{\"entityType\":\"User\",\"sha1\":null,\"sha256\":null,\"fileName\":null,\"filePath\":null,\"processId\":null,\"processCommandLine\":null,\"processCreationTime\":null,\"parentProcessId\":null,\"parentProcessCreationTime\":null,\"ipAddress\":null,\"url\":null,\"accountName\":\"administrator1\",\"domainName\":\"TestServer4\",\"userSid\":\"S-1-5-21-46152456-1367606905-4031241297-500\",\"aadUserId\":null,\"userPrincipalName\":null}}", + "provider": "defender_endpoint", + "severity": 3, "start": "2020-06-30T09:04:56.8490679Z", + "timezone": "UTC", "type": [ + "user", "creation", "start" - ], - "duration": 2442699369800, - "provider": "defender_endpoint", - "action": "DefenseEvasion", - "end": "2020-06-30T09:45:39.5484377Z", - "id": "da637291048912199236_1126926584", - "category": [ - "host", - "process" ] }, - "user": { - "name": "administrator1", - "domain": "TestServer4" - } - }, - { - "rule": { - "description": "A process abnormally injected code into another process, As a result, unexpected code may be running in the target process memory. Injection is often used to hide malicious code execution within a trusted process. \nAs a result, the target process may exhibit abnormal behaviors such as opening a listening port or connecting to a command and control server." + "host": { + "hostname": "testserver4", + "name": "testserver4" }, "message": "Suspicious process injection observed", "microsoft": { "defender_endpoint": { - "investigationId": "7", "evidence": { "accountName": "administrator1", - "entityType": "User", - "domainName": "TestServer4" + "domainName": "TestServer4", + "entityType": "User" }, - "investigationState": "TerminatedByUser", "incidentId": "11", - "status": "New", - "lastUpdateTime": "2020-06-30T15:29:44.7733333Z" - } - }, - "tags": [ - "preserve_original_event" - ], - "cloud": { - "provider": "azure", - "account": { - "id": "43521344-d66c-4c7e-9e30-40034eb7c6f3" - }, - "instance": { - "id": "53425a964f417c11f6277d5bf9489f0d" + "investigationId": "7", + "investigationState": "TerminatedByUser", + "lastUpdateTime": "2020-06-30T15:29:44.7733333Z", + "status": "New" } }, "observer": { @@ -217,83 +239,89 @@ "product": "Defender for Endpoint", "vendor": "Microsoft" }, - "ecs": { - "version": "8.2.0" - }, "related": { - "user": [ - "administrator1" - ], "hosts": [ "testserver4" + ], + "user": [ + "administrator1" ] }, - "host": { - "name": "testserver4", - "hostname": "testserver4" + "rule": { + "description": "A process abnormally injected code into another process, As a result, unexpected code may be running in the target process memory. Injection is often used to hide malicious code execution within a trusted process. \nAs a result, the target process may exhibit abnormal behaviors such as opening a listening port or connecting to a command and control server." }, + "tags": [ + "preserve_original_event" + ], "threat": { + "framework": "MITRE ATT\u0026CK", "technique": { "name": "DefenseEvasion" + } + }, + "user": { + "domain": "TestServer4", + "id": "S-1-5-21-46152456-1367606905-4031241297-500", + "name": "administrator1" + } + }, + { + "cloud": { + "account": { + "id": "1234543-d66c-4c7e-9e30-40034eb7c6f3" + }, + "instance": { + "id": "t4563234bc5a964f417c11f6277d5bf9489f0d" }, - "framework": "MITRE ATT\u0026CK" + "provider": "azure" + }, + "ecs": { + "version": "8.3.0" }, "event": { - "severity": 3, - "original": "{\"id\":\"da637291048912199236_1126926584\",\"incidentId\":11,\"investigationId\":7,\"assignedTo\":null,\"severity\":\"Medium\",\"status\":\"New\",\"classification\":null,\"determination\":null,\"investigationState\":\"TerminatedByUser\",\"detectionSource\":\"WindowsDefenderAtp\",\"category\":\"DefenseEvasion\",\"threatFamilyName\":null,\"title\":\"Suspicious process injection observed\",\"description\":\"A process abnormally injected code into another process, As a result, unexpected code may be running in the target process memory. Injection is often used to hide malicious code execution within a trusted process. \\nAs a result, the target process may exhibit abnormal behaviors such as opening a listening port or connecting to a command and control server.\",\"alertCreationTime\":\"2020-06-30T09:08:11.1084877Z\",\"firstEventTime\":\"2020-06-30T09:04:56.8490679Z\",\"lastEventTime\":\"2020-06-30T09:45:39.5484377Z\",\"lastUpdateTime\":\"2020-06-30T15:29:44.7733333Z\",\"resolvedTime\":null,\"machineId\":\"53425a964f417c11f6277d5bf9489f0d\",\"computerDnsName\":\"testserver4\",\"rbacGroupName\":null,\"aadTenantId\":\"43521344-d66c-4c7e-9e30-40034eb7c6f3\",\"relatedUser\":{\"userName\":\"administrator1\",\"domainName\":\"TestServer4\"},\"comments\":[],\"evidence\":{\"entityType\":\"User\",\"sha1\":null,\"sha256\":null,\"fileName\":null,\"filePath\":null,\"processId\":null,\"processCommandLine\":null,\"processCreationTime\":null,\"parentProcessId\":null,\"parentProcessCreationTime\":null,\"ipAddress\":null,\"url\":null,\"accountName\":\"administrator1\",\"domainName\":\"TestServer4\",\"userSid\":\"S-1-5-21-46152456-1367606905-4031241297-500\",\"aadUserId\":null,\"userPrincipalName\":null}}", + "action": "Malware", + "category": [ + "host", + "malware" + ], + "created": "2020-06-30T09:32:31.4579225Z", + "duration": 892514711800, + "end": "2020-06-30T09:46:15.0876676Z", + "id": "da637291063515066999_-2102938302", "kind": "alert", + "original": "{\"id\":\"da637291063515066999_-2102938302\",\"incidentId\":12,\"investigationId\":9,\"assignedTo\":\"Automation\",\"severity\":\"Informational\",\"status\":\"Resolved\",\"classification\":null,\"determination\":null,\"investigationState\":\"Benign\",\"detectionSource\":\"WindowsDefenderAv\",\"category\":\"Malware\",\"threatFamilyName\":null,\"title\":\"'Mountsi' malware was detected\",\"description\":\"Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\\n\\nThis detection might indicate that the malware was stopped from delivering its payload. However, it is prudent to check the machine for signs of infection.\",\"alertCreationTime\":\"2020-06-30T09:32:31.4579225Z\",\"firstEventTime\":\"2020-06-30T09:31:22.5729558Z\",\"lastEventTime\":\"2020-06-30T09:46:15.0876676Z\",\"lastUpdateTime\":\"2020-06-30T11:13:12.9Z\",\"resolvedTime\":\"2020-06-30T11:13:12.2680434Z\",\"machineId\":\"t4563234bc5a964f417c11f6277d5bf9489f0d\",\"computerDnsName\":\"testserver4\",\"rbacGroupName\":null,\"aadTenantId\":\"1234543-d66c-4c7e-9e30-40034eb7c6f3\",\"relatedUser\":null,\"comments\":[],\"evidence\":{\"entityType\":\"File\",\"sha1\":\"ffb1670c6c6a9c5b4c5cea8b6b8e68d62e7ff281\",\"sha256\":\"fd46705c4f67a8ef16e76259ca6d6253241e51a1f8952223145f92aa1907d356\",\"fileName\":\"amsistream-1D89ECED25A52AB98B76FF619B7BA07A\",\"filePath\":null,\"processId\":null,\"processCommandLine\":null,\"processCreationTime\":null,\"parentProcessId\":null,\"parentProcessCreationTime\":null,\"ipAddress\":null,\"url\":null,\"accountName\":null,\"domainName\":null,\"userSid\":null,\"aadUserId\":null,\"userPrincipalName\":null}}", + "provider": "defender_endpoint", + "severity": 1, + "start": "2020-06-30T09:31:22.5729558Z", "timezone": "UTC", - "created": "2020-06-30T09:08:11.1084877Z", - "start": "2020-06-30T09:04:56.8490679Z", "type": [ - "user", - "creation", - "start" - ], - "duration": 2442699369800, - "provider": "defender_endpoint", - "action": "DefenseEvasion", - "end": "2020-06-30T09:45:39.5484377Z", - "id": "da637291048912199236_1126926584", - "category": [ - "host" + "end" ] }, - "user": { - "name": "administrator1", - "domain": "TestServer4", - "id": "S-1-5-21-46152456-1367606905-4031241297-500" - } - }, - { - "rule": { - "description": "Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\n\nThis detection might indicate that the malware was stopped from delivering its payload. However, it is prudent to check the machine for signs of infection." + "file": { + "hash": { + "sha1": "ffb1670c6c6a9c5b4c5cea8b6b8e68d62e7ff281", + "sha256": "fd46705c4f67a8ef16e76259ca6d6253241e51a1f8952223145f92aa1907d356" + }, + "name": "amsistream-1D89ECED25A52AB98B76FF619B7BA07A" + }, + "host": { + "hostname": "testserver4", + "name": "testserver4" }, "message": "'Mountsi' malware was detected", "microsoft": { "defender_endpoint": { - "investigationId": "9", + "assignedTo": "Automation", "evidence": { "entityType": "File" }, - "resolvedTime": "2020-06-30T11:13:12.2680434Z", - "investigationState": "Benign", "incidentId": "12", - "assignedTo": "Automation", - "status": "Resolved", - "lastUpdateTime": "2020-06-30T11:13:12.9Z" - } - }, - "tags": [ - "preserve_original_event" - ], - "cloud": { - "provider": "azure", - "account": { - "id": "1234543-d66c-4c7e-9e30-40034eb7c6f3" - }, - "instance": { - "id": "t4563234bc5a964f417c11f6277d5bf9489f0d" + "investigationId": "9", + "investigationState": "Benign", + "lastUpdateTime": "2020-06-30T11:13:12.9Z", + "resolvedTime": "2020-06-30T11:13:12.2680434Z", + "status": "Resolved" } }, "observer": { @@ -301,54 +329,26 @@ "product": "Defender for Endpoint", "vendor": "Microsoft" }, - "file": { - "name": "amsistream-1D89ECED25A52AB98B76FF619B7BA07A", - "hash": { - "sha1": "ffb1670c6c6a9c5b4c5cea8b6b8e68d62e7ff281", - "sha256": "fd46705c4f67a8ef16e76259ca6d6253241e51a1f8952223145f92aa1907d356" - } - }, - "ecs": { - "version": "8.2.0" - }, "related": { - "hosts": [ - "testserver4" - ], "hash": [ "ffb1670c6c6a9c5b4c5cea8b6b8e68d62e7ff281", "fd46705c4f67a8ef16e76259ca6d6253241e51a1f8952223145f92aa1907d356" + ], + "hosts": [ + "testserver4" ] }, - "host": { - "name": "testserver4", - "hostname": "testserver4" + "rule": { + "description": "Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\n\nThis detection might indicate that the malware was stopped from delivering its payload. However, it is prudent to check the machine for signs of infection." }, + "tags": [ + "preserve_original_event" + ], "threat": { + "framework": "MITRE ATT\u0026CK", "technique": { "name": "Malware" - }, - "framework": "MITRE ATT\u0026CK" - }, - "event": { - "severity": 1, - "original": "{\"id\":\"da637291063515066999_-2102938302\",\"incidentId\":12,\"investigationId\":9,\"assignedTo\":\"Automation\",\"severity\":\"Informational\",\"status\":\"Resolved\",\"classification\":null,\"determination\":null,\"investigationState\":\"Benign\",\"detectionSource\":\"WindowsDefenderAv\",\"category\":\"Malware\",\"threatFamilyName\":null,\"title\":\"'Mountsi' malware was detected\",\"description\":\"Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\\n\\nThis detection might indicate that the malware was stopped from delivering its payload. However, it is prudent to check the machine for signs of infection.\",\"alertCreationTime\":\"2020-06-30T09:32:31.4579225Z\",\"firstEventTime\":\"2020-06-30T09:31:22.5729558Z\",\"lastEventTime\":\"2020-06-30T09:46:15.0876676Z\",\"lastUpdateTime\":\"2020-06-30T11:13:12.9Z\",\"resolvedTime\":\"2020-06-30T11:13:12.2680434Z\",\"machineId\":\"t4563234bc5a964f417c11f6277d5bf9489f0d\",\"computerDnsName\":\"testserver4\",\"rbacGroupName\":null,\"aadTenantId\":\"1234543-d66c-4c7e-9e30-40034eb7c6f3\",\"relatedUser\":null,\"comments\":[],\"evidence\":{\"entityType\":\"File\",\"sha1\":\"ffb1670c6c6a9c5b4c5cea8b6b8e68d62e7ff281\",\"sha256\":\"fd46705c4f67a8ef16e76259ca6d6253241e51a1f8952223145f92aa1907d356\",\"fileName\":\"amsistream-1D89ECED25A52AB98B76FF619B7BA07A\",\"filePath\":null,\"processId\":null,\"processCommandLine\":null,\"processCreationTime\":null,\"parentProcessId\":null,\"parentProcessCreationTime\":null,\"ipAddress\":null,\"url\":null,\"accountName\":null,\"domainName\":null,\"userSid\":null,\"aadUserId\":null,\"userPrincipalName\":null}}", - "kind": "alert", - "timezone": "UTC", - "created": "2020-06-30T09:32:31.4579225Z", - "start": "2020-06-30T09:31:22.5729558Z", - "type": [ - "end" - ], - "duration": 892514711800, - "provider": "defender_endpoint", - "action": "Malware", - "end": "2020-06-30T09:46:15.0876676Z", - "id": "da637291063515066999_-2102938302", - "category": [ - "host", - "malware" - ] + } } } ] diff --git a/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml index ae0dff63fc9..acd4b363a26 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Microsoft Defender for Endpoint logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json index 6bc9e99103b..e92e5667137 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json @@ -22,7 +22,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/microsoft_defender_endpoint/docs/README.md b/packages/microsoft_defender_endpoint/docs/README.md index deff335cdc9..2a42367291a 100644 --- a/packages/microsoft_defender_endpoint/docs/README.md +++ b/packages/microsoft_defender_endpoint/docs/README.md @@ -70,7 +70,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index 7613fb46282..632208571ff 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint -version: 2.2.1 +version: "2.3.0" description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - "network" diff --git a/packages/microsoft_dhcp/_dev/build/build.yml b/packages/microsoft_dhcp/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/microsoft_dhcp/_dev/build/build.yml +++ b/packages/microsoft_dhcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/microsoft_dhcp/changelog.yml b/packages/microsoft_dhcp/changelog.yml index 0dc3997b958..486ae2d9f9c 100644 --- a/packages/microsoft_dhcp/changelog.yml +++ b/packages/microsoft_dhcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.4.2" changes: - description: Change event.type value from end to stop according to ECS diff --git a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index 66929c6719d..ef38dbb6ebe 100644 --- a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-04-19T13:11:13.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "log-end", @@ -32,7 +32,7 @@ { "@timestamp": "2020-04-19T12:43:06.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "log-start", @@ -61,7 +61,7 @@ { "@timestamp": "2021-09-20T09:16:15.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-dns-update", @@ -101,7 +101,7 @@ { "@timestamp": "2021-09-20T09:16:09.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-dns-update", @@ -141,7 +141,7 @@ { "@timestamp": "2021-09-20T09:16:03.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-dns-update", @@ -181,7 +181,7 @@ { "@timestamp": "2021-09-20T09:18:01.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -223,7 +223,7 @@ { "@timestamp": "2021-09-20T09:18:00.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-dns-update", @@ -263,7 +263,7 @@ { "@timestamp": "2021-09-20T09:18:01.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-dns-update", @@ -303,7 +303,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-dns-update", @@ -340,7 +340,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-new", @@ -383,7 +383,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-new", @@ -431,7 +431,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ip-cleanup-start", @@ -467,7 +467,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-dns-update", @@ -507,7 +507,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcp-expire", @@ -545,7 +545,7 @@ { "@timestamp": "2020-04-19T12:43:54.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-server-detection", @@ -579,7 +579,7 @@ { "@timestamp": "2020-04-19T12:43:21.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-server-detection", @@ -612,7 +612,7 @@ { "@timestamp": "2020-04-19T12:43:28.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rogue-server-detection", diff --git a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json index b2f187c338e..4d3e141f169 100644 --- a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json +++ b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-04T18:24:36.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "log-start", @@ -32,7 +32,7 @@ { "@timestamp": "2021-11-04T18:24:36.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "1103", @@ -54,7 +54,7 @@ { "@timestamp": "2021-11-04T18:40:37.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "log-stop", @@ -83,7 +83,7 @@ { "@timestamp": "2021-12-06T12:25:21.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "log-start", @@ -112,7 +112,7 @@ { "@timestamp": "2021-12-06T12:25:21.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "1103", @@ -137,7 +137,7 @@ { "@timestamp": "2021-12-06T12:43:57.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpv6-solicit", @@ -179,7 +179,7 @@ { "@timestamp": "2021-12-06T12:43:57.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpv6-request", @@ -221,7 +221,7 @@ { "@timestamp": "2021-12-06T12:45:48.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpv6-solicit", @@ -263,7 +263,7 @@ { "@timestamp": "2021-12-06T12:45:49.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpv6-request", @@ -305,7 +305,7 @@ { "@timestamp": "2021-12-06T12:45:59.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpv6-solicit", @@ -347,7 +347,7 @@ { "@timestamp": "2021-12-06T12:46:00.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpv6-request", @@ -389,7 +389,7 @@ { "@timestamp": "2021-12-06T12:46:25.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpv6-solicit", @@ -431,7 +431,7 @@ { "@timestamp": "2021-12-06T12:46:26.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpv6-request", @@ -473,7 +473,7 @@ { "@timestamp": "2021-12-06T13:25:21.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "dhcpv6-stateless-clients-pruged", diff --git a/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 5f2a5b4cad9..8321cfdcccb 100644 --- a/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Microsoft DHCP Server logs. processors: - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: event diff --git a/packages/microsoft_dhcp/manifest.yml b/packages/microsoft_dhcp/manifest.yml index f06c54ee055..b762f13be7c 100644 --- a/packages/microsoft_dhcp/manifest.yml +++ b/packages/microsoft_dhcp/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_dhcp title: Microsoft DHCP -version: "1.4.2" +version: "1.5.0" license: basic description: Collect logs from Microsoft DHCP with Elastic Agent. type: integration diff --git a/packages/microsoft_sqlserver/_dev/build/build.yml b/packages/microsoft_sqlserver/_dev/build/build.yml index 8b2cea32aa1..5661d603a89 100644 --- a/packages/microsoft_sqlserver/_dev/build/build.yml +++ b/packages/microsoft_sqlserver/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.1 + reference: git@v8.3.0 diff --git a/packages/microsoft_sqlserver/changelog.yml b/packages/microsoft_sqlserver/changelog.yml index 11f354c2672..a4013dce7c2 100644 --- a/packages/microsoft_sqlserver/changelog.yml +++ b/packages/microsoft_sqlserver/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.1.1" changes: - description: Added transaction log datastream diff --git a/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json b/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json index 7072aac33b9..281f1035504 100644 --- a/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b53be7b1-9e86-49b0-ad0b-1464bceabc65", @@ -149,7 +149,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "8b2d19ad-2ecf-40d9-ad3b-746991df9989", @@ -283,7 +283,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df0dd5ff-cce7-4861-b49f-fd70f0b207b6", @@ -414,7 +414,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "df0dd5ff-cce7-4861-b49f-fd70f0b207b6", diff --git a/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 1c21df6a8a3..19e66c7b4d6 100644 --- a/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing SQL Server audit logs processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 - gsub: description: Strip final dot from param1. field: winlog.event_data.param1 diff --git a/packages/microsoft_sqlserver/manifest.yml b/packages/microsoft_sqlserver/manifest.yml index e42fcbb2d61..01d55c102ac 100644 --- a/packages/microsoft_sqlserver/manifest.yml +++ b/packages/microsoft_sqlserver/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_sqlserver title: "Microsoft SQL Server" -version: 1.1.1 +version: "1.2.0" license: basic description: Collect events from Microsoft SQL Server with Elastic Agent type: integration diff --git a/packages/mimecast/_dev/build/build.yml b/packages/mimecast/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/mimecast/_dev/build/build.yml +++ b/packages/mimecast/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml index 4b785f46f91..417e4dbcd32 100644 --- a/packages/mimecast/changelog.yml +++ b/packages/mimecast/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.0" changes: - description: Make ga with zip support for SIEM events. diff --git a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json index dadd194e37d..c7c3f4ffcf9 100644 --- a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json +++ b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json @@ -18,7 +18,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "threat-intel-feed-download", @@ -71,7 +71,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "threat-intel-feed-download", @@ -124,7 +124,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user-logged-on", @@ -175,7 +175,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logon-requires-challenge", @@ -226,7 +226,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user-logged-on", @@ -276,7 +276,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "mimecast-support-login", @@ -325,7 +325,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "mimecast-support-login", @@ -374,7 +374,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -437,7 +437,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "search-action", @@ -486,7 +486,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logon-authentication-failed", @@ -523,7 +523,7 @@ { "@timestamp": "2021-10-11T13:21:06.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "completed-directory-sync", @@ -564,7 +564,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "case-action", @@ -613,7 +613,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logon-authentication-failed", @@ -664,7 +664,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "existing-archive-task-changed", @@ -713,7 +713,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connectors-management", @@ -762,7 +762,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "page-data-exports", @@ -816,7 +816,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "custom-report-definition-created", @@ -865,7 +865,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "folder-log-entry", @@ -896,7 +896,7 @@ { "@timestamp": "2021-10-12T19:56:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user-password-changed", @@ -940,7 +940,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "remediation-incident-adjustment", @@ -989,7 +989,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "archive-mailbox-restore", @@ -1038,7 +1038,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "archive-mailbox-restore", @@ -1087,7 +1087,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "archive-mailbox-export-download", @@ -1136,7 +1136,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "review-set-action", @@ -1185,7 +1185,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "remediation-incident-adjustment", @@ -1234,7 +1234,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logon-authentication-failed", @@ -1284,7 +1284,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logon-authentication-failed", @@ -1335,7 +1335,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logon-authentication-failed", @@ -1370,9 +1370,6 @@ }, { "@timestamp": "2021-10-11T16:03:38.000Z", - "ecs": { - "version": "8.2.0" - }, "client": { "as": { "number": 35908 @@ -1388,6 +1385,9 @@ }, "ip": "67.43.156.15" }, + "ecs": { + "version": "8.3.0" + }, "event": { "action": "user-logged-on", "id": "eNqrVipOTS4tSs1MUbJS8o0ILw8pL_cyqQosLi-MzKjKcvMzCwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkYmZorKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAIqvLHI", @@ -1400,12 +1400,12 @@ "remote_ip": "67.43.156.15" }, "related": { + "ip": [ + "67.43.156.15" + ], "user": [ "johndoe", "johndoe@example.com" - ], - "ip": [ - "67.43.156.15" ] }, "tags": [ @@ -1435,7 +1435,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logon-authentication-failed", @@ -1486,7 +1486,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logon-authentication-failed", diff --git a/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml index 5f5982661ef..bb1c21b82ff 100644 --- a/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/audit_events/sample_event.json b/packages/mimecast/data_stream/audit_events/sample_event.json index 8cb763e52da..816893e1718 100644 --- a/packages/mimecast/data_stream/audit_events/sample_event.json +++ b/packages/mimecast/data_stream/audit_events/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json b/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json index 787609cbfc1..51ee3735f4d 100644 --- a/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json +++ b/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-15T20:41:25.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -35,7 +35,7 @@ { "@timestamp": "2021-10-15T20:41:25.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -67,7 +67,7 @@ { "@timestamp": "2021-10-15T20:41:22.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -99,7 +99,7 @@ { "@timestamp": "2021-10-15T20:41:22.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -131,7 +131,7 @@ { "@timestamp": "2021-10-15T20:41:21.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -163,7 +163,7 @@ { "@timestamp": "2021-10-15T20:41:21.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -195,7 +195,7 @@ { "@timestamp": "2021-10-15T20:41:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -227,7 +227,7 @@ { "@timestamp": "2021-10-15T20:41:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -259,7 +259,7 @@ { "@timestamp": "2021-10-15T20:41:17.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -291,7 +291,7 @@ { "@timestamp": "2021-10-15T20:41:17.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml index df5a832b743..6775ef7e177 100644 --- a/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/dlp_logs/sample_event.json b/packages/mimecast/data_stream/dlp_logs/sample_event.json index 34736d28698..44315f9d724 100644 --- a/packages/mimecast/data_stream/dlp_logs/sample_event.json +++ b/packages/mimecast/data_stream/dlp_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json b/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json index 9d423f08b55..b14e0cb5fc1 100644 --- a/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json +++ b/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-18T08:02:43.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -40,7 +40,7 @@ { "@timestamp": "2021-10-19T06:06:40.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -105,7 +105,7 @@ { "@timestamp": "2021-10-19T06:04:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -141,7 +141,7 @@ { "@timestamp": "2021-10-19T06:04:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -200,7 +200,7 @@ { "@timestamp": "2021-11-08T12:09:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "internal", @@ -232,7 +232,7 @@ { "@timestamp": "2021-11-08T12:10:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "internal", @@ -280,7 +280,7 @@ { "@timestamp": "2021-11-29T15:13:58.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml index 9b860e7dc2f..21c68a60242 100644 --- a/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/siem_logs/sample_event.json b/packages/mimecast/data_stream/siem_logs/sample_event.json index d901e458517..62516ab4795 100644 --- a/packages/mimecast/data_stream/siem_logs/sample_event.json +++ b/packages/mimecast/data_stream/siem_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json b/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json index ae47ba602f8..2532e47db69 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json @@ -4,7 +4,7 @@ { "@timestamp": "2021-10-29T15:07:26.653Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -48,7 +48,7 @@ { "@timestamp": "2021-10-29T15:07:22.595Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -92,7 +92,7 @@ { "@timestamp": "2021-10-29T15:07:17.538Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -136,7 +136,7 @@ { "@timestamp": "2021-10-29T15:07:14.044Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -180,7 +180,7 @@ { "@timestamp": "2021-10-29T15:07:07.295Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -224,7 +224,7 @@ { "@timestamp": "2021-10-29T15:07:00.555Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -268,7 +268,7 @@ { "@timestamp": "2021-10-29T15:07:00.259Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml index cfe9e348199..92f5ae8376f 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: enrichment diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json b/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json index 796de4adfd4..34c234158ad 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json b/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json index 0074d4de4fe..f62a743f632 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json @@ -4,7 +4,7 @@ { "@timestamp": "2021-10-29T15:07:26.653Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -48,7 +48,7 @@ { "@timestamp": "2021-10-29T15:07:22.595Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -92,7 +92,7 @@ { "@timestamp": "2021-10-29T15:07:17.538Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -136,7 +136,7 @@ { "@timestamp": "2021-10-29T15:07:14.044Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -180,7 +180,7 @@ { "@timestamp": "2021-10-29T15:07:07.295Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -224,7 +224,7 @@ { "@timestamp": "2021-10-29T15:07:00.555Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -268,7 +268,7 @@ { "@timestamp": "2021-10-29T15:07:00.259Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml index 470f6aab32b..2be785bf31d 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: enrichment diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json b/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json index 124245172dc..e9efe8fd581 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json b/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json index 7826ba1046d..238202dabf2 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-14T18:54:32.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -54,7 +54,7 @@ { "@timestamp": "2021-10-14T11:24:23.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { @@ -105,7 +105,7 @@ { "@timestamp": "2021-10-14T11:24:23.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": { diff --git a/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml index 0e3a8902ab3..f610e4fb41a 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json b/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json index d1f24d3fa32..64cb20cf8f3 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json +++ b/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json b/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json index 886fa35fd3e..809812f105c 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-15T17:10:46.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -59,7 +59,7 @@ { "@timestamp": "2021-10-15T06:16:34.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -115,7 +115,7 @@ { "@timestamp": "2021-10-13T16:12:07.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { diff --git a/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml index 63eb1c2720e..8031ef466ec 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json b/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json index 0e2be3fbdf4..4264ac9cb6b 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json +++ b/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json b/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json index 69841dab1e9..c63a7914cdc 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-16T14:45:34.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -66,7 +66,7 @@ { "@timestamp": "2021-10-16T14:07:38.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", @@ -129,7 +129,7 @@ { "@timestamp": "2021-10-16T13:31:56.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml index b0e2a979de4..0a85a80fda4 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_url_logs/sample_event.json b/packages/mimecast/data_stream/ttp_url_logs/sample_event.json index 69197d55c83..531576ef785 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/sample_event.json +++ b/packages/mimecast/data_stream/ttp_url_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/docs/README.md b/packages/mimecast/docs/README.md index e94957b0281..b72fd3ffcd2 100644 --- a/packages/mimecast/docs/README.md +++ b/packages/mimecast/docs/README.md @@ -41,7 +41,7 @@ An example event for `audit_events` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -193,7 +193,7 @@ An example event for `dlp` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -318,7 +318,7 @@ An example event for `siem` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -518,7 +518,7 @@ An example event for `threat_intel_malware_customer` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -670,7 +670,7 @@ An example event for `threat_intel_malware_grid` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -825,7 +825,7 @@ An example event for `ttp_ap` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -986,7 +986,7 @@ An example event for `ttp_ip` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -1160,7 +1160,7 @@ An example event for `ttp_url` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/manifest.yml b/packages/mimecast/manifest.yml index 8cce9b1e1e0..10604f564db 100644 --- a/packages/mimecast/manifest.yml +++ b/packages/mimecast/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mimecast title: "Mimecast" -version: 1.0.0 +version: "1.1.0" license: basic description: "Collect logs from the Mimecast API with Elastic Agent." type: integration diff --git a/packages/modsecurity/_dev/build/build.yml b/packages/modsecurity/_dev/build/build.yml index 08d85edcf9a..5661d603a89 100644 --- a/packages/modsecurity/_dev/build/build.yml +++ b/packages/modsecurity/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@v8.3.0 diff --git a/packages/modsecurity/changelog.yml b/packages/modsecurity/changelog.yml index 1873cac5797..25f3bb2081c 100644 --- a/packages/modsecurity/changelog.yml +++ b/packages/modsecurity/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json b/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json index b52c2bcceaa..1feff1ce3c5 100644 --- a/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json @@ -1,6 +1,32 @@ { "expected": [ { + "@timestamp": "2021-05-14T14:52:47.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "category": [ + "web" + ], + "ingested": "2022-06-28T17:53:16.076349087Z", + "kind": "event", + "original": "{\"transaction\":{\"client_ip\":\"67.43.156.14\",\"time_stamp\":\"Fri May 14 14:52:47 2021\",\"server_id\":\"c06217c4ac0d6f8892d2489cd5d92aaceec2508e\",\"client_port\":44464,\"host_ip\":\"67.43.156.14\",\"host_port\":443,\"id\":\"162100396753.595789\",\"request\":{\"method\":\"GET\",\"http_version\":1.1,\"uri\":\"/owa/\",\"headers\":{\"Host\":\"34.87.56.16\",\"User-Agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36\",\"Accept\":\"*/*\",\"Accept-Encoding\":\"gzip\"}},\"response\":{\"http_code\":404,\"headers\":{\"Strict-Transport-Security\":\"max-age=31536000; includeSubDomains\",\"X-Runtime\":\"0.003894\",\"X-Powered-By\":\"Phusion Passenger 6.0.2\",\"Connection\":\"keep-alive\",\"Content-Encoding\":\"gzip\",\"Vary\":\"Origin\",\"Status\":\"404 Not Found\",\"X-Request-Id\":\"435c78d3-c122-4dee-8ca5-101397fab368\",\"Server\":\"nginx/1.14.0\",\"Content-Type\":\"text/html; charset=utf-8\",\"Date\":\"Fri, 14 May 2021 14:52:47 GMT\",\"Via\":\"1.1 google\"}},\"producer\":{\"modsecurity\":\"ModSecurity v3.0.2 (Linux)\",\"connector\":\"ModSecurity-nginx v0.1.1-beta\",\"secrules_engine\":\"Enabled\",\"components\":[\"OWASP_CRS/3.0.2\\\"\"]},\"messages\":[{\"message\":\"Host header is a numeric IP address\",\"details\":{\"match\":\"Matched \\\"Operator `Rx' with parameter `^[\\\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )\",\"reference\":\"o0,11v25,11\",\"ruleId\":\"920350\",\"file\":\"/etc/nginx/modsec/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\",\"lineNumber\":\"733\",\"data\":\"34.87.56.16\",\"severity\":\"4\",\"ver\":\"OWASP_CRS/3.0.0\",\"rev\":\"2\",\"tags\":[\"application-multi\",\"language-multi\",\"platform-multi\",\"attack-protocol\",\"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\",\"WASCTC/WASC-21\",\"OWASP_TOP_10/A7\",\"PCI/6.5.10\"],\"maturity\":\"9\",\"accuracy\":\"9\"}}]}}", + "type": [ + "access" + ] + }, + "http": { + "request": { + "method": "GET" + }, + "response": { + "mime_type": "text/html; charset=utf-8", + "status_code": 404 + }, + "version": "1.1" + }, + "message": "Host header is a numeric IP address", "modsec": { "audit": { "detail": "Matched \"Operator `Rx' with parameter `^[\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )" @@ -10,256 +36,230 @@ "id": "920350" }, "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 44464, - "ip": "67.43.156.14" - }, - "message": "Host header is a numeric IP address", - "url": { - "path": "/owa/", - "original": "https://34.87.56.16:443/owa/", - "scheme": "https", - "port": 443, - "domain": "34.87.56.16" + "ip": "67.43.156.14", + "port": 44464 }, "tags": [ "preserve_original_event" ], - "@timestamp": "2021-05-14T14:52:47.000Z", - "ecs": { - "version": "1.12.0" - }, - "http": { - "request": { - "method": "GET" - }, - "version": "1.1", - "response": { - "mime_type": "text/html; charset=utf-8", - "status_code": 404 - } - }, - "event": { - "ingested": "2021-12-14T14:48:26.828825059Z", - "original": "{\"transaction\":{\"client_ip\":\"67.43.156.14\",\"time_stamp\":\"Fri May 14 14:52:47 2021\",\"server_id\":\"c06217c4ac0d6f8892d2489cd5d92aaceec2508e\",\"client_port\":44464,\"host_ip\":\"67.43.156.14\",\"host_port\":443,\"id\":\"162100396753.595789\",\"request\":{\"method\":\"GET\",\"http_version\":1.1,\"uri\":\"/owa/\",\"headers\":{\"Host\":\"34.87.56.16\",\"User-Agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36\",\"Accept\":\"*/*\",\"Accept-Encoding\":\"gzip\"}},\"response\":{\"http_code\":404,\"headers\":{\"Strict-Transport-Security\":\"max-age=31536000; includeSubDomains\",\"X-Runtime\":\"0.003894\",\"X-Powered-By\":\"Phusion Passenger 6.0.2\",\"Connection\":\"keep-alive\",\"Content-Encoding\":\"gzip\",\"Vary\":\"Origin\",\"Status\":\"404 Not Found\",\"X-Request-Id\":\"435c78d3-c122-4dee-8ca5-101397fab368\",\"Server\":\"nginx/1.14.0\",\"Content-Type\":\"text/html; charset=utf-8\",\"Date\":\"Fri, 14 May 2021 14:52:47 GMT\",\"Via\":\"1.1 google\"}},\"producer\":{\"modsecurity\":\"ModSecurity v3.0.2 (Linux)\",\"connector\":\"ModSecurity-nginx v0.1.1-beta\",\"secrules_engine\":\"Enabled\",\"components\":[\"OWASP_CRS/3.0.2\\\"\"]},\"messages\":[{\"message\":\"Host header is a numeric IP address\",\"details\":{\"match\":\"Matched \\\"Operator `Rx' with parameter `^[\\\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )\",\"reference\":\"o0,11v25,11\",\"ruleId\":\"920350\",\"file\":\"/etc/nginx/modsec/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\",\"lineNumber\":\"733\",\"data\":\"34.87.56.16\",\"severity\":\"4\",\"ver\":\"OWASP_CRS/3.0.0\",\"rev\":\"2\",\"tags\":[\"application-multi\",\"language-multi\",\"platform-multi\",\"attack-protocol\",\"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\",\"WASCTC/WASC-21\",\"OWASP_TOP_10/A7\",\"PCI/6.5.10\"],\"maturity\":\"9\",\"accuracy\":\"9\"}}]}}", - "category": [ - "web" - ], - "type": [ - "access" - ], - "kind": "event" + "url": { + "domain": "34.87.56.16", + "original": "https://34.87.56.16:443/owa/", + "path": "/owa/", + "port": 443, + "scheme": "https" }, "user_agent": { + "device": { + "name": "Other" + }, "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36", "os": { + "full": "Windows 10", "name": "Windows", - "version": "10", - "full": "Windows 10" - }, - "device": { - "name": "Other" + "version": "10" }, "version": "60.0.3112.113" } }, { "@timestamp": "2021-05-14T15:11:52.000Z", - "modsec": { - "audit": { - "detail": "Matched \"Operator `Rx' with parameter `^[\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )" - } - }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, - "rule": { - "id": "920350" + "event": { + "category": [ + "web" + ], + "ingested": "2022-06-28T17:53:16.076351795Z", + "kind": "event", + "original": "{\"transaction\":{\"client_ip\":\"67.43.156.15\",\"time_stamp\":\"Fri May 14 15:11:52 2021\",\"server_id\":\"c06217c4ac0d6f8892d2489cd5d92aaceec2508e\",\"client_port\":40742,\"host_ip\":\"67.43.156.15\",\"host_port\":443,\"id\":\"162100511255.595254\",\"request\":{\"method\":\"GET\",\"http_version\":1.1,\"uri\":\"/\",\"headers\":{\"Host\":\"34.87.56.16\",\"Connection\":\"close\"}},\"response\":{\"http_code\":200,\"headers\":{\"Vary\":\"Accept-Encoding, Origin\",\"X-XSS-Protection\":\"1; mode=block\",\"Set-Cookie\":\"_pmcapi_session=c94b2c408d9b56b91e00877fb6c21fca; path=/; HttpOnly\",\"X-Permitted-Cross-Domain-Policies\":\"none\",\"Cache-Control\":\"max-age=0, private, must-revalidate\",\"ETag\":\"W/\\\"dda3a9b33849ca9d88844c0331e9b98f\\\"\",\"Strict-Transport-Security\":\"max-age=31536000; includeSubDomains\",\"Status\":\"200 OK\",\"Connection\":\"close\",\"X-Powered-By\":\"Phusion Passenger 6.0.2\",\"Content-Type\":\"text/html; charset=utf-8\",\"Content-Length\":\"12475\",\"Date\":\"Fri, 14 May 2021 15:11:52 GMT\",\"Server\":\"nginx/1.14.0\",\"X-Request-Id\":\"63b9e1d0-481f-43b5-9ca3-e1606c48c338\",\"X-Download-Options\":\"noopen\",\"X-Runtime\":\"0.028032\",\"X-Content-Type-Options\":\"nosniff\",\"X-Frame-Options\":\"SAMEORIGIN\",\"Via\":\"1.1 google\"}},\"producer\":{\"modsecurity\":\"ModSecurity v3.0.2 (Linux)\",\"connector\":\"ModSecurity-nginx v0.1.1-beta\",\"secrules_engine\":\"Enabled\",\"components\":[\"OWASP_CRS/3.0.2\\\"\"]},\"messages\":[{\"message\":\"Host header is a numeric IP address\",\"details\":{\"match\":\"Matched \\\"Operator `Rx' with parameter `^[\\\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )\",\"reference\":\"o0,11v21,11\",\"ruleId\":\"920350\",\"file\":\"/etc/nginx/modsec/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\",\"lineNumber\":\"733\",\"data\":\"34.87.56.16\",\"severity\":\"4\",\"ver\":\"OWASP_CRS/3.0.0\",\"rev\":\"2\",\"tags\":[\"application-multi\",\"language-multi\",\"platform-multi\",\"attack-protocol\",\"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\",\"WASCTC/WASC-21\",\"OWASP_TOP_10/A7\",\"PCI/6.5.10\"],\"maturity\":\"9\",\"accuracy\":\"9\"}}]}}", + "type": [ + "access" + ] }, "http": { "request": { "method": "GET" }, - "version": "1.1", "response": { "mime_type": "text/html; charset=utf-8", "status_code": 200 + }, + "version": "1.1" + }, + "message": "Host header is a numeric IP address", + "modsec": { + "audit": { + "detail": "Matched \"Operator `Rx' with parameter `^[\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )" } }, + "rule": { + "id": "920350" + }, "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 40742, - "ip": "67.43.156.15" - }, - "message": "Host header is a numeric IP address", - "event": { - "ingested": "2021-12-14T14:48:26.828827545Z", - "original": "{\"transaction\":{\"client_ip\":\"67.43.156.15\",\"time_stamp\":\"Fri May 14 15:11:52 2021\",\"server_id\":\"c06217c4ac0d6f8892d2489cd5d92aaceec2508e\",\"client_port\":40742,\"host_ip\":\"67.43.156.15\",\"host_port\":443,\"id\":\"162100511255.595254\",\"request\":{\"method\":\"GET\",\"http_version\":1.1,\"uri\":\"/\",\"headers\":{\"Host\":\"34.87.56.16\",\"Connection\":\"close\"}},\"response\":{\"http_code\":200,\"headers\":{\"Vary\":\"Accept-Encoding, Origin\",\"X-XSS-Protection\":\"1; mode=block\",\"Set-Cookie\":\"_pmcapi_session=c94b2c408d9b56b91e00877fb6c21fca; path=/; HttpOnly\",\"X-Permitted-Cross-Domain-Policies\":\"none\",\"Cache-Control\":\"max-age=0, private, must-revalidate\",\"ETag\":\"W/\\\"dda3a9b33849ca9d88844c0331e9b98f\\\"\",\"Strict-Transport-Security\":\"max-age=31536000; includeSubDomains\",\"Status\":\"200 OK\",\"Connection\":\"close\",\"X-Powered-By\":\"Phusion Passenger 6.0.2\",\"Content-Type\":\"text/html; charset=utf-8\",\"Content-Length\":\"12475\",\"Date\":\"Fri, 14 May 2021 15:11:52 GMT\",\"Server\":\"nginx/1.14.0\",\"X-Request-Id\":\"63b9e1d0-481f-43b5-9ca3-e1606c48c338\",\"X-Download-Options\":\"noopen\",\"X-Runtime\":\"0.028032\",\"X-Content-Type-Options\":\"nosniff\",\"X-Frame-Options\":\"SAMEORIGIN\",\"Via\":\"1.1 google\"}},\"producer\":{\"modsecurity\":\"ModSecurity v3.0.2 (Linux)\",\"connector\":\"ModSecurity-nginx v0.1.1-beta\",\"secrules_engine\":\"Enabled\",\"components\":[\"OWASP_CRS/3.0.2\\\"\"]},\"messages\":[{\"message\":\"Host header is a numeric IP address\",\"details\":{\"match\":\"Matched \\\"Operator `Rx' with parameter `^[\\\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )\",\"reference\":\"o0,11v21,11\",\"ruleId\":\"920350\",\"file\":\"/etc/nginx/modsec/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\",\"lineNumber\":\"733\",\"data\":\"34.87.56.16\",\"severity\":\"4\",\"ver\":\"OWASP_CRS/3.0.0\",\"rev\":\"2\",\"tags\":[\"application-multi\",\"language-multi\",\"platform-multi\",\"attack-protocol\",\"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\",\"WASCTC/WASC-21\",\"OWASP_TOP_10/A7\",\"PCI/6.5.10\"],\"maturity\":\"9\",\"accuracy\":\"9\"}}]}}", - "category": [ - "web" - ], - "type": [ - "access" - ], - "kind": "event" + "ip": "67.43.156.15", + "port": 40742 }, + "tags": [ + "preserve_original_event" + ], "url": { - "path": "/", + "domain": "34.87.56.16", "original": "https://34.87.56.16:443/", - "scheme": "https", + "path": "/", "port": 443, - "domain": "34.87.56.16" - }, - "tags": [ - "preserve_original_event" - ] + "scheme": "https" + } }, { "@timestamp": "2021-05-14T15:12:01.000Z", - "modsec": { - "audit": { - "detail": "Matched \"Operator `Rx' with parameter `^[\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )" - } - }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, - "rule": { - "id": "920350" + "event": { + "category": [ + "web" + ], + "ingested": "2022-06-28T17:53:16.076352128Z", + "kind": "event", + "original": "{\"transaction\":{\"client_ip\":\"67.43.156.15\",\"time_stamp\":\"Fri May 14 15:12:01 2021\",\"server_id\":\"c06217c4ac0d6f8892d2489cd5d92aaceec2508e\",\"client_port\":44460,\"host_ip\":\"67.43.156.15\",\"host_port\":443,\"id\":\"162100512158.550855\",\"request\":{\"method\":\"GET\",\"http_version\":1.1,\"uri\":\"/\",\"headers\":{\"Host\":\"34.87.56.16\",\"Connection\":\"close\"}},\"response\":{\"http_code\":200,\"headers\":{\"Vary\":\"Accept-Encoding, Origin\",\"X-XSS-Protection\":\"1; mode=block\",\"Set-Cookie\":\"_pmcapi_session=db4a0ad600d22d8015c49062844b3ac9; path=/; HttpOnly\",\"X-Permitted-Cross-Domain-Policies\":\"none\",\"Cache-Control\":\"max-age=0, private, must-revalidate\",\"ETag\":\"W/\\\"4b55096b2de9c691c0e0f67a496dc7d9\\\"\",\"Strict-Transport-Security\":\"max-age=31536000; includeSubDomains\",\"Status\":\"200 OK\",\"Connection\":\"close\",\"X-Powered-By\":\"Phusion Passenger 6.0.2\",\"Content-Type\":\"text/html; charset=utf-8\",\"Content-Length\":\"12475\",\"Date\":\"Fri, 14 May 2021 15:12:01 GMT\",\"Server\":\"nginx/1.14.0\",\"X-Request-Id\":\"b7220068-a82e-4535-be4c-a087fe3901ed\",\"X-Download-Options\":\"noopen\",\"X-Runtime\":\"0.029745\",\"X-Content-Type-Options\":\"nosniff\",\"X-Frame-Options\":\"SAMEORIGIN\",\"Via\":\"1.1 google\"}},\"producer\":{\"modsecurity\":\"ModSecurity v3.0.2 (Linux)\",\"connector\":\"ModSecurity-nginx v0.1.1-beta\",\"secrules_engine\":\"Enabled\",\"components\":[\"OWASP_CRS/3.0.2\\\"\"]},\"messages\":[{\"message\":\"Host header is a numeric IP address\",\"details\":{\"match\":\"Matched \\\"Operator `Rx' with parameter `^[\\\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )\",\"reference\":\"o0,11v21,11\",\"ruleId\":\"920350\",\"file\":\"/etc/nginx/modsec/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\",\"lineNumber\":\"733\",\"data\":\"34.87.56.16\",\"severity\":\"4\",\"ver\":\"OWASP_CRS/3.0.0\",\"rev\":\"2\",\"tags\":[\"application-multi\",\"language-multi\",\"platform-multi\",\"attack-protocol\",\"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\",\"WASCTC/WASC-21\",\"OWASP_TOP_10/A7\",\"PCI/6.5.10\"],\"maturity\":\"9\",\"accuracy\":\"9\"}}]}}", + "type": [ + "access" + ] }, "http": { "request": { "method": "GET" }, - "version": "1.1", "response": { "mime_type": "text/html; charset=utf-8", "status_code": 200 + }, + "version": "1.1" + }, + "message": "Host header is a numeric IP address", + "modsec": { + "audit": { + "detail": "Matched \"Operator `Rx' with parameter `^[\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )" } }, + "rule": { + "id": "920350" + }, "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 44460, - "ip": "67.43.156.15" - }, - "message": "Host header is a numeric IP address", - "event": { - "ingested": "2021-12-14T14:48:26.828828014Z", - "original": "{\"transaction\":{\"client_ip\":\"67.43.156.15\",\"time_stamp\":\"Fri May 14 15:12:01 2021\",\"server_id\":\"c06217c4ac0d6f8892d2489cd5d92aaceec2508e\",\"client_port\":44460,\"host_ip\":\"67.43.156.15\",\"host_port\":443,\"id\":\"162100512158.550855\",\"request\":{\"method\":\"GET\",\"http_version\":1.1,\"uri\":\"/\",\"headers\":{\"Host\":\"34.87.56.16\",\"Connection\":\"close\"}},\"response\":{\"http_code\":200,\"headers\":{\"Vary\":\"Accept-Encoding, Origin\",\"X-XSS-Protection\":\"1; mode=block\",\"Set-Cookie\":\"_pmcapi_session=db4a0ad600d22d8015c49062844b3ac9; path=/; HttpOnly\",\"X-Permitted-Cross-Domain-Policies\":\"none\",\"Cache-Control\":\"max-age=0, private, must-revalidate\",\"ETag\":\"W/\\\"4b55096b2de9c691c0e0f67a496dc7d9\\\"\",\"Strict-Transport-Security\":\"max-age=31536000; includeSubDomains\",\"Status\":\"200 OK\",\"Connection\":\"close\",\"X-Powered-By\":\"Phusion Passenger 6.0.2\",\"Content-Type\":\"text/html; charset=utf-8\",\"Content-Length\":\"12475\",\"Date\":\"Fri, 14 May 2021 15:12:01 GMT\",\"Server\":\"nginx/1.14.0\",\"X-Request-Id\":\"b7220068-a82e-4535-be4c-a087fe3901ed\",\"X-Download-Options\":\"noopen\",\"X-Runtime\":\"0.029745\",\"X-Content-Type-Options\":\"nosniff\",\"X-Frame-Options\":\"SAMEORIGIN\",\"Via\":\"1.1 google\"}},\"producer\":{\"modsecurity\":\"ModSecurity v3.0.2 (Linux)\",\"connector\":\"ModSecurity-nginx v0.1.1-beta\",\"secrules_engine\":\"Enabled\",\"components\":[\"OWASP_CRS/3.0.2\\\"\"]},\"messages\":[{\"message\":\"Host header is a numeric IP address\",\"details\":{\"match\":\"Matched \\\"Operator `Rx' with parameter `^[\\\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )\",\"reference\":\"o0,11v21,11\",\"ruleId\":\"920350\",\"file\":\"/etc/nginx/modsec/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\",\"lineNumber\":\"733\",\"data\":\"34.87.56.16\",\"severity\":\"4\",\"ver\":\"OWASP_CRS/3.0.0\",\"rev\":\"2\",\"tags\":[\"application-multi\",\"language-multi\",\"platform-multi\",\"attack-protocol\",\"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\",\"WASCTC/WASC-21\",\"OWASP_TOP_10/A7\",\"PCI/6.5.10\"],\"maturity\":\"9\",\"accuracy\":\"9\"}}]}}", - "category": [ - "web" - ], - "type": [ - "access" - ], - "kind": "event" + "ip": "67.43.156.15", + "port": 44460 }, + "tags": [ + "preserve_original_event" + ], "url": { - "path": "/", + "domain": "34.87.56.16", "original": "https://34.87.56.16:443/", - "scheme": "https", + "path": "/", "port": 443, - "domain": "34.87.56.16" - }, - "tags": [ - "preserve_original_event" - ] + "scheme": "https" + } }, { "@timestamp": "2021-05-14T15:12:18.000Z", - "modsec": { - "audit": { - "detail": "Matched \"Operator `Rx' with parameter `^[\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )" - } - }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, - "rule": { - "id": "920350" + "event": { + "category": [ + "web" + ], + "ingested": "2022-06-28T17:53:16.076352378Z", + "kind": "event", + "original": "{\"transaction\":{\"client_ip\":\"67.43.156.15\",\"time_stamp\":\"Fri May 14 15:12:18 2021\",\"server_id\":\"c06217c4ac0d6f8892d2489cd5d92aaceec2508e\",\"client_port\":45952,\"host_ip\":\"67.43.156.15\",\"host_port\":443,\"id\":\"162100513893.802359\",\"request\":{\"method\":\"GET\",\"http_version\":1.0,\"uri\":\"/\",\"headers\":{\"Host\":\"34.87.56.16\",\"Connection\":\"close\"}},\"response\":{\"http_code\":200,\"headers\":{\"Vary\":\"Accept-Encoding, Origin\",\"X-XSS-Protection\":\"1; mode=block\",\"Set-Cookie\":\"_pmcapi_session=e1e011a4d0188a1453cc4b8b9f3e476c; path=/; HttpOnly\",\"X-Permitted-Cross-Domain-Policies\":\"none\",\"Cache-Control\":\"max-age=0, private, must-revalidate\",\"ETag\":\"W/\\\"f7e5c631964147f2a3458c4f97647883\\\"\",\"Strict-Transport-Security\":\"max-age=31536000; includeSubDomains\",\"Status\":\"200 OK\",\"Connection\":\"close\",\"X-Powered-By\":\"Phusion Passenger 6.0.2\",\"Content-Type\":\"text/html; charset=utf-8\",\"Content-Length\":\"12475\",\"Date\":\"Fri, 14 May 2021 15:12:18 GMT\",\"Server\":\"nginx/1.14.0\",\"X-Request-Id\":\"15fa3f35-b204-4b2a-bbd8-7aec1d8e4417\",\"X-Download-Options\":\"noopen\",\"X-Runtime\":\"0.026203\",\"X-Content-Type-Options\":\"nosniff\",\"X-Frame-Options\":\"SAMEORIGIN\",\"Via\":\"1.1 google\"}},\"producer\":{\"modsecurity\":\"ModSecurity v3.0.2 (Linux)\",\"connector\":\"ModSecurity-nginx v0.1.1-beta\",\"secrules_engine\":\"Enabled\",\"components\":[\"OWASP_CRS/3.0.2\\\"\"]},\"messages\":[{\"message\":\"Host header is a numeric IP address\",\"details\":{\"match\":\"Matched \\\"Operator `Rx' with parameter `^[\\\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )\",\"reference\":\"o0,11v21,11\",\"ruleId\":\"920350\",\"file\":\"/etc/nginx/modsec/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\",\"lineNumber\":\"733\",\"data\":\"34.87.56.16\",\"severity\":\"4\",\"ver\":\"OWASP_CRS/3.0.0\",\"rev\":\"2\",\"tags\":[\"application-multi\",\"language-multi\",\"platform-multi\",\"attack-protocol\",\"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\",\"WASCTC/WASC-21\",\"OWASP_TOP_10/A7\",\"PCI/6.5.10\"],\"maturity\":\"9\",\"accuracy\":\"9\"}}]}}", + "type": [ + "access" + ] }, "http": { "request": { "method": "GET" }, - "version": "1.0", "response": { "mime_type": "text/html; charset=utf-8", "status_code": 200 + }, + "version": "1.0" + }, + "message": "Host header is a numeric IP address", + "modsec": { + "audit": { + "detail": "Matched \"Operator `Rx' with parameter `^[\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )" } }, + "rule": { + "id": "920350" + }, "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 45952, - "ip": "67.43.156.15" - }, - "message": "Host header is a numeric IP address", - "event": { - "ingested": "2021-12-14T14:48:26.828828395Z", - "original": "{\"transaction\":{\"client_ip\":\"67.43.156.15\",\"time_stamp\":\"Fri May 14 15:12:18 2021\",\"server_id\":\"c06217c4ac0d6f8892d2489cd5d92aaceec2508e\",\"client_port\":45952,\"host_ip\":\"67.43.156.15\",\"host_port\":443,\"id\":\"162100513893.802359\",\"request\":{\"method\":\"GET\",\"http_version\":1.0,\"uri\":\"/\",\"headers\":{\"Host\":\"34.87.56.16\",\"Connection\":\"close\"}},\"response\":{\"http_code\":200,\"headers\":{\"Vary\":\"Accept-Encoding, Origin\",\"X-XSS-Protection\":\"1; mode=block\",\"Set-Cookie\":\"_pmcapi_session=e1e011a4d0188a1453cc4b8b9f3e476c; path=/; HttpOnly\",\"X-Permitted-Cross-Domain-Policies\":\"none\",\"Cache-Control\":\"max-age=0, private, must-revalidate\",\"ETag\":\"W/\\\"f7e5c631964147f2a3458c4f97647883\\\"\",\"Strict-Transport-Security\":\"max-age=31536000; includeSubDomains\",\"Status\":\"200 OK\",\"Connection\":\"close\",\"X-Powered-By\":\"Phusion Passenger 6.0.2\",\"Content-Type\":\"text/html; charset=utf-8\",\"Content-Length\":\"12475\",\"Date\":\"Fri, 14 May 2021 15:12:18 GMT\",\"Server\":\"nginx/1.14.0\",\"X-Request-Id\":\"15fa3f35-b204-4b2a-bbd8-7aec1d8e4417\",\"X-Download-Options\":\"noopen\",\"X-Runtime\":\"0.026203\",\"X-Content-Type-Options\":\"nosniff\",\"X-Frame-Options\":\"SAMEORIGIN\",\"Via\":\"1.1 google\"}},\"producer\":{\"modsecurity\":\"ModSecurity v3.0.2 (Linux)\",\"connector\":\"ModSecurity-nginx v0.1.1-beta\",\"secrules_engine\":\"Enabled\",\"components\":[\"OWASP_CRS/3.0.2\\\"\"]},\"messages\":[{\"message\":\"Host header is a numeric IP address\",\"details\":{\"match\":\"Matched \\\"Operator `Rx' with parameter `^[\\\\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `34.87.56.16' )\",\"reference\":\"o0,11v21,11\",\"ruleId\":\"920350\",\"file\":\"/etc/nginx/modsec/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\",\"lineNumber\":\"733\",\"data\":\"34.87.56.16\",\"severity\":\"4\",\"ver\":\"OWASP_CRS/3.0.0\",\"rev\":\"2\",\"tags\":[\"application-multi\",\"language-multi\",\"platform-multi\",\"attack-protocol\",\"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\",\"WASCTC/WASC-21\",\"OWASP_TOP_10/A7\",\"PCI/6.5.10\"],\"maturity\":\"9\",\"accuracy\":\"9\"}}]}}", - "category": [ - "web" - ], - "type": [ - "access" - ], - "kind": "event" + "ip": "67.43.156.15", + "port": 45952 }, + "tags": [ + "preserve_original_event" + ], "url": { - "path": "/", + "domain": "34.87.56.16", "original": "https://34.87.56.16:443/", - "scheme": "https", + "path": "/", "port": 443, - "domain": "34.87.56.16" - }, - "tags": [ - "preserve_original_event" - ] + "scheme": "https" + } } ] } \ No newline at end of file diff --git a/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml b/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml index fe85cabc28e..6349fbe854c 100644 --- a/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '1.12.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/modsecurity/data_stream/auditlog/sample_event.json b/packages/modsecurity/data_stream/auditlog/sample_event.json index ae90192f65a..96a49691606 100644 --- a/packages/modsecurity/data_stream/auditlog/sample_event.json +++ b/packages/modsecurity/data_stream/auditlog/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "elastic_agent": { "id": "825f840d-2cf2-4972-91e6-99c4735ef994", diff --git a/packages/modsecurity/docs/README.md b/packages/modsecurity/docs/README.md index 5aa8fba3a40..fe114cd42b2 100644 --- a/packages/modsecurity/docs/README.md +++ b/packages/modsecurity/docs/README.md @@ -37,7 +37,7 @@ The `Audit Log` dataset collects Modsecurity Audit logs. | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| destination.domain | Destination domain. | keyword | +| destination.domain | The domain name of the destination system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | destination.ip | IP address of the destination (IPv4 or IPv6). | ip | | destination.port | Port of the destination. | long | | ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | @@ -60,7 +60,7 @@ The `Audit Log` dataset collects Modsecurity Audit logs. | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | -| http.request.method | HTTP request method. Prior to ECS 1.6.0 the following guidance was provided: "The field value must be normalized to lowercase for querying." As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0 | keyword | +| http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | http.response.body.bytes | Size in bytes of the response body. | long | | http.response.mime_type | Mime type of the body of the response. This value must only be populated based on the content of the response body, not on the `Content-Type` header. Comparing the mime type of a response with the response's Content-Type header can be helpful in detecting misconfigured servers. | keyword | diff --git a/packages/modsecurity/manifest.yml b/packages/modsecurity/manifest.yml index efe0c508988..ba862df0e46 100644 --- a/packages/modsecurity/manifest.yml +++ b/packages/modsecurity/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: modsecurity title: "ModSecurity Audit" -version: 1.0.0 +version: "1.1.0" license: basic description: "ModSecurity Audit Log Integration" type: integration diff --git a/packages/mysql_enterprise/_dev/build/build.yml b/packages/mysql_enterprise/_dev/build/build.yml index 47cbed9fed8..5661d603a89 100644 --- a/packages/mysql_enterprise/_dev/build/build.yml +++ b/packages/mysql_enterprise/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: git@v8.3.0 diff --git a/packages/mysql_enterprise/changelog.yml b/packages/mysql_enterprise/changelog.yml index da38cd11a54..2d9f55aeb4b 100644 --- a/packages/mysql_enterprise/changelog.yml +++ b/packages/mysql_enterprise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.1" changes: - description: Add documentation for multi-fields diff --git a/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json b/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json index f37055159ea..e8bbb207b8d 100644 --- a/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json +++ b/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-19T19:21:33.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-startup", @@ -66,7 +66,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-connect", @@ -132,7 +132,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -190,7 +190,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-disconnect", @@ -246,7 +246,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-connect", @@ -312,7 +312,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -370,7 +370,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -429,7 +429,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -488,7 +488,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -547,7 +547,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -606,7 +606,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -675,7 +675,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -744,7 +744,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -803,7 +803,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -862,7 +862,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -921,7 +921,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -981,7 +981,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-connect", @@ -1050,7 +1050,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -1112,7 +1112,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -1174,7 +1174,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -1236,7 +1236,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -1297,7 +1297,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -1359,7 +1359,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -1421,7 +1421,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -1483,7 +1483,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-insert", @@ -1545,7 +1545,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -1607,7 +1607,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-read", @@ -1669,7 +1669,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -1731,7 +1731,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-disconnect", @@ -1790,7 +1790,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-disconnect", @@ -1843,7 +1843,7 @@ { "@timestamp": "2020-10-19T19:32:16.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-shutdown", @@ -1878,7 +1878,7 @@ "ip": "192.168.7.76" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -1949,7 +1949,7 @@ "ip": "192.168.7.76" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", @@ -2007,7 +2007,7 @@ "ip": "192.168.7.76" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "mysql-status", diff --git a/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index a9b816b4f16..816325f9602 100644 --- a/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing MySQL Enterprise Audit logs processors: - set: field: ecs.version - value: "8.0.0" + value: "8.3.0" - rename: field: message target_field: event.original diff --git a/packages/mysql_enterprise/data_stream/audit/sample_event.json b/packages/mysql_enterprise/data_stream/audit/sample_event.json index 83861b17c85..a96f32471cd 100644 --- a/packages/mysql_enterprise/data_stream/audit/sample_event.json +++ b/packages/mysql_enterprise/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "1202ee7c-96a3-47b6-8ddf-4fd17e23f288", diff --git a/packages/mysql_enterprise/docs/README.md b/packages/mysql_enterprise/docs/README.md index 8598c8f92c6..bc69b68a23a 100644 --- a/packages/mysql_enterprise/docs/README.md +++ b/packages/mysql_enterprise/docs/README.md @@ -136,7 +136,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "1202ee7c-96a3-47b6-8ddf-4fd17e23f288", diff --git a/packages/mysql_enterprise/manifest.yml b/packages/mysql_enterprise/manifest.yml index a1c3d5fed19..8397f17bfff 100644 --- a/packages/mysql_enterprise/manifest.yml +++ b/packages/mysql_enterprise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mysql_enterprise title: "MySQL Enterprise" -version: 1.0.1 +version: "1.1.0" license: basic description: "MySQL Enterprise Audit Log Integration" type: integration diff --git a/packages/netflow/_dev/build/build.yml b/packages/netflow/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/netflow/_dev/build/build.yml +++ b/packages/netflow/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/netflow/changelog.yml b/packages/netflow/changelog.yml index b521cdc808d..542ac3973e8 100644 --- a/packages/netflow/changelog.yml +++ b/packages/netflow/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.0.1" changes: - description: Fix invalid value in sample event diff --git a/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json b/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json index e23f820364d..af73b5e29b0 100644 --- a/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json +++ b/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json @@ -18,7 +18,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -125,7 +125,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -232,7 +232,7 @@ "packets": 1 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -339,7 +339,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -446,7 +446,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -553,7 +553,7 @@ "packets": 18 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -660,7 +660,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -767,7 +767,7 @@ "packets": 47 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -874,7 +874,7 @@ "packets": 20 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -981,7 +981,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -1088,7 +1088,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -1195,7 +1195,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -1302,7 +1302,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -1409,7 +1409,7 @@ "packets": 13 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -1516,7 +1516,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -1623,7 +1623,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -1730,7 +1730,7 @@ "packets": 7 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -1837,7 +1837,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -1944,7 +1944,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -2051,7 +2051,7 @@ "packets": 15 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -2158,7 +2158,7 @@ "packets": 10 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -2265,7 +2265,7 @@ "packets": 4 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -2372,7 +2372,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -2479,7 +2479,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -2586,7 +2586,7 @@ "packets": 3 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -2693,7 +2693,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -2800,7 +2800,7 @@ "packets": 1 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -2907,7 +2907,7 @@ "packets": 19 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", @@ -3014,7 +3014,7 @@ "packets": 236 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "netflow_flow", diff --git a/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a3ed6e01585..a6e8165f123 100644 --- a/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for NetFlow processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - convert: field: network.iana_number type: string diff --git a/packages/netflow/data_stream/log/sample_event.json b/packages/netflow/data_stream/log/sample_event.json index 458d2a07f88..3e6f6550519 100644 --- a/packages/netflow/data_stream/log/sample_event.json +++ b/packages/netflow/data_stream/log/sample_event.json @@ -21,7 +21,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f98d63fc-e620-4d4d-b16e-814a105b1bc9", diff --git a/packages/netflow/docs/README.md b/packages/netflow/docs/README.md index 57624813693..e6cadcc9f3f 100644 --- a/packages/netflow/docs/README.md +++ b/packages/netflow/docs/README.md @@ -23,7 +23,7 @@ The `log` dataset collects netflow logs. | @timestamp | Event timestamp. | date | | agent.ephemeral_id | Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not. | keyword | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | -| agent.name | Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty. | keyword | +| agent.name | Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. | keyword | | agent.type | Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. | keyword | | agent.version | Version of the agent. | keyword | | as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | diff --git a/packages/netflow/manifest.yml b/packages/netflow/manifest.yml index 092fa3f54e4..4935891e150 100644 --- a/packages/netflow/manifest.yml +++ b/packages/netflow/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netflow title: NetFlow Records -version: 2.0.1 +version: "2.1.0" license: basic description: Collect flow records from NetFlow and IPFIX exporters with Elastic Agent. type: integration diff --git a/packages/netscout/_dev/build/build.yml b/packages/netscout/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/netscout/_dev/build/build.yml +++ b/packages/netscout/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/netscout/changelog.yml b/packages/netscout/changelog.yml index ee67a524187..14447280688 100644 --- a/packages/netscout/changelog.yml +++ b/packages/netscout/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json b/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json index c1682d6749c..5b83925a0e2 100644 --- a/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 29 06:09:59 pfsp: The configuration was changed on leader olab to version 1.6078 by rci", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 12 13:12:33 pfsp: Alert Autoclassification was restarted on 2016-02-12 13:12:33 uredolor by tatemac", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 26 20:15:08 ntsunti: Change Log: Username:nseq, Subsystem:itinvol, Setting Type:psa, Message:umq", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 12 03:17:42 pfsp: Test syslog message", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 26 10:20:16 pfsp: Alert Device ritquiin unreachable by controller umqui since 2016-03-26 10:20:16", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 9 17:22:51 pfsp: Alert Host Detection alert riosam, start 2016-04-9 17:22:51 anonnu, duration 116.480000, direction external, host 10.51.132.10, signatures (utper), impact squame, importance medium, managed_objects (omm), (parent managed object iin)", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 24 00:25:25 pfsp: Autoclassification was restarted on 2016-04-24 00:25:25 nim by incidi", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 8 07:27:59 pfsp: Alert Peakflow device oloremqu unreachable by temvel since 2016-05-08 07:27:59", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 22 14:30:33 pfsp: Autoclassification was restarted on 2016-05-22 14:30:33 serror by anti", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 5 21:33:08 pfsp: script ufugiatn ran at 2016-06-05 21:33:08 tionulam, leader uameius", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 20 04:35:42 pfsp: Alert Test syslog message", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 4 11:38:16 pfsp: configuration was changed on leader uipexea to version 1.5162 by nci", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 18 18:40:50 pfsp: The SNMP restored for router mvolu, leader radip at 2016-07-18 18:40:50 tNequ", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 2 01:43:25 tatno: Protection Mode: Changed protection mode to active for protection groupdquiac,URL:https://mail.example.net/uam/untutl.jpg?llu=uptassi#tamremap", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 16 08:45:59 pfsp: Alert script estqui ran at 2016-08-16 08:45:59 uasiarch, leader emaper", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 30 15:48:33 eum: Blocked Host: Blocked host10.66.171.247atsitby Blocked Countries usingudpdestination10.155.162.162,URL:https://www5.example.org/seq/olorema.jpg?quid=fug#uatDuis", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 13 22:51:07 pfsp: Alert TMS 'eip' fault for resource 'lupta' on TMS iusmodt", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 28 05:53:42 pfsp: Alert Autoclassification was restarted on 2016-09-28 05:53:42 atatnonp by uiano", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 12 12:56:16 temq: Blocked Host: Blocked host10.38.77.13ataquaeabby Blocked Countries usingipv6-icmpdestination10.179.26.34,URL:https://example.org/isiu/nimadmi.gif?ari=equun#suntinc", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 26 19:58:50 pfsp: Hardware failure on tatevel since 2016-10-26 19:58:50 GMT: abilloi", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 10 03:01:24 pfsp: The anomaly ore id 2933 status tsed severity very-high classification enimad router incididu router_name eci interface aali interface_name \"lo5882\" porainc", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 24 10:03:59 moll: anomaly: anomaly Bandwidth id 2902 status inim severity high classification deomni router tquovol router_name ntsuntin interface aecatcup interface_name \"lo4987\" oluptate", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 8 17:06:33 pfsp: Alert Autoclassification was restarted on 2016-12-08 17:06:33 iam by qua", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 23 00:09:07 pfsp: Test syslog message", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 6 07:11:41 pfsp: Autoclassification was restarted on 2017-01-06 07:11:41 olupta by turveli", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 20 14:14:16 pfsp: Alert Autoclassification was restarted on 2017-01-20 14:14:16 ntutl by caecatc", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 3 21:16:50 pfsp: Alert GRE tunnel restored for destination 10.224.68.213, leader taed at 2017-02-03 21:16:50 lup", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 18 04:19:24 pfsp: Alert Hardware failure on aperi since 2017-02-18 04:19:24 GMT: lor", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 4 11:21:59 pfsp: The BGP Instability for router oin ended", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 18 18:24:33 pfsp: Hardware failure on ritatis done at 2017-03-18 18:24:33 oloremi GMT: pitla", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2 01:27:07 eomnisis: Change Log: Username:mqui, Subsystem:civeli, Setting Type:errorsi, Message:des", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 16 08:29:41 pfsp: Device tdolorem unreachable by controller ono since 2017-04-16 08:29:41", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 30 15:32:16 pfsp: The GRE tunnel down for destination 10.60.185.151, leader uidolo since 2017-04-30 15:32:16 lumquido", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 14 22:34:50 Lor: Test: Test syslog message", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 29 05:37:24 pfsp: Alert script modoco ran at 2017-05-29 05:37:24 , leader estqu", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 12 12:39:58 intoccae: Protection Mode: Changed protection mode to active for protection groupents,URL:https://www.example.net/nse/sinto.gif?CSed=lupt#psaquae", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 26 19:42:33 pfsp: The BGP Trap reetd: Prefix lumqui itinvo mdolore", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 11 02:45:07 pfsp: Device mque reachable again by controller uovolup at 2017-07-11 02:45:07 samvolu", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 25 09:47:41 pfsp: The Host Detection alert eirure, start 2017-07-25 09:47:41 conseq, duration 38.117000, stop 2017-07-25 09:47:41 mpori, , importance very-high, managed_objects (atu), is now unknown, (parent managed object lpaqui)", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 8 16:50:15 pfsp: BGP Trap doloremi: Prefix luptasn hitect dol", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 22 23:52:50 nsecte: BGP: ipv6 instability router tincu threshold ari (exercit) observed sci (quamnih)", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 6 06:55:24 emoe: Protection Mode: Changed protection mode to active for protection groupeaq,URL:https://mail.example.net/corp/modtemp.jpg?oluptas=tNequepo#lup", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 20 13:57:58 evita: Change Log: Username:suntexp, Subsystem:duntut, Setting Type:magni, Message:pisciv", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 4 21:00:32 radipisc: Blocked Host: Blocked host10.136.232.108atabiby Blocked Countries usingrdpdestination10.168.131.247,URL:https://example.net/temqu/edol.jpg?ipi=reseos#pariatu", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 19 04:03:07 pfsp: GRE tunnel restored for destination 10.209.182.237, leader tper at 2017-10-19 04:03:07 olor", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 2 11:05:41 pfsp: Alert Device xerc reachable again by controller iutali at 2017-11-02 11:05:41 fdeFi", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 16 18:08:15 pfsp: BGP down for router ati, leader tlabo since 2017-11-16 18:08:15 uames", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 1 01:10:49 pfsp: script offi ran at 2017-12-01 01:10:49 , leader giatnu", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 15 08:13:24 untex: Blocked Host: Blocked host10.83.23.104attisetqby Blocked Countries usingrdpdestination10.163.161.165,URL:https://www5.example.org/atem/gnido.txt?tmollita=fde#nsecte", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 29 15:15:58 pfsp: GRE tunnel restored for destination 10.53.248.4, leader derit at 2017-12-29 15:15:58 dexea", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 12 22:18:32 pfsp: Test syslog message", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 27 05:21:06 pfsp: Alert Flow down for router tessec, leader olupta since 2018-01-27 05:21:06 litse", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 10 12:23:41 pfsp: Alert Host Detection alert sperna, start 2018-02-10 12:23:41 sintocc, duration 24.633000, stop 2018-02-10 12:23:41 scivelit, , importance medium, managed_objects (ehen), is now success, (parent managed object quameius)", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 24 19:26:15 ate: Change Log: Username:uiac, Subsystem:epte, Setting Type:idolo, Message:quinesc", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 11 02:28:49 pfsp: BGP Instability for router iatisu ended", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 25 09:31:24 evolu: Change Log: Username:ersp, Subsystem:tquov, Setting Type:diconseq, Message:inven", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 8 16:33:58 pfsp: Test syslog message", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 22 23:36:32 Sedutp: Test: Test syslog message", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 7 06:39:06 ema: Change Log: Username:rsitv, Subsystem:iciade, Setting Type:ntiumt, Message:iquipe", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 21 13:41:41 quin: Protection Mode: Changed protection mode to active for protection groupupida,URL:https://api.example.com/eufugi/pici.html?ccaecat=tquiin#tse", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 4 20:44:15 minimav: Change Log: Username:udexerci, Subsystem:naal, Setting Type:lore, Message:tnonpro", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 19 03:46:49 pfsp: The Device illoin unreachable by controller tanimid since 2018-06-19 03:46:49", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 3 10:49:23 pfsp: configuration was changed on leader natuse to version 1.4425 by ati", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 17 17:51:58 boree: anomaly: anomaly Bandwidth id 2366 status queips severity low classification itess router iscinge router_name ofdeFini interface irat interface_name \"enp0s4306\" aturauto", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 1 00:54:32 pfsp: SNMP restored for router entsunt, leader ihilm at 2018-08-01 00:54:32 dmin", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 15 07:57:06 pfsp: The Host Detection alert uscipitl, start 2018-08-15 07:57:06 uia, duration 29.657000, direction internal, host 10.54.49.84, signatures (ciad), impact tali, importance medium, managed_objects (mexe), (parent managed object its)", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 29 14:59:40 pfsp: Alert Test syslog message", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 12 22:02:15 pfsp: anomaly Bandwidth id 5089 status commodo severity medium classification tutlab router sau router_name atevelit interface meius interface_name \"lo4293\" labo", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 27 05:04:49 pfsp: Alert script nre ran at 2018-09-27 05:04:49 veli, leader volupta", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 11 12:07:23 pfsp: The BGP instability router uptate threshold mac (iumdol) observed tpersp (stla)", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 25 19:09:57 pfsp: Alert TMS 'tem' fault for resource 'dol' on TMS proiden", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 9 02:12:32 pfsp: Device isis reachable again by controller uasiar at 2018-11-09 02:12:32 utlab", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 23 09:15:06 pfsp: Alert script dantium ran at 2018-11-23 09:15:06 lor, leader velillu", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 7 16:17:40 pfsp: The script tvolu ran at 2018-12-07 16:17:40 nreprehe, leader tetu", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 21 23:20:14 temporin: Blocked Host: Blocked host10.122.76.148atmiuby Blocked Countries usingipv6-icmpdestination10.28.226.128,URL:https://mail.example.org/idunt/luptat.txt?ica=lillum#remips", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 5 06:22:49 cola: Protection Mode: Changed protection mode to active for protection groupamcor,URL:https://internal.example.com/ineavol/iosa.html?usc=rem#amvolupt", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 19 13:25:23 mnis: Protection Mode: Changed protection mode to active for protection groupequepor,URL:https://internal.example.org/quaUten/nisiut.txt?teturad=perspici#itation", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2 20:27:57 nimave: Protection Mode: Changed protection mode to active for protection groupisciv,URL:https://mail.example.org/nofd/dipisci.txt?ilmol=eri#quunt", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 17 03:30:32 iosamnis: Blocked Host: Blocked host10.31.177.226atdeserunby Blocked Countries usingggpdestination10.98.209.10,URL:https://www.example.org/ptateve/enderi.html?toccaec=fugi#labo", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 3 10:33:06 estl: Blocked Host: Blocked host10.44.47.27atmmodocby Blocked Countries usingigmpdestination10.179.210.218,URL:https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 17 17:35:40 pfsp: Alert configuration was changed on leader emvele to version 1.2883 by lor", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 1 00:38:14 pfsp: Alert BGP instability router iquamqua threshold sit (rumSect) observed ita (vitaed)", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 15 07:40:49 pfsp: Alert Test syslog message", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 29 14:43:23 numquam: Change Log: Username:tMal, Subsystem:ommodo, Setting Type:uptat, Message:idex", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 13 21:45:57 pfsp: Alert configuration was changed on leader maveni to version 1.2552 by onu", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 28 04:48:31 pfsp: Alert BGP Hijack for prefix tlaboree router norumet done", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 11 11:51:06 pfsp: Host Detection alert col, start 2019-06-11 11:51:06 mve, duration 177.586000, stop 2019-06-11 11:51:06 tinvolup, , importance very-high, managed_objects (Sedutpe), is now failure, (parent managed object rroq)", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 25 18:53:40 pfsp: script remipsum ran at 2019-06-25 18:53:40 , leader tempor", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 10 01:56:14 ccae: Change Log: Username:orroqu, Subsystem:elitsed, Setting Type:labore, Message:uela", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 24 08:58:48 uto: Test: Test syslog message", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 7 16:01:23 remq: Change Log: Username:veniamq, Subsystem:occ, Setting Type:oloreseo, Message:iruredol", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 21 23:03:57 cupi: Blocked Host: Blocked host10.151.129.181atduntby Blocked Countries usingggpdestination10.55.156.64,URL:https://www.example.net/itanim/nesciun.txt?mollita=tatem#iae", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 5 06:06:31 eumi: Protection Mode: Changed protection mode to active for protection groupquasiarc,URL:https://www.example.net/rever/ore.jpg?oluptat=metco#acom", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 19 13:09:05 pfsp: The Host Detection alert inBCSedu, start 2019-09-19 13:09:05 erspi, duration 77.637000, direction internal, host 10.46.77.76, signatures (iacons), impact occaec, importance medium, managed_objects (uov), (parent managed object quaeab)", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 3 20:11:40 pfsp: Hardware failure on ntiu since 2019-10-03 20:11:40 GMT: radipisc", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 18 03:14:14 pfsp: script vitaed ran at 2019-10-18 03:14:14 ser, leader etconsec", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 1 10:16:48 upt: Blocked Host: Blocked host10.73.89.189atidoloby Blocked Countries usingicmpdestination10.166.90.130,URL:https://api.example.org/eosquira/pta.htm?econs=lmolesti#apariatu", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 15 17:19:22 pfsp: Alert script msequ ran at 2019-11-15 17:19:22 uat, leader lupta", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 30 00:21:57 tlabori: Protection Mode: Changed protection mode to active for protection grouplaudan,URL:https://www5.example.com/atcupida/tessequa.htm?dolores=equamnih#taliqui", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 14 07:24:31 destlabo: Change Log: Username:rcitat, Subsystem:dolorema, Setting Type:emagn, Message:radipis", "tags": [ diff --git a/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml b/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml index 07025273b2b..20f522afd62 100644 --- a/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Arbor Peakflow SP processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/netscout/data_stream/sightline/sample_event.json b/packages/netscout/data_stream/sightline/sample_event.json index 1ffb389ed71..b3f354051d3 100644 --- a/packages/netscout/data_stream/sightline/sample_event.json +++ b/packages/netscout/data_stream/sightline/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/netscout/manifest.yml b/packages/netscout/manifest.yml index 48e6adf6e22..8cceb4a85ef 100644 --- a/packages/netscout/manifest.yml +++ b/packages/netscout/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netscout title: Arbor Peakflow SP Logs -version: 0.8.0 +version: "0.9.0" description: Collect and parse logs from Netscout Arbor Peakflow SP with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/netskope/_dev/build/build.yml b/packages/netskope/_dev/build/build.yml index 47cbed9fed8..5661d603a89 100644 --- a/packages/netskope/_dev/build/build.yml +++ b/packages/netskope/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: git@v8.3.0 diff --git a/packages/netskope/changelog.yml b/packages/netskope/changelog.yml index ceaeb731fa8..857889cb32f 100644 --- a/packages/netskope/changelog.yml +++ b/packages/netskope/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.1" changes: - description: Added linnk to vendor documentation diff --git a/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json b/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json index 190ab83870b..3b406821f18 100644 --- a/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json +++ b/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json @@ -19,7 +19,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "f621f259f5fbde850ad5593a", @@ -173,7 +173,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "5b052d559134cbd545cc1bdb", @@ -344,7 +344,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "d370a4733b213214d7efd44b", @@ -518,7 +518,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "f34166329a41b4ed7842ce18", @@ -637,7 +637,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "045b4a05e63667d3b25279e1", @@ -833,7 +833,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -1027,7 +1027,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -1194,7 +1194,7 @@ { "@timestamp": "2022-01-19T21:39:15.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "47eccb9569fe50460ad1200f", @@ -1248,7 +1248,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "f34166329a41b4ed7842ce18", @@ -1367,7 +1367,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "045b4a05e63667d3b25279e1", @@ -1563,7 +1563,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -1757,7 +1757,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "b999bebb17c193b3350f16b3", diff --git a/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index b9e9af61d8c..1e48973d90d 100644 --- a/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Netskope alerts processors: - set: field: ecs.version - value: '8.0.0' + value: '8.3.0' - json: field: message add_to_root: true diff --git a/packages/netskope/data_stream/alerts/sample_event.json b/packages/netskope/data_stream/alerts/sample_event.json index e287ed230bf..c6bcd515a0e 100644 --- a/packages/netskope/data_stream/alerts/sample_event.json +++ b/packages/netskope/data_stream/alerts/sample_event.json @@ -29,7 +29,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "52d90929-98ee-4480-9b14-fe07637d0bbe", diff --git a/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json b/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json index ac336811f99..ce2e0a89870 100644 --- a/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json +++ b/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json @@ -24,7 +24,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "alert", @@ -202,7 +202,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "allow", @@ -320,7 +320,7 @@ { "@timestamp": "2022-01-30T05:44:59.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "c198aee5561d930a120e4fb4", @@ -378,7 +378,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "fd54bdb5916df42dc55712a4", @@ -525,7 +525,7 @@ { "@timestamp": "2021-12-24T00:29:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "original": "{\"@timestamp\":\"2021-12-24T00:29:56.000Z\",\"event.id\":\"613ee55ec9d868fc47654a73\",\"netskope\":{\"events\":{\"event_type\":\"infrastructure\",\"severity\":{\"level\":\"high\"},\"alarm\":{\"name\":\"No_events_from_device\",\"description\":\"Events from device not received in the last 24 hours\"},\"device\":{\"name\":\"device-1\"},\"metric_value\":43831789,\"serial\":\"FFFFFFFFFFFFFFFF\",\"supporting_data\":\"abc\"}}}" @@ -573,7 +573,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "id": "004bad0deade8dd33fafb916", diff --git a/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml index 989c462df94..7f732d41c14 100644 --- a/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Netskope events processors: - set: field: ecs.version - value: '8.0.0' + value: '8.3.0' - json: field: message add_to_root: true diff --git a/packages/netskope/data_stream/events/sample_event.json b/packages/netskope/data_stream/events/sample_event.json index 23098b922f8..788ac25e322 100644 --- a/packages/netskope/data_stream/events/sample_event.json +++ b/packages/netskope/data_stream/events/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "52d90929-98ee-4480-9b14-fe07637d0bbe", diff --git a/packages/netskope/docs/README.md b/packages/netskope/docs/README.md index b5708c562f8..9531451f814 100644 --- a/packages/netskope/docs/README.md +++ b/packages/netskope/docs/README.md @@ -2327,7 +2327,7 @@ An example event for `alerts` looks as following: "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "52d90929-98ee-4480-9b14-fe07637d0bbe", @@ -2872,7 +2872,7 @@ An example event for `events` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "52d90929-98ee-4480-9b14-fe07637d0bbe", diff --git a/packages/netskope/manifest.yml b/packages/netskope/manifest.yml index 8804b80b62b..8e4c521da1a 100644 --- a/packages/netskope/manifest.yml +++ b/packages/netskope/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netskope title: "Netskope" -version: 1.0.1 +version: "1.1.0" license: basic description: Collect logs from Netskope with Elastic Agent. type: integration diff --git a/packages/network_traffic/_dev/build/build.yml b/packages/network_traffic/_dev/build/build.yml index 57064cc41b0..5661d603a89 100755 --- a/packages/network_traffic/_dev/build/build.yml +++ b/packages/network_traffic/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/network_traffic/changelog.yml b/packages/network_traffic/changelog.yml index 657af52ffe7..efbe2c8c64f 100644 --- a/packages/network_traffic/changelog.yml +++ b/packages/network_traffic/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.1" changes: - description: Fix doc build diff --git a/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml index dd8f95ef447..2da2f9d6091 100644 --- a/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing amqp traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/amqp/sample_event.json b/packages/network_traffic/data_stream/amqp/sample_event.json index 9ef02f389f9..fcb79d9a484 100644 --- a/packages/network_traffic/data_stream/amqp/sample_event.json +++ b/packages/network_traffic/data_stream/amqp/sample_event.json @@ -33,7 +33,7 @@ "port": 5672 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml index 2860fd7f9e9..ef89b76ed1b 100644 --- a/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing cassandra traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/cassandra/sample_event.json b/packages/network_traffic/data_stream/cassandra/sample_event.json index aa2d587c118..730bddeedd5 100644 --- a/packages/network_traffic/data_stream/cassandra/sample_event.json +++ b/packages/network_traffic/data_stream/cassandra/sample_event.json @@ -53,7 +53,7 @@ "port": 9042 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml index a0f2d285e8f..fd9a0e3ebce 100644 --- a/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing dhcpv4 traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/dhcpv4/sample_event.json b/packages/network_traffic/data_stream/dhcpv4/sample_event.json index 59ab8706956..24eb09de425 100644 --- a/packages/network_traffic/data_stream/dhcpv4/sample_event.json +++ b/packages/network_traffic/data_stream/dhcpv4/sample_event.json @@ -41,7 +41,7 @@ "transaction_id": "0x00003d1d" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index 70d49c51b6b..d48c2ceb217 100644 --- a/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing dhcpv4 traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/dns/sample_event.json b/packages/network_traffic/data_stream/dns/sample_event.json index 476a880555b..eb5dff76164 100644 --- a/packages/network_traffic/data_stream/dns/sample_event.json +++ b/packages/network_traffic/data_stream/dns/sample_event.json @@ -82,7 +82,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml index 8a45c554fd1..fb025dcdea1 100644 --- a/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing traffic flows processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml index e0cbf2bf88b..bbc484805be 100644 --- a/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing http traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/http/sample_event.json b/packages/network_traffic/data_stream/http/sample_event.json index f07301394bb..58f877a5a53 100644 --- a/packages/network_traffic/data_stream/http/sample_event.json +++ b/packages/network_traffic/data_stream/http/sample_event.json @@ -24,7 +24,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml index 1ae74a06920..c91ce98e158 100644 --- a/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing icmp traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/icmp/sample_event.json b/packages/network_traffic/data_stream/icmp/sample_event.json index 6dfd5d97d4e..5d39a614a88 100644 --- a/packages/network_traffic/data_stream/icmp/sample_event.json +++ b/packages/network_traffic/data_stream/icmp/sample_event.json @@ -21,7 +21,7 @@ "ip": "::2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml index 79d3c2cf545..b0f807f28eb 100644 --- a/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing memcached traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/memcached/sample_event.json b/packages/network_traffic/data_stream/memcached/sample_event.json index 4b4dc284f83..d0fa8813ecf 100644 --- a/packages/network_traffic/data_stream/memcached/sample_event.json +++ b/packages/network_traffic/data_stream/memcached/sample_event.json @@ -22,7 +22,7 @@ "port": 11211 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml index 53b9f4a0df5..9bcabc0bf29 100644 --- a/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing mongodb traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/mongodb/sample_event.json b/packages/network_traffic/data_stream/mongodb/sample_event.json index 4cfd576e4c3..8713d5dd057 100644 --- a/packages/network_traffic/data_stream/mongodb/sample_event.json +++ b/packages/network_traffic/data_stream/mongodb/sample_event.json @@ -23,7 +23,7 @@ "port": 27017 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml index 23ad4ad9d55..272bf7e79b6 100644 --- a/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing mysql traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/mysql/sample_event.json b/packages/network_traffic/data_stream/mysql/sample_event.json index 2c331160530..a9edbd993e0 100644 --- a/packages/network_traffic/data_stream/mysql/sample_event.json +++ b/packages/network_traffic/data_stream/mysql/sample_event.json @@ -23,7 +23,7 @@ "port": 3306 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml index cd66758ed48..e9ac6b6bb59 100644 --- a/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing nfs traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/nfs/sample_event.json b/packages/network_traffic/data_stream/nfs/sample_event.json index de4b4525e04..a1ee4deb5d0 100644 --- a/packages/network_traffic/data_stream/nfs/sample_event.json +++ b/packages/network_traffic/data_stream/nfs/sample_event.json @@ -24,7 +24,7 @@ "port": 2049 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml index 7bd75120a7b..6ec78744ff0 100644 --- a/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing pgsql traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/pgsql/sample_event.json b/packages/network_traffic/data_stream/pgsql/sample_event.json index 462f734f42d..ccae2c37d6c 100644 --- a/packages/network_traffic/data_stream/pgsql/sample_event.json +++ b/packages/network_traffic/data_stream/pgsql/sample_event.json @@ -23,7 +23,7 @@ "port": 5432 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml index a2af2349aca..698c28cd063 100644 --- a/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing redis traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/redis/sample_event.json b/packages/network_traffic/data_stream/redis/sample_event.json index 7ce644c9355..43f59abab96 100644 --- a/packages/network_traffic/data_stream/redis/sample_event.json +++ b/packages/network_traffic/data_stream/redis/sample_event.json @@ -23,7 +23,7 @@ "port": 6380 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", diff --git a/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml index c20207afdd4..de96383a70a 100644 --- a/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing sip traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/sip/sample_event.json b/packages/network_traffic/data_stream/sip/sample_event.json index 5a36041d5a2..5d65fa41eb4 100644 --- a/packages/network_traffic/data_stream/sip/sample_event.json +++ b/packages/network_traffic/data_stream/sip/sample_event.json @@ -21,7 +21,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "a82e5ec9-4d24-4491-8d66-470aa321ddae", diff --git a/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml index 987bedd7308..6c6ff11e97a 100644 --- a/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing thrift traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/thrift/sample_event.json b/packages/network_traffic/data_stream/thrift/sample_event.json index 523e6958a6d..9c43e492efd 100644 --- a/packages/network_traffic/data_stream/thrift/sample_event.json +++ b/packages/network_traffic/data_stream/thrift/sample_event.json @@ -23,7 +23,7 @@ "port": 9090 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0488c467-eaa0-4733-a81a-326734926bc2", diff --git a/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml index af2d5a91f59..bb474ab5a6f 100644 --- a/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing tls traffic processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/tls/sample_event.json b/packages/network_traffic/data_stream/tls/sample_event.json index 6c9779651e4..0084f64470c 100644 --- a/packages/network_traffic/data_stream/tls/sample_event.json +++ b/packages/network_traffic/data_stream/tls/sample_event.json @@ -22,7 +22,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0488c467-eaa0-4733-a81a-326734926bc2", diff --git a/packages/network_traffic/docs/README.md b/packages/network_traffic/docs/README.md index e8695e261d7..9a23cce2a41 100644 --- a/packages/network_traffic/docs/README.md +++ b/packages/network_traffic/docs/README.md @@ -435,7 +435,7 @@ An example event for `amqp` looks as following: "port": 5672 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -764,7 +764,7 @@ An example event for `cassandra` looks as following: "port": 9042 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -1013,7 +1013,7 @@ An example event for `dhcpv4` looks as following: "transaction_id": "0x00003d1d" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -1322,7 +1322,7 @@ An example event for `dns` looks as following: "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -1674,7 +1674,7 @@ An example event for `http` looks as following: "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -1927,7 +1927,7 @@ An example event for `icmp` looks as following: "ip": "::2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -2215,7 +2215,7 @@ An example event for `memcached` looks as following: "port": 11211 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -2466,7 +2466,7 @@ An example event for `mongodb` looks as following: "port": 27017 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -2698,7 +2698,7 @@ An example event for `mysql` looks as following: "port": 3306 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -2924,7 +2924,7 @@ An example event for `nfs` looks as following: "port": 2049 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -3164,7 +3164,7 @@ An example event for `pgsql` looks as following: "port": 5432 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -3381,7 +3381,7 @@ An example event for `redis` looks as following: "port": 6380 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f789afb0-558d-48bd-b448-0fc838efd730", @@ -3679,7 +3679,7 @@ An example event for `sip` looks as following: "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "a82e5ec9-4d24-4491-8d66-470aa321ddae", @@ -4061,7 +4061,7 @@ An example event for `thrift` looks as following: "port": 9090 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0488c467-eaa0-4733-a81a-326734926bc2", @@ -4440,7 +4440,7 @@ An example event for `tls` looks as following: "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0488c467-eaa0-4733-a81a-326734926bc2", diff --git a/packages/network_traffic/manifest.yml b/packages/network_traffic/manifest.yml index 8baea71d272..02070bb0d63 100644 --- a/packages/network_traffic/manifest.yml +++ b/packages/network_traffic/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: network_traffic title: Network Packet Capture -version: 1.3.1 +version: "1.4.0" license: basic description: Capture and analyze network traffic from a host with Elastic Agent. type: integration diff --git a/packages/o365/_dev/build/build.yml b/packages/o365/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/o365/_dev/build/build.yml +++ b/packages/o365/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index 5a313aebbd0..d4469b59032 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.6.0" changes: - description: Extend list of mapped record types diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json index 0db46e95239..4293519276e 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -189,7 +189,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -371,7 +371,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -553,7 +553,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update service principal.", @@ -744,7 +744,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update service principal.", @@ -935,7 +935,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -1139,7 +1139,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -1343,7 +1343,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -1547,7 +1547,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -1751,7 +1751,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -1955,7 +1955,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -2159,7 +2159,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -2363,7 +2363,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -2567,7 +2567,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -2771,7 +2771,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -2975,7 +2975,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -3179,7 +3179,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -3383,7 +3383,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -3587,7 +3587,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -3769,7 +3769,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -3951,7 +3951,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update service principal.", @@ -4142,7 +4142,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -4324,7 +4324,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -4506,7 +4506,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -4688,7 +4688,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update service principal.", @@ -4879,7 +4879,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5083,7 +5083,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5287,7 +5287,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5491,7 +5491,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5695,7 +5695,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5899,7 +5899,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -6103,7 +6103,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -6307,7 +6307,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -6511,7 +6511,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Consent to application.", @@ -6718,7 +6718,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Consent to application.", @@ -6922,7 +6922,7 @@ "@timestamp": "2020-02-10T15:15:04.000Z", "client": {}, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "modified-user-account", @@ -7094,7 +7094,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove OAuth2PermissionGrant.", @@ -7298,7 +7298,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove OAuth2PermissionGrant.", @@ -7502,7 +7502,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove OAuth2PermissionGrant.", @@ -7706,7 +7706,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -7910,7 +7910,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -8114,7 +8114,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -8318,7 +8318,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -8522,7 +8522,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -8726,7 +8726,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -8930,7 +8930,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -9134,7 +9134,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -9338,7 +9338,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -9542,7 +9542,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -9746,7 +9746,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -9950,7 +9950,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -10154,7 +10154,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Consent to application.", @@ -10361,7 +10361,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Consent to application.", @@ -10568,7 +10568,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -10772,7 +10772,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -10976,7 +10976,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -11180,7 +11180,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -11384,7 +11384,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -11588,7 +11588,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -11792,7 +11792,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -11996,7 +11996,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -12200,7 +12200,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -12404,7 +12404,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add application.", @@ -12598,7 +12598,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add application.", @@ -12792,7 +12792,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add application.", @@ -12986,7 +12986,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add application.", @@ -13180,7 +13180,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add owner to application.", @@ -13375,7 +13375,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add service principal.", @@ -13586,7 +13586,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add service principal.", @@ -13797,7 +13797,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add service principal.", @@ -14008,7 +14008,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add service principal.", @@ -14219,7 +14219,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -14391,7 +14391,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application – Certificates and secrets management ", @@ -14573,7 +14573,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application – Certificates and secrets management ", @@ -14755,7 +14755,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update service principal.", @@ -14946,7 +14946,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update service principal.", @@ -15137,7 +15137,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update service principal.", @@ -15328,7 +15328,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -15510,7 +15510,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -15692,7 +15692,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update application.", @@ -15874,7 +15874,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update service principal.", @@ -16065,7 +16065,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update service principal.", @@ -16256,7 +16256,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update service principal.", @@ -16447,7 +16447,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -16651,7 +16651,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -16855,7 +16855,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17059,7 +17059,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17263,7 +17263,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17467,7 +17467,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17671,7 +17671,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17875,7 +17875,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -18079,7 +18079,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -18283,7 +18283,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -18487,7 +18487,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -18691,7 +18691,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Consent to application.", @@ -18898,7 +18898,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Consent to application.", @@ -19105,7 +19105,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Consent to application.", @@ -19312,7 +19312,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment grant to user.", @@ -19512,7 +19512,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment grant to user.", @@ -19712,7 +19712,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add app role assignment grant to user.", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json index 30174a1d325..4be8434b5d6 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -137,7 +137,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -267,7 +267,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -397,7 +397,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -527,7 +527,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -657,7 +657,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -787,7 +787,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -917,7 +917,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -1047,7 +1047,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -1177,7 +1177,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -1307,7 +1307,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -1437,7 +1437,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -1567,7 +1567,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -1697,7 +1697,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -1827,7 +1827,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -1957,7 +1957,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -2087,7 +2087,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -2217,7 +2217,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -2347,7 +2347,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -2477,7 +2477,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -2607,7 +2607,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -2737,7 +2737,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -2867,7 +2867,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -2997,7 +2997,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -3127,7 +3127,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -3257,7 +3257,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -3387,7 +3387,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -3517,7 +3517,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -3647,7 +3647,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -3777,7 +3777,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -3906,7 +3906,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoginFailed", @@ -4037,7 +4037,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -4152,7 +4152,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -4282,7 +4282,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -4397,7 +4397,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoginFailed", @@ -4528,7 +4528,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -4643,7 +4643,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoginFailed", @@ -4774,7 +4774,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -4904,7 +4904,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -5034,7 +5034,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -5149,7 +5149,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoginFailed", @@ -5280,7 +5280,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -5410,7 +5410,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -5540,7 +5540,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -5670,7 +5670,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -5785,7 +5785,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -5915,7 +5915,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -6045,7 +6045,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -6175,7 +6175,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -6305,7 +6305,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -6435,7 +6435,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -6565,7 +6565,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -6695,7 +6695,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -6825,7 +6825,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -6955,7 +6955,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -7085,7 +7085,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -7215,7 +7215,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -7345,7 +7345,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -7475,7 +7475,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -7605,7 +7605,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -7735,7 +7735,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -7865,7 +7865,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -7995,7 +7995,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -8125,7 +8125,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -8255,7 +8255,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -8385,7 +8385,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -8515,7 +8515,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -8645,7 +8645,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -8775,7 +8775,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json index 50222c98c1a..504ca102983 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json @@ -7,7 +7,7 @@ "domain": "NOTANIPV4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GroupCreation", @@ -74,7 +74,7 @@ "ip": "10.90.0.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GroupCreation", @@ -149,7 +149,7 @@ "domain": "INCORRECTIPV4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GroupCreation", @@ -211,7 +211,7 @@ { "@timestamp": "2020-02-28T09:42:45.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json index 6fcb1d122d1..50c837d8b6c 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-10T15:13:38.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -49,7 +49,7 @@ { "@timestamp": "2020-02-12T21:38:38.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -95,7 +95,7 @@ { "@timestamp": "2020-02-10T15:13:38.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -141,7 +141,7 @@ { "@timestamp": "2020-02-12T10:53:26.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -187,7 +187,7 @@ { "@timestamp": "2020-02-12T21:38:38.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -233,7 +233,7 @@ { "@timestamp": "2020-02-12T10:53:26.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -279,7 +279,7 @@ { "@timestamp": "2020-02-10T15:13:38.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -325,7 +325,7 @@ { "@timestamp": "2020-02-12T10:53:26.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -371,7 +371,7 @@ { "@timestamp": "2020-02-12T21:38:38.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SearchDataInsightsSubscription", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json index b9b1eb12bdb..9ae4255c1c3 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DlpRuleMatch", @@ -182,7 +182,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DlpRuleUndo", @@ -353,7 +353,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DlpRuleMatch", @@ -527,7 +527,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DlpRuleMatch", @@ -701,7 +701,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DlpRuleMatch", @@ -819,7 +819,7 @@ { "@timestamp": "2020-02-24T20:11:15.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DlpRuleMatch", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json index ffc89aa43dd..b8efd40f04c 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-25T16:20:15.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DLPRuleMatch", @@ -107,7 +107,7 @@ { "@timestamp": "2020-02-25T16:23:39.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DLPRuleMatch", @@ -220,7 +220,7 @@ { "@timestamp": "2020-02-25T16:23:39.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DLPRuleMatch", @@ -329,7 +329,7 @@ { "@timestamp": "2020-02-25T16:22:22.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DLPRuleMatch", @@ -442,7 +442,7 @@ { "@timestamp": "2020-02-26T10:13:48.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DLPRuleMatch", @@ -555,7 +555,7 @@ { "@timestamp": "2020-02-26T12:39:40.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DLPRuleMatch", @@ -668,7 +668,7 @@ { "@timestamp": "2020-02-26T12:39:40.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DLPRuleMatch", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json index 77f85a842dc..e2068b10da6 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json @@ -6,7 +6,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -73,7 +73,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -153,7 +153,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -233,7 +233,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Install-DefaultSharingPolicy", @@ -300,7 +300,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Install-AdminAuditLogConfig", @@ -367,7 +367,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-TransportConfig", @@ -435,7 +435,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -504,7 +504,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-OwaMailboxPolicy", @@ -571,7 +571,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -651,7 +651,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -731,7 +731,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Enable-AddressListPaging", @@ -799,7 +799,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -879,7 +879,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -959,7 +959,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -1039,7 +1039,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -1119,7 +1119,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -1199,7 +1199,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -1279,7 +1279,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-TenantObjectVersion", @@ -1346,7 +1346,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-TransportConfig", @@ -1414,7 +1414,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-TransportConfig", @@ -1482,7 +1482,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-TenantObjectVersion", @@ -1549,7 +1549,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-TransportConfig", @@ -1617,7 +1617,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -1697,7 +1697,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -1777,7 +1777,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -1857,7 +1857,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -1937,7 +1937,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2017,7 +2017,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2097,7 +2097,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2177,7 +2177,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2257,7 +2257,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2339,7 +2339,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2419,7 +2419,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2499,7 +2499,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2579,7 +2579,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2659,7 +2659,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2739,7 +2739,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2819,7 +2819,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2899,7 +2899,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -2979,7 +2979,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -3059,7 +3059,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -3136,7 +3136,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -3205,7 +3205,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-TransportConfig", @@ -3273,7 +3273,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-TransportConfig", @@ -3341,7 +3341,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "New-ExchangeAssistanceConfig", @@ -3409,7 +3409,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -3491,7 +3491,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -3571,7 +3571,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -3651,7 +3651,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -3731,7 +3731,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -3811,7 +3811,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -3891,7 +3891,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -3971,7 +3971,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -4051,7 +4051,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -4131,7 +4131,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -4211,7 +4211,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -4291,7 +4291,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -4371,7 +4371,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -4440,7 +4440,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -4509,7 +4509,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -4589,7 +4589,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -4669,7 +4669,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -4738,7 +4738,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-OwaMailboxPolicy", @@ -4805,7 +4805,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -4887,7 +4887,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -4967,7 +4967,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -5047,7 +5047,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -5127,7 +5127,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -5207,7 +5207,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -5287,7 +5287,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -5367,7 +5367,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -5447,7 +5447,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Enable-AddressListPaging", @@ -5515,7 +5515,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -5584,7 +5584,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-ExchangeAssistanceConfig", @@ -5652,7 +5652,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -5721,7 +5721,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-TenantObjectVersion", @@ -5788,7 +5788,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add-MailboxPermission", @@ -5857,7 +5857,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -5924,7 +5924,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -5993,7 +5993,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -6073,7 +6073,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -6153,7 +6153,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -6233,7 +6233,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -6313,7 +6313,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -6393,7 +6393,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -6473,7 +6473,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -6553,7 +6553,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -6633,7 +6633,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Add-MailboxPermission", @@ -6702,7 +6702,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -6782,7 +6782,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -6862,7 +6862,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Enable-AddressListPaging", @@ -6930,7 +6930,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -7010,7 +7010,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Install-ResourceConfig", @@ -7077,7 +7077,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -7146,7 +7146,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -7223,7 +7223,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -7303,7 +7303,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -7372,7 +7372,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -7452,7 +7452,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", @@ -7534,7 +7534,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json index 15d06073dd7..eb80fe268eb 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json @@ -10,7 +10,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Create", @@ -101,7 +101,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Create", @@ -192,7 +192,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Create", @@ -283,7 +283,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ModifyFolderPermissions", @@ -374,7 +374,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ModifyFolderPermissions", @@ -465,7 +465,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ModifyFolderPermissions", @@ -556,7 +556,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ModifyFolderPermissions", @@ -647,7 +647,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ModifyFolderPermissions", @@ -738,7 +738,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "ModifyFolderPermissions", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json index 92741854741..c5dba12ac8f 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json @@ -8,7 +8,7 @@ "port": 12345 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -52,7 +52,7 @@ "port": 12345 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -95,7 +95,7 @@ "ip": "10.11.12.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -137,7 +137,7 @@ "ip": "10.11.12.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -180,7 +180,7 @@ "port": 12345 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -224,7 +224,7 @@ "port": 12345 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -276,7 +276,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -327,7 +327,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -378,7 +378,7 @@ "ip": "10.11.12.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -419,7 +419,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -449,7 +449,7 @@ "domain": "[localhost]:12345" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -479,7 +479,7 @@ "domain": "localhost:12345" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -509,7 +509,7 @@ "domain": "[cool.client.local]:12345" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -539,7 +539,7 @@ "domain": "cool.client.local" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -569,7 +569,7 @@ "domain": "cool.client.local:12345" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json index f5aeeb33879..785205e5b07 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json @@ -10,7 +10,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Update", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json index 657912fca8a..0a17e306d9a 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-17T16:59:44.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "added-group-account-to", @@ -55,7 +55,7 @@ { "@timestamp": "2020-02-17T16:59:47.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "added-users-to-group", @@ -142,7 +142,7 @@ { "@timestamp": "2020-02-17T16:59:44.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "added-users-to-group", @@ -211,7 +211,7 @@ { "@timestamp": "2020-02-17T16:59:34.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TeamsSessionStarted", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json index 503b3a42894..c611fc6786d 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "UserLoggedIn", @@ -116,7 +116,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Set-Mailbox", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json index 491e370dc86..f948e805595 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-14T19:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AlertEntityGenerated", @@ -68,7 +68,7 @@ { "@timestamp": "2020-02-14T19:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AlertTriggered", @@ -130,7 +130,7 @@ { "@timestamp": "2020-02-14T19:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AlertTriggered", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json index e52ae9d0b49..a4342155157 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "PageViewed", @@ -106,7 +106,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "PageViewed", @@ -205,7 +205,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "PageViewed", @@ -304,7 +304,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "PageViewed", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json index e2030e96479..805e7b1d30c 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileDeleted", @@ -116,7 +116,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileDeleted", @@ -225,7 +225,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileAccessed", @@ -334,7 +334,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileAccessed", @@ -443,7 +443,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileUploaded", @@ -553,7 +553,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileModified", @@ -662,7 +662,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileDeleted", @@ -771,7 +771,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileUploaded", @@ -881,7 +881,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileModified", @@ -990,7 +990,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileModified", @@ -1099,7 +1099,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "FileModified", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json index 62c7a2396c0..c763ea95330 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json @@ -4,7 +4,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AddedToGroup", @@ -75,7 +75,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AddedToGroup", @@ -146,7 +146,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AddedToGroup", @@ -217,7 +217,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AddedToGroup", @@ -288,7 +288,7 @@ "@timestamp": "2020-02-17T16:59:49.000Z", "client": {}, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AddedToGroup", @@ -362,7 +362,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SharingInheritanceBroken", @@ -463,7 +463,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "AnonymousLinkCreated", @@ -568,7 +568,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SharingSet", @@ -674,7 +674,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SharingSet", @@ -780,7 +780,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SharingSet", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json index 2870e9fdbb1..6c673efb07d 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json @@ -8,7 +8,7 @@ "port": 12345 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GroupCreation", @@ -97,7 +97,7 @@ "port": 12346 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GroupCreation", diff --git a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 4920184ee0e..9c380b84e0b 100644 --- a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Office 365 Audit logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/o365/data_stream/audit/sample_event.json b/packages/o365/data_stream/audit/sample_event.json index 72da4ab351f..2d51ddfb7a3 100644 --- a/packages/o365/data_stream/audit/sample_event.json +++ b/packages/o365/data_stream/audit/sample_event.json @@ -17,7 +17,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/o365/docs/README.md b/packages/o365/docs/README.md index c345322f066..da1296aff91 100644 --- a/packages/o365/docs/README.md +++ b/packages/o365/docs/README.md @@ -49,7 +49,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index b9b95e46c45..4d682d80a0e 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -1,6 +1,6 @@ name: o365 title: Office 365 Logs -version: 1.6.0 +version: "1.7.0" release: ga description: Collect and parse event logs from Office 365 with Elastic Agent. type: integration diff --git a/packages/okta/_dev/build/build.yml b/packages/okta/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/okta/_dev/build/build.yml +++ b/packages/okta/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml index d1af29ea33b..2016ed78914 100644 --- a/packages/okta/changelog.yml +++ b/packages/okta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.8.0" changes: - description: Add `okta.debug_context.debug_data.risk_level` field diff --git a/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json b/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json index 579a962a405..cb143a7a063 100644 --- a/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json +++ b/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json @@ -19,7 +19,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user.session.end", @@ -167,7 +167,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user.session.end", @@ -315,7 +315,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user.session.end", @@ -462,7 +462,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user.session.end", @@ -599,7 +599,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user.session.start", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "user.authentication.verify", diff --git a/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml b/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml index 2f8904dc41f..d9c220d1386 100644 --- a/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml +++ b/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Okta system logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/okta/data_stream/system/sample_event.json b/packages/okta/data_stream/system/sample_event.json index f50738dcc04..e048970ffba 100644 --- a/packages/okta/data_stream/system/sample_event.json +++ b/packages/okta/data_stream/system/sample_event.json @@ -29,7 +29,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", diff --git a/packages/okta/docs/README.md b/packages/okta/docs/README.md index d14118f0d9a..a791d0c7b3d 100644 --- a/packages/okta/docs/README.md +++ b/packages/okta/docs/README.md @@ -42,7 +42,7 @@ An example event for `system` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml index ef0e5684ee9..2dc6520eae0 100644 --- a/packages/okta/manifest.yml +++ b/packages/okta/manifest.yml @@ -1,6 +1,6 @@ name: okta title: Okta Logs -version: 1.8.0 +version: "1.9.0" release: ga description: Collect and parse event logs from Okta API with Elastic Agent. type: integration diff --git a/packages/oracle/_dev/build/build.yml b/packages/oracle/_dev/build/build.yml index 47cbed9fed8..5661d603a89 100644 --- a/packages/oracle/_dev/build/build.yml +++ b/packages/oracle/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: git@v8.3.0 diff --git a/packages/oracle/changelog.yml b/packages/oracle/changelog.yml index 392df213ae7..cef480d7162 100644 --- a/packages/oracle/changelog.yml +++ b/packages/oracle/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.2" changes: - description: Supporting the double digit date parsing in ingest pipeline for oracle logs diff --git a/packages/oracle/data_stream/database_audit/_dev/test/pipeline/test-oracle-database-audit.log-expected.json b/packages/oracle/data_stream/database_audit/_dev/test/pipeline/test-oracle-database-audit.log-expected.json index 26d3d087153..1cb487154b0 100644 --- a/packages/oracle/data_stream/database_audit/_dev/test/pipeline/test-oracle-database-audit.log-expected.json +++ b/packages/oracle/data_stream/database_audit/_dev/test/pipeline/test-oracle-database-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-21T15:58:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -58,7 +58,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -116,7 +116,7 @@ "domain": "test.local" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -168,7 +168,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -219,7 +219,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -270,7 +270,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -321,7 +321,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -372,7 +372,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -423,7 +423,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -474,7 +474,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -525,7 +525,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -576,7 +576,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -627,7 +627,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -678,7 +678,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -729,7 +729,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -780,7 +780,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -831,7 +831,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -882,7 +882,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -933,7 +933,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -984,7 +984,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -1035,7 +1035,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -1086,7 +1086,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -1137,7 +1137,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", @@ -1188,7 +1188,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "action": "database_audit", diff --git a/packages/oracle/data_stream/database_audit/elasticsearch/ingest_pipeline/default.yml b/packages/oracle/data_stream/database_audit/elasticsearch/ingest_pipeline/default.yml index c308c66d0c9..fc4d6a33d68 100644 --- a/packages/oracle/data_stream/database_audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/oracle/data_stream/database_audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Oracle Audit logs processors: - set: field: ecs.version - value: "8.0.0" + value: "8.3.0" - set: field: event.action value: database_audit diff --git a/packages/oracle/data_stream/database_audit/sample_event.json b/packages/oracle/data_stream/database_audit/sample_event.json index 7b8c34709ce..f31d24c3a2f 100644 --- a/packages/oracle/data_stream/database_audit/sample_event.json +++ b/packages/oracle/data_stream/database_audit/sample_event.json @@ -18,7 +18,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "5940e9e3-013b-43c0-a459-261d69b08862", diff --git a/packages/oracle/docs/README.md b/packages/oracle/docs/README.md index 3d98318c494..26385a60bac 100644 --- a/packages/oracle/docs/README.md +++ b/packages/oracle/docs/README.md @@ -125,7 +125,7 @@ An example event for `database_audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "5940e9e3-013b-43c0-a459-261d69b08862", diff --git a/packages/oracle/manifest.yml b/packages/oracle/manifest.yml index 3c1218339fa..57e9c052a09 100644 --- a/packages/oracle/manifest.yml +++ b/packages/oracle/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: oracle title: "Oracle" -version: 1.0.2 +version: "1.1.0" license: basic description: "Oracle Audit Log Integration" type: integration diff --git a/packages/osquery/_dev/build/build.yml b/packages/osquery/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/osquery/_dev/build/build.yml +++ b/packages/osquery/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/osquery/changelog.yml b/packages/osquery/changelog.yml index ce8b5180459..a78512546af 100644 --- a/packages/osquery/changelog.yml +++ b/packages/osquery/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json b/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json index 7a8e53f2907..2f7e153ac29 100644 --- a/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json +++ b/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json @@ -2,4688 +2,4688 @@ "expected": [ { "@timestamp": "2017-12-28T14:40:08.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "removed", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"removed\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75966945\",\"blocks_free\":\"121274885\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s4\",\"device_alias\":\"/dev/disk1s4\",\"flags\":\"345018372\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036854775804\",\"path\":\"/private/var/vm\",\"type\":\"apfs\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514472008\"}", + "type": "info" + }, "file": { - "type": "apfs", - "path": "/private/var/vm" + "path": "/private/var/vm", + "type": "apfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "removed", + "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", "columns": { - "path": "/private/var/vm", "blocks": "122061322", - "inodes": "9223372036854775807", - "flags": "345018372", - "inodes_free": "9223372036854775804", - "blocks_size": "4096", "blocks_available": "75966945", - "type": "apfs", + "blocks_free": "121274885", + "blocks_size": "4096", "device": "/dev/disk1s4", "device_alias": "/dev/disk1s4", - "blocks_free": "121274885" + "flags": "345018372", + "inodes": "9223372036854775807", + "inodes_free": "9223372036854775804", + "path": "/private/var/vm", + "type": "apfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1514472008", - "action": "removed", + "counter": "1", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "1", - "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_mounts", + "unix_time": "1514472008" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "removed", - "original": "{\"action\":\"removed\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75966945\",\"blocks_free\":\"121274885\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s4\",\"device_alias\":\"/dev/disk1s4\",\"flags\":\"345018372\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036854775804\",\"path\":\"/private/var/vm\",\"type\":\"apfs\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514472008\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423113\",\"name\":\"pack_ossec-rootkit_adore_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_adore_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423113", + "name": "pack_ossec-rootkit_adore_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423113\",\"name\":\"pack_ossec-rootkit_adore_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_55808.a_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "38", - "output_size": "0", - "name": "pack_ossec-rootkit_55808.a_worm", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423094", + "name": "pack_ossec-rootkit_55808.a_worm", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_55808.a_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"37\",\"interval\":\"60\",\"last_executed\":\"1515423092\",\"name\":\"pack_ossec-rootkit_adore_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "37", - "output_size": "0", - "name": "pack_ossec-rootkit_adore_worm", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423092", + "name": "pack_ossec-rootkit_adore_worm", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"37\",\"interval\":\"60\",\"last_executed\":\"1515423092\",\"name\":\"pack_ossec-rootkit_adore_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"41\",\"interval\":\"60\",\"last_executed\":\"1515423065\",\"name\":\"pack_ossec-rootkit_ajakit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "41", - "output_size": "0", - "name": "pack_ossec-rootkit_ajakit_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423065", + "name": "pack_ossec-rootkit_ajakit_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"41\",\"interval\":\"60\",\"last_executed\":\"1515423065\",\"name\":\"pack_ossec-rootkit_ajakit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_anonoiyng_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_anonoiyng_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423075", + "name": "pack_ossec-rootkit_anonoiyng_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_anonoiyng_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"43\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_apa_kit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "43", - "output_size": "0", - "name": "pack_ossec-rootkit_apa_kit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423081", + "name": "pack_ossec-rootkit_apa_kit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"43\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_apa_kit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423113\",\"name\":\"pack_ossec-rootkit_ark_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_ark_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423113", + "name": "pack_ossec-rootkit_ark_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423113\",\"name\":\"pack_ossec-rootkit_ark_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_bash_door\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "39", - "output_size": "0", - "name": "pack_ossec-rootkit_bash_door", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423086", + "name": "pack_ossec-rootkit_bash_door", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_bash_door\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_beastkit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "38", - "output_size": "0", - "name": "pack_ossec-rootkit_beastkit_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423094", + "name": "pack_ossec-rootkit_beastkit_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_beastkit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"45\",\"interval\":\"60\",\"last_executed\":\"1515423112\",\"name\":\"pack_ossec-rootkit_bmbl_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "45", - "output_size": "0", - "name": "pack_ossec-rootkit_bmbl_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423112", + "name": "pack_ossec-rootkit_bmbl_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"45\",\"interval\":\"60\",\"last_executed\":\"1515423112\",\"name\":\"pack_ossec-rootkit_bmbl_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"41\",\"interval\":\"60\",\"last_executed\":\"1515423065\",\"name\":\"pack_ossec-rootkit_bobkit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "41", - "output_size": "0", - "name": "pack_ossec-rootkit_bobkit_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423065", + "name": "pack_ossec-rootkit_bobkit_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"41\",\"interval\":\"60\",\"last_executed\":\"1515423065\",\"name\":\"pack_ossec-rootkit_bobkit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_cback_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "42", - "output_size": "0", - "name": "pack_ossec-rootkit_cback_worm", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423084", + "name": "pack_ossec-rootkit_cback_worm", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_cback_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_enye_sec_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_enye_sec_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423081", + "name": "pack_ossec-rootkit_enye_sec_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_enye_sec_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423112\",\"name\":\"pack_ossec-rootkit_esrk_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_esrk_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423112", + "name": "pack_ossec-rootkit_esrk_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423112\",\"name\":\"pack_ossec-rootkit_esrk_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"41\",\"interval\":\"60\",\"last_executed\":\"1515423065\",\"name\":\"pack_ossec-rootkit_fu_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "41", - "output_size": "0", - "name": "pack_ossec-rootkit_fu_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423065", + "name": "pack_ossec-rootkit_fu_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"41\",\"interval\":\"60\",\"last_executed\":\"1515423065\",\"name\":\"pack_ossec-rootkit_fu_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"37\",\"interval\":\"60\",\"last_executed\":\"1515423092\",\"name\":\"pack_ossec-rootkit_hidr00tkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "37", - "output_size": "0", - "name": "pack_ossec-rootkit_hidr00tkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423092", + "name": "pack_ossec-rootkit_hidr00tkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"37\",\"interval\":\"60\",\"last_executed\":\"1515423092\",\"name\":\"pack_ossec-rootkit_hidr00tkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_illogic_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "39", - "output_size": "0", - "name": "pack_ossec-rootkit_illogic_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423086", + "name": "pack_ossec-rootkit_illogic_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_illogic_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_kenga3_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_kenga3_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423075", + "name": "pack_ossec-rootkit_kenga3_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_kenga3_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_knark_installed\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_knark_installed", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423051", + "name": "pack_ossec-rootkit_knark_installed", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_knark_installed\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_ldp_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "42", - "output_size": "0", - "name": "pack_ossec-rootkit_ldp_worm", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423084", + "name": "pack_ossec-rootkit_ldp_worm", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_ldp_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423112\",\"name\":\"pack_ossec-rootkit_lion_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_lion_worm", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423112", + "name": "pack_ossec-rootkit_lion_worm", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423112\",\"name\":\"pack_ossec-rootkit_lion_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_loc_rookit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "38", - "output_size": "0", - "name": "pack_ossec-rootkit_loc_rookit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423094", + "name": "pack_ossec-rootkit_loc_rookit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" - ] - }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" + ], + "user": [ + "ubuntu" + ] }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_loc_rookit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"41\",\"interval\":\"60\",\"last_executed\":\"1515423065\",\"name\":\"pack_ossec-rootkit_lrk_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "41", - "output_size": "0", - "name": "pack_ossec-rootkit_lrk_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423065", + "name": "pack_ossec-rootkit_lrk_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"41\",\"interval\":\"60\",\"last_executed\":\"1515423065\",\"name\":\"pack_ossec-rootkit_lrk_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_madalin_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "42", - "output_size": "0", - "name": "pack_ossec-rootkit_madalin_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423084", + "name": "pack_ossec-rootkit_madalin_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_madalin_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_maniac_rk\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "42", - "output_size": "0", - "name": "pack_ossec-rootkit_maniac_rk", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423084", + "name": "pack_ossec-rootkit_maniac_rk", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_maniac_rk\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"43\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_mithra`s_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "43", - "output_size": "0", - "name": "pack_ossec-rootkit_mithra`s_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423081", + "name": "pack_ossec-rootkit_mithra`s_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"43\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_mithra`s_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_monkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_monkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423081", + "name": "pack_ossec-rootkit_monkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_monkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_monkit_found\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_monkit_found", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423051", + "name": "pack_ossec-rootkit_monkit_found", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_monkit_found\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_old_rootkits\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "42", - "output_size": "0", - "name": "pack_ossec-rootkit_old_rootkits", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423084", + "name": "pack_ossec-rootkit_old_rootkits", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_old_rootkits\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_omega_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "38", - "output_size": "0", - "name": "pack_ossec-rootkit_omega_worm", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423094", + "name": "pack_ossec-rootkit_omega_worm", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_omega_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_optickit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "38", - "output_size": "0", - "name": "pack_ossec-rootkit_optickit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423094", + "name": "pack_ossec-rootkit_optickit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_optickit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_override_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "39", - "output_size": "0", - "name": "pack_ossec-rootkit_override_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423086", + "name": "pack_ossec-rootkit_override_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_override_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"37\",\"interval\":\"60\",\"last_executed\":\"1515423092\",\"name\":\"pack_ossec-rootkit_phalanx_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "37", - "output_size": "0", - "name": "pack_ossec-rootkit_phalanx_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423092", + "name": "pack_ossec-rootkit_phalanx_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"37\",\"interval\":\"60\",\"last_executed\":\"1515423092\",\"name\":\"pack_ossec-rootkit_phalanx_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "name": "ubuntu" + } + }, + { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_ramen_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "39", - "output_size": "0", - "name": "pack_ossec-rootkit_ramen_worm", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423086", + "name": "pack_ossec-rootkit_ramen_worm", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_ramen_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423112\",\"name\":\"pack_ossec-rootkit_rh_sharpe\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_rh_sharpe", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423112", + "name": "pack_ossec-rootkit_rh_sharpe", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423112\",\"name\":\"pack_ossec-rootkit_rh_sharpe\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_rk17\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "42", - "output_size": "0", - "name": "pack_ossec-rootkit_rk17", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423084", + "name": "pack_ossec-rootkit_rk17", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"42\",\"interval\":\"60\",\"last_executed\":\"1515423084\",\"name\":\"pack_ossec-rootkit_rk17\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_romanian_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_romanian_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423081", + "name": "pack_ossec-rootkit_romanian_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_romanian_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_rsha\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_rsha", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423075", + "name": "pack_ossec-rootkit_rsha", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_rsha\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423113\",\"name\":\"pack_ossec-rootkit_sadmind/iis_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_sadmind/iis_worm", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423113", + "name": "pack_ossec-rootkit_sadmind/iis_worm", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423113\",\"name\":\"pack_ossec-rootkit_sadmind/iis_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_scalper_installed\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_scalper_installed", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423051", + "name": "pack_ossec-rootkit_scalper_installed", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_scalper_installed\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_shitc\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "38", - "output_size": "0", - "name": "pack_ossec-rootkit_shitc", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423094", + "name": "pack_ossec-rootkit_shitc", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_shitc\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_shkit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "38", - "output_size": "0", - "name": "pack_ossec-rootkit_shkit_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423094", + "name": "pack_ossec-rootkit_shkit_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"38\",\"interval\":\"60\",\"last_executed\":\"1515423094\",\"name\":\"pack_ossec-rootkit_shkit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_showtee\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "39", - "output_size": "0", - "name": "pack_ossec-rootkit_showtee", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423086", + "name": "pack_ossec-rootkit_showtee", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_showtee\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_showtee_/_romanian_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_showtee_/_romanian_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423075", + "name": "pack_ossec-rootkit_showtee_/_romanian_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_showtee_/_romanian_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423113\",\"name\":\"pack_ossec-rootkit_shv5_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_shv5_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423113", + "name": "pack_ossec-rootkit_shv5_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423113\",\"name\":\"pack_ossec-rootkit_shv5_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_slapper_installed\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_slapper_installed", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423075", + "name": "pack_ossec-rootkit_slapper_installed", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_slapper_installed\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_solaris_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_solaris_worm", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423051", + "name": "pack_ossec-rootkit_solaris_worm", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_solaris_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_suckit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_suckit_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423075", + "name": "pack_ossec-rootkit_suckit_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_suckit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"41\",\"interval\":\"60\",\"last_executed\":\"1515423065\",\"name\":\"pack_ossec-rootkit_suspicious_file\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "41", - "output_size": "0", - "name": "pack_ossec-rootkit_suspicious_file", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423065", + "name": "pack_ossec-rootkit_suspicious_file", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"41\",\"interval\":\"60\",\"last_executed\":\"1515423065\",\"name\":\"pack_ossec-rootkit_suspicious_file\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_t0rn_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_t0rn_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423051", + "name": "pack_ossec-rootkit_t0rn_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_t0rn_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_tc2_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_tc2_worm", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423051", + "name": "pack_ossec-rootkit_tc2_worm", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_tc2_worm\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"43\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_telekit_trojan\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "43", - "output_size": "0", - "name": "pack_ossec-rootkit_telekit_trojan", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423081", + "name": "pack_ossec-rootkit_telekit_trojan", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"43\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_telekit_trojan\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_tribe_bot\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_tribe_bot", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423075", + "name": "pack_ossec-rootkit_tribe_bot", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_tribe_bot\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_trk_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "39", - "output_size": "0", - "name": "pack_ossec-rootkit_trk_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423086", + "name": "pack_ossec-rootkit_trk_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_trk_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_tuxkit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_tuxkit_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423051", + "name": "pack_ossec-rootkit_tuxkit_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423051\",\"name\":\"pack_ossec-rootkit_tuxkit_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_volc_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "40", - "output_size": "0", - "name": "pack_ossec-rootkit_volc_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423075", + "name": "pack_ossec-rootkit_volc_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" - ] - }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" + ], + "user": [ + "ubuntu" + ] }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"40\",\"interval\":\"60\",\"last_executed\":\"1515423075\",\"name\":\"pack_ossec-rootkit_volc_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_zarwt_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "39", - "output_size": "0", - "name": "pack_ossec-rootkit_zarwt_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423086", + "name": "pack_ossec-rootkit_zarwt_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"39\",\"interval\":\"60\",\"last_executed\":\"1515423086\",\"name\":\"pack_ossec-rootkit_zarwt_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_zk_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", "columns": { "average_memory": "0", "avg_system_time": "0", + "avg_user_time": "0", "executions": "36", - "output_size": "0", - "name": "pack_ossec-rootkit_zk_rootkit", "interval": "60", - "avg_user_time": "0", "last_executed": "1515423081", + "name": "pack_ossec-rootkit_zk_rootkit", + "output_size": "0", "wall_time": "0" }, - "name": "pack_osquery-monitoring_schedule", - "unix_time": "1515423115", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Mon Jan 8 14:51:55 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_osquery-monitoring_schedule", + "unix_time": "1515423115" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_osquery-monitoring_schedule" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 14:51:55 2018 UTC\",\"columns\":{\"average_memory\":\"0\",\"avg_system_time\":\"0\",\"avg_user_time\":\"0\",\"executions\":\"36\",\"interval\":\"60\",\"last_executed\":\"1515423081\",\"name\":\"pack_ossec-rootkit_zk_rootkit\",\"output_size\":\"0\",\"wall_time\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_osquery-monitoring_schedule\",\"unixTime\":\"1515423115\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T17:06:29.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 17:06:29 2018 UTC\",\"columns\":{\"atime\":\"1515431166\",\"block_size\":\"4096\",\"btime\":\"0\",\"ctime\":\"1515431161\",\"device\":\"0\",\"directory\":\"/tmp/.font-unix\",\"filename\":\".cinik\",\"gid\":\"0\",\"hard_links\":\"1\",\"inode\":\"256622\",\"mode\":\"0644\",\"mtime\":\"1515431161\",\"path\":\"/tmp/.font-unix/.cinik\",\"size\":\"0\",\"symlink\":\"1\",\"type\":\"regular\",\"uid\":\"0\"},\"counter\":\"90\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_ossec-rootkit_slapper_installed\",\"unixTime\":\"1515431189\"}", + "type": "info" + }, "file": { + "accessed": "2018-01-08T17:06:06.000Z", + "created": "2018-01-08T17:06:01.000Z", + "directory": "/tmp/.font-unix", + "gid": "0", "inode": "256622", "mode": "0644", + "mtime": "2018-01-08T17:06:01.000Z", + "name": ".cinik", "path": "/tmp/.font-unix/.cinik", - "uid": "0", - "gid": "0", "size": 0, - "created": "2018-01-08T17:06:01.000Z", - "name": ".cinik", - "accessed": "2018-01-08T17:06:06.000Z", - "mtime": "2018-01-08T17:06:01.000Z", "type": "regular", - "directory": "/tmp/.font-unix" + "uid": "0" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 17:06:29 2018 UTC", "columns": { "atime": "1515431166", - "gid": "0", - "mtime": "1515431161", - "type": "regular", + "block_size": "4096", + "btime": "0", + "ctime": "1515431161", + "device": "0", "directory": "/tmp/.font-unix", + "filename": ".cinik", + "gid": "0", + "hard_links": "1", "inode": "256622", "mode": "0644", + "mtime": "1515431161", "path": "/tmp/.font-unix/.cinik", - "uid": "0", - "filename": ".cinik", - "btime": "0", "size": "0", "symlink": "1", - "ctime": "1515431161", - "block_size": "4096", - "device": "0", - "hard_links": "1" + "type": "regular", + "uid": "0" }, - "name": "pack_ossec-rootkit_slapper_installed", - "unix_time": "1515431189", - "action": "added", + "counter": "90", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "90", - "calendar_time": "Mon Jan 8 17:06:29 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_ossec-rootkit_slapper_installed", + "unix_time": "1515431189" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_ossec-rootkit_slapper_installed" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 17:06:29 2018 UTC\",\"columns\":{\"atime\":\"1515431166\",\"block_size\":\"4096\",\"btime\":\"0\",\"ctime\":\"1515431161\",\"device\":\"0\",\"directory\":\"/tmp/.font-unix\",\"filename\":\".cinik\",\"gid\":\"0\",\"hard_links\":\"1\",\"inode\":\"256622\",\"mode\":\"0644\",\"mtime\":\"1515431161\",\"path\":\"/tmp/.font-unix/.cinik\",\"size\":\"0\",\"symlink\":\"1\",\"type\":\"regular\",\"uid\":\"0\"},\"counter\":\"90\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_ossec-rootkit_slapper_installed\",\"unixTime\":\"1515431189\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2018-01-08T17:19:48.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 17:19:48 2018 UTC\",\"columns\":{\"atime\":\"1515431943\",\"block_size\":\"4096\",\"btime\":\"0\",\"ctime\":\"1515431943\",\"device\":\"0\",\"directory\":\"/usr/bin\",\"filename\":\"adore\",\"gid\":\"0\",\"hard_links\":\"1\",\"inode\":\"1919\",\"mode\":\"0644\",\"mtime\":\"1515431943\",\"path\":\"/usr/bin/adore\",\"size\":\"0\",\"symlink\":\"1\",\"type\":\"regular\",\"uid\":\"0\"},\"counter\":\"95\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_ossec-rootkit_adore_worm\",\"unixTime\":\"1515431988\"}", + "type": "info" + }, "file": { + "accessed": "2018-01-08T17:19:03.000Z", + "created": "2018-01-08T17:19:03.000Z", + "directory": "/usr/bin", + "gid": "0", "inode": "1919", "mode": "0644", + "mtime": "2018-01-08T17:19:03.000Z", + "name": "adore", "path": "/usr/bin/adore", - "uid": "0", - "gid": "0", "size": 0, - "created": "2018-01-08T17:19:03.000Z", - "name": "adore", - "accessed": "2018-01-08T17:19:03.000Z", - "mtime": "2018-01-08T17:19:03.000Z", "type": "regular", - "directory": "/usr/bin" + "uid": "0" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Mon Jan 8 17:19:48 2018 UTC", "columns": { "atime": "1515431943", - "gid": "0", - "mtime": "1515431943", - "type": "regular", + "block_size": "4096", + "btime": "0", + "ctime": "1515431943", + "device": "0", "directory": "/usr/bin", + "filename": "adore", + "gid": "0", + "hard_links": "1", "inode": "1919", "mode": "0644", + "mtime": "1515431943", "path": "/usr/bin/adore", - "uid": "0", - "filename": "adore", - "btime": "0", "size": "0", "symlink": "1", - "ctime": "1515431943", - "block_size": "4096", - "device": "0", - "hard_links": "1" + "type": "regular", + "uid": "0" }, - "name": "pack_ossec-rootkit_adore_worm", - "unix_time": "1515431988", - "action": "added", + "counter": "95", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "95", - "calendar_time": "Mon Jan 8 17:19:48 2018 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_ossec-rootkit_adore_worm", + "unix_time": "1515431988" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_ossec-rootkit_adore_worm" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Mon Jan 8 17:19:48 2018 UTC\",\"columns\":{\"atime\":\"1515431943\",\"block_size\":\"4096\",\"btime\":\"0\",\"ctime\":\"1515431943\",\"device\":\"0\",\"directory\":\"/usr/bin\",\"filename\":\"adore\",\"gid\":\"0\",\"hard_links\":\"1\",\"inode\":\"1919\",\"mode\":\"0644\",\"mtime\":\"1515431943\",\"path\":\"/usr/bin/adore\",\"size\":\"0\",\"symlink\":\"1\",\"type\":\"regular\",\"uid\":\"0\"},\"counter\":\"95\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_ossec-rootkit_adore_worm\",\"unixTime\":\"1515431988\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { - "process": { - "name": "org.python.python.app" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"org.python.python.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "org.python.python.app" }, - "name": "pack_it-compliance_alf_explicit_auths", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_explicit_auths", + "unix_time": "1514471990" } }, + "process": { + "name": "org.python.python.app" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_explicit_auths" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"org.python.python.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "com.apple.ruby" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.ruby\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "com.apple.ruby" }, - "name": "pack_it-compliance_alf_explicit_auths", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_explicit_auths", + "unix_time": "1514471990" } }, + "process": { + "name": "com.apple.ruby" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_explicit_auths" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.ruby\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "com.apple.a2p" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.a2p\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "com.apple.a2p" }, - "name": "pack_it-compliance_alf_explicit_auths", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_explicit_auths", + "unix_time": "1514471990" } }, + "process": { + "name": "com.apple.a2p" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_explicit_auths" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.a2p\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "com.apple.javajdk16.cmd" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.javajdk16.cmd\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "com.apple.javajdk16.cmd" }, - "name": "pack_it-compliance_alf_explicit_auths", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_explicit_auths", + "unix_time": "1514471990" } }, + "process": { + "name": "com.apple.javajdk16.cmd" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_explicit_auths" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.javajdk16.cmd\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "com.apple.php" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.php\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "com.apple.php" }, - "name": "pack_it-compliance_alf_explicit_auths", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_explicit_auths", + "unix_time": "1514471990" } }, + "process": { + "name": "com.apple.php" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_explicit_auths" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.php\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "com.apple.nc" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.nc\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "com.apple.nc" }, - "name": "pack_it-compliance_alf_explicit_auths", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_explicit_auths", + "unix_time": "1514471990" } }, + "process": { + "name": "com.apple.nc" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_explicit_auths" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.nc\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] - }, + ], + "user": { + "name": "tsg" + } + }, { - "process": { - "name": "com.apple.ksh" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.ksh\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "com.apple.ksh" }, - "name": "pack_it-compliance_alf_explicit_auths", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_explicit_auths", + "unix_time": "1514471990" } }, + "process": { + "name": "com.apple.ksh" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_explicit_auths" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"com.apple.ksh\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_explicit_auths\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "httpd" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"httpd\",\"service\":\"Personal Web Sharing\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "httpd", "service": "Personal Web Sharing", "state": "0" }, - "name": "pack_it-compliance_alf_services", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_services", + "unix_time": "1514471990" } }, + "process": { + "name": "httpd" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_services" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"httpd\",\"service\":\"Personal Web Sharing\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "cupsd" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"cupsd\",\"service\":\"Printer Sharing\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "cupsd", "service": "Printer Sharing", "state": "0" }, - "name": "pack_it-compliance_alf_services", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_services", + "unix_time": "1514471990" } }, + "process": { + "name": "cupsd" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_services" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"cupsd\",\"service\":\"Printer Sharing\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "AEServer" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"AEServer\",\"service\":\"Remote Apple Events\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "AEServer", "service": "Remote Apple Events", "state": "0" }, - "name": "pack_it-compliance_alf_services", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_services", + "unix_time": "1514471990" } }, + "process": { + "name": "AEServer" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_services" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"AEServer\",\"service\":\"Remote Apple Events\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "ftpd" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"ftpd\",\"service\":\"FTP Access\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "ftpd", "service": "FTP Access", "state": "0" }, - "name": "pack_it-compliance_alf_services", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_services", + "unix_time": "1514471990" } }, + "process": { + "name": "ftpd" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_services" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"ftpd\",\"service\":\"FTP Access\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "AppleFileServer" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"AppleFileServer\",\"service\":\"Personal File Sharing\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "AppleFileServer", "service": "Personal File Sharing", "state": "0" }, - "name": "pack_it-compliance_alf_services", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_services", + "unix_time": "1514471990" } }, + "process": { + "name": "AppleFileServer" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_services" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"AppleFileServer\",\"service\":\"Personal File Sharing\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "sshd-keygen-wrapper" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"sshd-keygen-wrapper\",\"service\":\"Remote Login - SSH\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "sshd-keygen-wrapper", "service": "Remote Login - SSH", "state": "0" }, - "name": "pack_it-compliance_alf_services", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_services", + "unix_time": "1514471990" } }, + "process": { + "name": "sshd-keygen-wrapper" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_services" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"sshd-keygen-wrapper\",\"service\":\"Remote Login - SSH\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "smbd" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"smbd\",\"service\":\"Samba Sharing\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "smbd", "service": "Samba Sharing", "state": "0" }, - "name": "pack_it-compliance_alf_services", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_services", + "unix_time": "1514471990" } }, + "process": { + "name": "smbd" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_services" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"smbd\",\"service\":\"Samba Sharing\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "AppleVNCServer" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"AppleVNCServer\",\"service\":\"Apple Remote Desktop\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "AppleVNCServer", "service": "Apple Remote Desktop", "state": "0" }, - "name": "pack_it-compliance_alf_services", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_services", + "unix_time": "1514471990" } }, + "process": { + "name": "AppleVNCServer" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_services" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"AppleVNCServer\",\"service\":\"Apple Remote Desktop\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { - "process": { - "name": "ODSAgent" - }, "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"ODSAgent\",\"service\":\"ODSAgent\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", "columns": { "process": "ODSAgent", "service": "ODSAgent", "state": "0" }, - "name": "pack_it-compliance_alf_services", - "unix_time": "1514471990", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:50 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_services", + "unix_time": "1514471990" } }, + "process": { + "name": "ODSAgent" + }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_services" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:50 2017 UTC\",\"columns\":{\"process\":\"ODSAgent\",\"service\":\"ODSAgent\",\"state\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_services\",\"unixTime\":\"1514471990\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"LastPass\",\"description\":\"Last Password you will ever need\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"support@lastpass.com\",\"location\":\"app-profile\",\"name\":\"LastPass: Free Password Manager\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"https://addons.cdn.mozilla.net/user-media/addons/8542/lastpass_password_manager-4.2.3.20-an+fx.xpi?filehash=sha256%3Acb837b4d738d51fac1d4361b7ac50cac1fc2828c2848057f10f88220aff77380\",\"type\":\"webextension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"4.2.3.20\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" }, - "user": { - "name": "tsg" + "file": { + "directory": "/Users/tsg", + "gid": "20", + "type": "webextension", + "uid": "501" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, - "tags": [ - "preserve_original_event" - ] - }, - { "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "support@lastpass.com", - "creator": "LastPass", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "LastPass", "description": "Last Password you will ever need", - "type": "webextension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "4.2.3.20", - "autoupdate": "1", - "source_url": "https://addons.cdn.mozilla.net/user-media/addons/8542/lastpass_password_manager-4.2.3.20-an+fx.xpi?filehash=sha256%3Acb837b4d738d51fac1d4361b7ac50cac1fc2828c2848057f10f88220aff77380", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "support@lastpass.com", + "location": "app-profile", + "name": "LastPass: Free Password Manager", "native": "0", "shell": "/bin/zsh", + "source_url": "https://addons.cdn.mozilla.net/user-media/addons/8542/lastpass_password_manager-4.2.3.20-an+fx.xpi?filehash=sha256%3Acb837b4d738d51fac1d4361b7ac50cac1fc2828c2848057f10f88220aff77380", + "type": "webextension", + "uid": "501", "uid_signed": "501", - "name": "LastPass: Free Password Manager", - "disabled": "0", - "location": "app-profile", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "4.2.3.20", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, - "rule": { - "name": "pack_it-compliance_firefox_addons" - }, - "url": { - "full": "https://addons.cdn.mozilla.net/user-media/addons/8542/lastpass_password_manager-4.2.3.20-an+fx.xpi?filehash=sha256%3Acb837b4d738d51fac1d4361b7ac50cac1fc2828c2848057f10f88220aff77380" - }, - "tags": [ - "preserve_original_event" - ], - "@timestamp": "2017-12-28T14:39:51.000Z", - "file": { - "uid": "501", - "gid": "20", - "type": "webextension", - "directory": "/Users/tsg" - }, - "ecs": { - "version": "8.2.0" - }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + "rule": { + "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"LastPass\",\"description\":\"Last Password you will ever need\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"support@lastpass.com\",\"location\":\"app-profile\",\"name\":\"LastPass: Free Password Manager\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"https://addons.cdn.mozilla.net/user-media/addons/8542/lastpass_password_manager-4.2.3.20-an+fx.xpi?filehash=sha256%3Acb837b4d738d51fac1d4361b7ac50cac1fc2828c2848057f10f88220aff77380\",\"type\":\"webextension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"4.2.3.20\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + "tags": [ + "preserve_original_event" + ], + "url": { + "full": "https://addons.cdn.mozilla.net/user-media/addons/8542/lastpass_password_manager-4.2.3.20-an+fx.xpi?filehash=sha256%3Acb837b4d738d51fac1d4361b7ac50cac1fc2828c2848057f10f88220aff77380" }, "user": { "name": "tsg" @@ -4691,938 +4691,938 @@ }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Sets value(s) in the update url based on custom checks.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"aushelper@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Application Update Service Helper\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.0\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "extension", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "aushelper@mozilla.org", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "Sets value(s) in the update url based on custom checks.", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "2.0", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "aushelper@mozilla.org", + "location": "app-system-defaults", + "name": "Application Update Service Helper", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Application Update Service Helper", - "disabled": "0", - "location": "app-system-defaults", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "2.0", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Sets value(s) in the update url based on custom checks.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"aushelper@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Application Update Service Helper\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.0\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Staged rollout of Firefox multi-process feature.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"e10srollout@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Multi-process staged rollout\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"3.05\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "extension", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "e10srollout@mozilla.org", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "Staged rollout of Firefox multi-process feature.", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "3.05", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "e10srollout@mozilla.org", + "location": "app-system-defaults", + "name": "Multi-process staged rollout", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Multi-process staged rollout", - "disabled": "0", - "location": "app-system-defaults", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "3.05", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Staged rollout of Firefox multi-process feature.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"e10srollout@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Multi-process staged rollout\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"3.05\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"When you find something you want to view later, put it in Pocket.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"firefox@getpocket.com\",\"location\":\"app-system-defaults\",\"name\":\"Pocket\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0.5\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "extension", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "firefox@getpocket.com", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "When you find something you want to view later, put it in Pocket.", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.0.5", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "firefox@getpocket.com", + "location": "app-system-defaults", + "name": "Pocket", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Pocket", - "disabled": "0", - "location": "app-system-defaults", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.0.5", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"When you find something you want to view later, put it in Pocket.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"firefox@getpocket.com\",\"location\":\"app-system-defaults\",\"name\":\"Pocket\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0.5\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"null\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"followonsearch@mozilla.com\",\"location\":\"app-system-defaults\",\"name\":\"Follow-on Search Telemetry\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"0.9.6\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "extension", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "followonsearch@mozilla.com", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "null", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "0.9.6", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "followonsearch@mozilla.com", + "location": "app-system-defaults", + "name": "Follow-on Search Telemetry", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Follow-on Search Telemetry", - "disabled": "0", - "location": "app-system-defaults", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "0.9.6", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"null\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"followonsearch@mozilla.com\",\"location\":\"app-system-defaults\",\"name\":\"Follow-on Search Telemetry\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"0.9.6\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"null\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"screenshots@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Firefox Screenshots\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"19.2.0\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "extension", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "screenshots@mozilla.org", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "null", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "19.2.0", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "screenshots@mozilla.org", + "location": "app-system-defaults", + "name": "Firefox Screenshots", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Firefox Screenshots", - "disabled": "0", - "location": "app-system-defaults", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "19.2.0", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"null\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"screenshots@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Firefox Screenshots\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"19.2.0\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Client to download and run recipes for SHIELD, Heartbeat, etc.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"shield-recipe-client@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Shield Recipe Client\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"76.1\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "extension", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "shield-recipe-client@mozilla.org", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "Client to download and run recipes for SHIELD, Heartbeat, etc.", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "76.1", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "shield-recipe-client@mozilla.org", + "location": "app-system-defaults", + "name": "Shield Recipe Client", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Shield Recipe Client", - "disabled": "0", - "location": "app-system-defaults", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "76.1", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Client to download and run recipes for SHIELD, Heartbeat, etc.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"shield-recipe-client@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Shield Recipe Client\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"76.1\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Urgent post-release fixes for web compatibility.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"webcompat@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Web Compat\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.1\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "extension", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "webcompat@mozilla.org", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "Urgent post-release fixes for web compatibility.", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.1", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "webcompat@mozilla.org", + "location": "app-system-defaults", + "name": "Web Compat", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Web Compat", - "disabled": "0", - "location": "app-system-defaults", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.1", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Urgent post-release fixes for web compatibility.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"webcompat@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Web Compat\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.1\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"A rich visual history feed and a reimagined home page make it easier than ever to find exactly what you're looking for in Firefox.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"activity-stream@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Activity Stream\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2017.11.07.1100-7f4e3634\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "extension", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "activity-stream@mozilla.org", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "A rich visual history feed and a reimagined home page make it easier than ever to find exactly what you're looking for in Firefox.", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "2017.11.07.1100-7f4e3634", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "activity-stream@mozilla.org", + "location": "app-system-defaults", + "name": "Activity Stream", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Activity Stream", - "disabled": "0", - "location": "app-system-defaults", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "2017.11.07.1100-7f4e3634", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"A rich visual history feed and a reimagined home page make it easier than ever to find exactly what you're looking for in Firefox.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"activity-stream@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Activity Stream\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2017.11.07.1100-7f4e3634\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Autofill forms with saved profiles\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"formautofill@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Form Autofill\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "extension", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "formautofill@mozilla.org", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "Autofill forms with saved profiles", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.0", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "formautofill@mozilla.org", + "location": "app-system-defaults", + "name": "Form Autofill", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Form Autofill", - "disabled": "0", - "location": "app-system-defaults", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.0", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Autofill forms with saved profiles\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"formautofill@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Form Autofill\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Photon onboarding\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"onboarding@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Photon onboarding\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "extension", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "onboarding@mozilla.org", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "Photon onboarding", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.0", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "onboarding@mozilla.org", + "location": "app-system-defaults", + "name": "Photon onboarding", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Photon onboarding", - "disabled": "0", - "location": "app-system-defaults", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.0", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Photon onboarding\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"onboarding@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Photon onboarding\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"Mozilla\",\"description\":\"The default theme.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"location\":\"app-global\",\"name\":\"Default\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"theme\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"57.0.1\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { - "uid": "501", + "directory": "/Users/tsg", "gid": "20", "type": "theme", - "directory": "/Users/tsg" + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "{972ce4c6-7e08-4474-a285-3208198ce6fd}", - "creator": "Mozilla", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "Mozilla", "description": "The default theme.", - "type": "theme", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "57.0.1", - "autoupdate": "1", - "source_url": "null", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "{972ce4c6-7e08-4474-a285-3208198ce6fd}", + "location": "app-global", + "name": "Default", "native": "0", "shell": "/bin/zsh", + "source_url": "null", + "type": "theme", + "uid": "501", "uid_signed": "501", - "name": "Default", - "disabled": "0", - "location": "app-global", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "57.0.1", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_firefox_addons" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"Mozilla\",\"description\":\"The default theme.\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"location\":\"app-global\",\"name\":\"Default\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"null\",\"type\":\"theme\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"57.0.1\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"This disables NV12 surface format on Windows for AMD graphic adapters, see bug 1417442\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"disable-media-wmf-nv12@mozilla.org\",\"location\":\"app-system-addons\",\"name\":\"Disable Media WMF NV12 format\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"file:///var/folders/rl/ps6sz7995lq3kqz5v9bmwjlh0000gn/T/tmpaddon\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.1\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", + "type": "info" }, - "user": { - "name": "tsg" + "file": { + "directory": "/Users/tsg", + "gid": "20", + "type": "extension", + "uid": "501" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, - "tags": [ - "preserve_original_event" - ] - }, - { "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "disable-media-wmf-nv12@mozilla.org", - "creator": "null", - "gid": "20", - "visible": "1", "active": "1", + "autoupdate": "1", + "creator": "null", "description": "This disables NV12 surface format on Windows for AMD graphic adapters, see bug 1417442", - "type": "extension", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.1", - "autoupdate": "1", - "source_url": "file:///var/folders/rl/ps6sz7995lq3kqz5v9bmwjlh0000gn/T/tmpaddon", - "uid": "501", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "disable-media-wmf-nv12@mozilla.org", + "location": "app-system-addons", + "name": "Disable Media WMF NV12 format", "native": "0", "shell": "/bin/zsh", + "source_url": "file:///var/folders/rl/ps6sz7995lq3kqz5v9bmwjlh0000gn/T/tmpaddon", + "type": "extension", + "uid": "501", "uid_signed": "501", - "name": "Disable Media WMF NV12 format", - "disabled": "0", - "location": "app-system-addons", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.1", + "visible": "1" }, - "name": "pack_it-compliance_firefox_addons", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_firefox_addons", + "unix_time": "1514471991" } }, - "rule": { - "name": "pack_it-compliance_firefox_addons" - }, - "url": { - "full": "file:///var/folders/rl/ps6sz7995lq3kqz5v9bmwjlh0000gn/T/tmpaddon" - }, - "tags": [ - "preserve_original_event" - ], - "@timestamp": "2017-12-28T14:39:51.000Z", - "file": { - "uid": "501", - "gid": "20", - "type": "extension", - "directory": "/Users/tsg" - }, - "ecs": { - "version": "8.2.0" - }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + "rule": { + "name": "pack_it-compliance_firefox_addons" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"This disables NV12 surface format on Windows for AMD graphic adapters, see bug 1417442\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"disable-media-wmf-nv12@mozilla.org\",\"location\":\"app-system-addons\",\"name\":\"Disable Media WMF NV12 format\",\"native\":\"0\",\"path\":\"\",\"shell\":\"/bin/zsh\",\"source_url\":\"file:///var/folders/rl/ps6sz7995lq3kqz5v9bmwjlh0000gn/T/tmpaddon\",\"type\":\"extension\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.1\",\"visible\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_firefox_addons\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + "tags": [ + "preserve_original_event" + ], + "url": { + "full": "file:///var/folders/rl/ps6sz7995lq3kqz5v9bmwjlh0000gn/T/tmpaddon" }, "user": { "name": "tsg" @@ -5630,128220 +5630,128220 @@ }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"ansible\",\"path\":\"/usr/local/Cellar/ansible/\",\"version\":\"2.3.2.0_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/ansible/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "ansible", "path": "/usr/local/Cellar/ansible/", "version": "2.3.2.0_1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"ansible\",\"path\":\"/usr/local/Cellar/ansible/\",\"version\":\"2.3.2.0_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"asio\",\"path\":\"/usr/local/Cellar/asio/\",\"version\":\"1.10.8_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/asio/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "asio", "path": "/usr/local/Cellar/asio/", "version": "1.10.8_1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"asio\",\"path\":\"/usr/local/Cellar/asio/\",\"version\":\"1.10.8_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"augeas\",\"path\":\"/usr/local/Cellar/augeas/\",\"version\":\"1.9.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/augeas/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "augeas", "path": "/usr/local/Cellar/augeas/", "version": "1.9.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"augeas\",\"path\":\"/usr/local/Cellar/augeas/\",\"version\":\"1.9.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"awscli\",\"path\":\"/usr/local/Cellar/awscli/\",\"version\":\"1.11.138\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/awscli/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "awscli", "path": "/usr/local/Cellar/awscli/", "version": "1.11.138" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"awscli\",\"path\":\"/usr/local/Cellar/awscli/\",\"version\":\"1.11.138\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"boost\",\"path\":\"/usr/local/Cellar/boost/\",\"version\":\"1.65.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/boost/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "boost", "path": "/usr/local/Cellar/boost/", "version": "1.65.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"boost\",\"path\":\"/usr/local/Cellar/boost/\",\"version\":\"1.65.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"elasticsearch\",\"path\":\"/usr/local/Cellar/elasticsearch/\",\"version\":\"6.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/elasticsearch/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "elasticsearch", "path": "/usr/local/Cellar/elasticsearch/", "version": "6.1.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"elasticsearch\",\"path\":\"/usr/local/Cellar/elasticsearch/\",\"version\":\"6.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"filebeat\",\"path\":\"/usr/local/Cellar/filebeat/\",\"version\":\"6.0.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/filebeat/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "filebeat", "path": "/usr/local/Cellar/filebeat/", "version": "6.0.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"filebeat\",\"path\":\"/usr/local/Cellar/filebeat/\",\"version\":\"6.0.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"fontconfig\",\"path\":\"/usr/local/Cellar/fontconfig/\",\"version\":\"2.12.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/fontconfig/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "fontconfig", "path": "/usr/local/Cellar/fontconfig/", "version": "2.12.6" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"fontconfig\",\"path\":\"/usr/local/Cellar/fontconfig/\",\"version\":\"2.12.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"freetype\",\"path\":\"/usr/local/Cellar/freetype/\",\"version\":\"2.8.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/freetype/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "freetype", "path": "/usr/local/Cellar/freetype/", "version": "2.8.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"freetype\",\"path\":\"/usr/local/Cellar/freetype/\",\"version\":\"2.8.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"gd\",\"path\":\"/usr/local/Cellar/gd/\",\"version\":\"2.2.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/gd/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "gd", "path": "/usr/local/Cellar/gd/", "version": "2.2.5" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"gd\",\"path\":\"/usr/local/Cellar/gd/\",\"version\":\"2.2.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"gdbm\",\"path\":\"/usr/local/Cellar/gdbm/\",\"version\":\"1.13\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/gdbm/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "gdbm", "path": "/usr/local/Cellar/gdbm/", "version": "1.13" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"gdbm\",\"path\":\"/usr/local/Cellar/gdbm/\",\"version\":\"1.13\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"gettext\",\"path\":\"/usr/local/Cellar/gettext/\",\"version\":\"0.19.8.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/gettext/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "gettext", "path": "/usr/local/Cellar/gettext/", "version": "0.19.8.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"gettext\",\"path\":\"/usr/local/Cellar/gettext/\",\"version\":\"0.19.8.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"gflags\",\"path\":\"/usr/local/Cellar/gflags/\",\"version\":\"2.2.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/gflags/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "gflags", "path": "/usr/local/Cellar/gflags/", "version": "2.2.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"gflags\",\"path\":\"/usr/local/Cellar/gflags/\",\"version\":\"2.2.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"git-crypt\",\"path\":\"/usr/local/Cellar/git-crypt/\",\"version\":\"0.5.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/git-crypt/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "git-crypt", "path": "/usr/local/Cellar/git-crypt/", "version": "0.5.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"git-crypt\",\"path\":\"/usr/local/Cellar/git-crypt/\",\"version\":\"0.5.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"glog\",\"path\":\"/usr/local/Cellar/glog/\",\"version\":\"0.3.5_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/glog/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "glog", "path": "/usr/local/Cellar/glog/", "version": "0.3.5_1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"glog\",\"path\":\"/usr/local/Cellar/glog/\",\"version\":\"0.3.5_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"go\",\"path\":\"/usr/local/Cellar/go/\",\"version\":\"1.9.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/go/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "go", "path": "/usr/local/Cellar/go/", "version": "1.9.2" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"go\",\"path\":\"/usr/local/Cellar/go/\",\"version\":\"1.9.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"go@1.8\",\"path\":\"/usr/local/Cellar/go@1.8/\",\"version\":\"1.8.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/go@1.8/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "go@1.8", "path": "/usr/local/Cellar/go@1.8/", "version": "1.8.3" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"go@1.8\",\"path\":\"/usr/local/Cellar/go@1.8/\",\"version\":\"1.8.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"gradle\",\"path\":\"/usr/local/Cellar/gradle/\",\"version\":\"4.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/gradle/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "gradle", "path": "/usr/local/Cellar/gradle/", "version": "4.3" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"gradle\",\"path\":\"/usr/local/Cellar/gradle/\",\"version\":\"4.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"graphviz\",\"path\":\"/usr/local/Cellar/graphviz/\",\"version\":\"2.40.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/graphviz/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "graphviz", "path": "/usr/local/Cellar/graphviz/", "version": "2.40.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"graphviz\",\"path\":\"/usr/local/Cellar/graphviz/\",\"version\":\"2.40.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"heartbeat\",\"path\":\"/usr/local/Cellar/heartbeat/\",\"version\":\"6.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/heartbeat/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "heartbeat", "path": "/usr/local/Cellar/heartbeat/", "version": "6.1.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"heartbeat\",\"path\":\"/usr/local/Cellar/heartbeat/\",\"version\":\"6.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"heartbeat\",\"path\":\"/usr/local/Cellar/heartbeat/\",\"version\":\"6.1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/heartbeat/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "heartbeat", "path": "/usr/local/Cellar/heartbeat/", "version": "6.1.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"heartbeat\",\"path\":\"/usr/local/Cellar/heartbeat/\",\"version\":\"6.1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"icu4c\",\"path\":\"/usr/local/Cellar/icu4c/\",\"version\":\"59.1_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/icu4c/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "icu4c", "path": "/usr/local/Cellar/icu4c/", "version": "59.1_1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"icu4c\",\"path\":\"/usr/local/Cellar/icu4c/\",\"version\":\"59.1_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"jemalloc\",\"path\":\"/usr/local/Cellar/jemalloc/\",\"version\":\"5.0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/jemalloc/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "jemalloc", "path": "/usr/local/Cellar/jemalloc/", "version": "5.0.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"jemalloc\",\"path\":\"/usr/local/Cellar/jemalloc/\",\"version\":\"5.0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"jpeg\",\"path\":\"/usr/local/Cellar/jpeg/\",\"version\":\"9b\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/jpeg/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "jpeg", "path": "/usr/local/Cellar/jpeg/", "version": "9b" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"jpeg\",\"path\":\"/usr/local/Cellar/jpeg/\",\"version\":\"9b\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"jq\",\"path\":\"/usr/local/Cellar/jq/\",\"version\":\"1.5_2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/jq/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "jq", "path": "/usr/local/Cellar/jq/", "version": "1.5_2" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"jq\",\"path\":\"/usr/local/Cellar/jq/\",\"version\":\"1.5_2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libarchive\",\"path\":\"/usr/local/Cellar/libarchive/\",\"version\":\"3.3.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/libarchive/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "libarchive", "path": "/usr/local/Cellar/libarchive/", "version": "3.3.2" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libarchive\",\"path\":\"/usr/local/Cellar/libarchive/\",\"version\":\"3.3.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libevent\",\"path\":\"/usr/local/Cellar/libevent/\",\"version\":\"2.1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/libevent/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "libevent", "path": "/usr/local/Cellar/libevent/", "version": "2.1.8" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libevent\",\"path\":\"/usr/local/Cellar/libevent/\",\"version\":\"2.1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libmagic\",\"path\":\"/usr/local/Cellar/libmagic/\",\"version\":\"5.32\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/libmagic/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "libmagic", "path": "/usr/local/Cellar/libmagic/", "version": "5.32" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libmagic\",\"path\":\"/usr/local/Cellar/libmagic/\",\"version\":\"5.32\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libpng\",\"path\":\"/usr/local/Cellar/libpng/\",\"version\":\"1.6.34\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/libpng/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "libpng", "path": "/usr/local/Cellar/libpng/", "version": "1.6.34" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libpng\",\"path\":\"/usr/local/Cellar/libpng/\",\"version\":\"1.6.34\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"librdkafka\",\"path\":\"/usr/local/Cellar/librdkafka/\",\"version\":\"0.11.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/librdkafka/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "librdkafka", "path": "/usr/local/Cellar/librdkafka/", "version": "0.11.3" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } - }, - "related": { - "user": [ - "tsg" - ], + }, + "related": { "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"librdkafka\",\"path\":\"/usr/local/Cellar/librdkafka/\",\"version\":\"0.11.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libtermkey\",\"path\":\"/usr/local/Cellar/libtermkey/\",\"version\":\"0.20\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/libtermkey/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "libtermkey", "path": "/usr/local/Cellar/libtermkey/", "version": "0.20" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libtermkey\",\"path\":\"/usr/local/Cellar/libtermkey/\",\"version\":\"0.20\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libtiff\",\"path\":\"/usr/local/Cellar/libtiff/\",\"version\":\"4.0.8_5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/libtiff/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "libtiff", "path": "/usr/local/Cellar/libtiff/", "version": "4.0.8_5" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libtiff\",\"path\":\"/usr/local/Cellar/libtiff/\",\"version\":\"4.0.8_5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libtool\",\"path\":\"/usr/local/Cellar/libtool/\",\"version\":\"2.4.6_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/libtool/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "libtool", "path": "/usr/local/Cellar/libtool/", "version": "2.4.6_1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libtool\",\"path\":\"/usr/local/Cellar/libtool/\",\"version\":\"2.4.6_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libuv\",\"path\":\"/usr/local/Cellar/libuv/\",\"version\":\"1.14.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/libuv/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "libuv", "path": "/usr/local/Cellar/libuv/", "version": "1.14.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libuv\",\"path\":\"/usr/local/Cellar/libuv/\",\"version\":\"1.14.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libvterm\",\"path\":\"/usr/local/Cellar/libvterm/\",\"version\":\"681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/libvterm/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "libvterm", "path": "/usr/local/Cellar/libvterm/", "version": "681" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libvterm\",\"path\":\"/usr/local/Cellar/libvterm/\",\"version\":\"681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libyaml\",\"path\":\"/usr/local/Cellar/libyaml/\",\"version\":\"0.1.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/libyaml/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "libyaml", "path": "/usr/local/Cellar/libyaml/", "version": "0.1.7" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"libyaml\",\"path\":\"/usr/local/Cellar/libyaml/\",\"version\":\"0.1.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"lldpd\",\"path\":\"/usr/local/Cellar/lldpd/\",\"version\":\"0.9.9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/lldpd/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "lldpd", "path": "/usr/local/Cellar/lldpd/", "version": "0.9.9" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"lldpd\",\"path\":\"/usr/local/Cellar/lldpd/\",\"version\":\"0.9.9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"lz4\",\"path\":\"/usr/local/Cellar/lz4/\",\"version\":\"1.8.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/lz4/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "lz4", "path": "/usr/local/Cellar/lz4/", "version": "1.8.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"lz4\",\"path\":\"/usr/local/Cellar/lz4/\",\"version\":\"1.8.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"lzlib\",\"path\":\"/usr/local/Cellar/lzlib/\",\"version\":\"1.9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/lzlib/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "lzlib", "path": "/usr/local/Cellar/lzlib/", "version": "1.9" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"lzlib\",\"path\":\"/usr/local/Cellar/lzlib/\",\"version\":\"1.9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"metricbeat\",\"path\":\"/usr/local/Cellar/metricbeat/\",\"version\":\"6.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/metricbeat/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "metricbeat", "path": "/usr/local/Cellar/metricbeat/", "version": "6.1.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"metricbeat\",\"path\":\"/usr/local/Cellar/metricbeat/\",\"version\":\"6.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"msgpack\",\"path\":\"/usr/local/Cellar/msgpack/\",\"version\":\"2.1.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/msgpack/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "msgpack", "path": "/usr/local/Cellar/msgpack/", "version": "2.1.5" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"msgpack\",\"path\":\"/usr/local/Cellar/msgpack/\",\"version\":\"2.1.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"neovim\",\"path\":\"/usr/local/Cellar/neovim/\",\"version\":\"0.2.0_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/neovim/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "neovim", "path": "/usr/local/Cellar/neovim/", "version": "0.2.0_1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"neovim\",\"path\":\"/usr/local/Cellar/neovim/\",\"version\":\"0.2.0_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"nginx\",\"path\":\"/usr/local/Cellar/nginx/\",\"version\":\"1.12.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/nginx/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "nginx", "path": "/usr/local/Cellar/nginx/", "version": "1.12.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"nginx\",\"path\":\"/usr/local/Cellar/nginx/\",\"version\":\"1.12.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"node\",\"path\":\"/usr/local/Cellar/node/\",\"version\":\"8.9.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/node/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "node", "path": "/usr/local/Cellar/node/", "version": "8.9.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"node\",\"path\":\"/usr/local/Cellar/node/\",\"version\":\"8.9.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"nvm\",\"path\":\"/usr/local/Cellar/nvm/\",\"version\":\"0.33.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/nvm/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "nvm", "path": "/usr/local/Cellar/nvm/", "version": "0.33.6" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"nvm\",\"path\":\"/usr/local/Cellar/nvm/\",\"version\":\"0.33.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"oniguruma\",\"path\":\"/usr/local/Cellar/oniguruma/\",\"version\":\"6.6.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/oniguruma/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "oniguruma", "path": "/usr/local/Cellar/oniguruma/", "version": "6.6.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"oniguruma\",\"path\":\"/usr/local/Cellar/oniguruma/\",\"version\":\"6.6.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"openssl\",\"path\":\"/usr/local/Cellar/openssl/\",\"version\":\"1.0.2l\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/openssl/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "openssl", "path": "/usr/local/Cellar/openssl/", "version": "1.0.2l" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"openssl\",\"path\":\"/usr/local/Cellar/openssl/\",\"version\":\"1.0.2l\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"openssl\",\"path\":\"/usr/local/Cellar/openssl/\",\"version\":\"1.0.2m\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/openssl/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "openssl", "path": "/usr/local/Cellar/openssl/", "version": "1.0.2m" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"openssl\",\"path\":\"/usr/local/Cellar/openssl/\",\"version\":\"1.0.2m\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"openssl@1.1\",\"path\":\"/usr/local/Cellar/openssl@1.1/\",\"version\":\"1.1.0f\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/openssl@1.1/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "openssl@1.1", "path": "/usr/local/Cellar/openssl@1.1/", "version": "1.1.0f" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"openssl@1.1\",\"path\":\"/usr/local/Cellar/openssl@1.1/\",\"version\":\"1.1.0f\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"osquery\",\"path\":\"/usr/local/Cellar/osquery/\",\"version\":\"2.10.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/osquery/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "osquery", "path": "/usr/local/Cellar/osquery/", "version": "2.10.2" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"osquery\",\"path\":\"/usr/local/Cellar/osquery/\",\"version\":\"2.10.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"pcre\",\"path\":\"/usr/local/Cellar/pcre/\",\"version\":\"8.41\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/pcre/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "pcre", "path": "/usr/local/Cellar/pcre/", "version": "8.41" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"pcre\",\"path\":\"/usr/local/Cellar/pcre/\",\"version\":\"8.41\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"perl\",\"path\":\"/usr/local/Cellar/perl/\",\"version\":\"5.26.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/perl/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "perl", "path": "/usr/local/Cellar/perl/", "version": "5.26.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"perl\",\"path\":\"/usr/local/Cellar/perl/\",\"version\":\"5.26.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"python\",\"path\":\"/usr/local/Cellar/python/\",\"version\":\"2.7.13_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/python/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "python", "path": "/usr/local/Cellar/python/", "version": "2.7.13_1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"python\",\"path\":\"/usr/local/Cellar/python/\",\"version\":\"2.7.13_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"rapidjson\",\"path\":\"/usr/local/Cellar/rapidjson/\",\"version\":\"1.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/rapidjson/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "rapidjson", "path": "/usr/local/Cellar/rapidjson/", "version": "1.1.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"rapidjson\",\"path\":\"/usr/local/Cellar/rapidjson/\",\"version\":\"1.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"readline\",\"path\":\"/usr/local/Cellar/readline/\",\"version\":\"7.0.3_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/readline/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "readline", "path": "/usr/local/Cellar/readline/", "version": "7.0.3_1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, - "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "epoch": "0", + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"readline\",\"path\":\"/usr/local/Cellar/readline/\",\"version\":\"7.0.3_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"redis\",\"path\":\"/usr/local/Cellar/redis/\",\"version\":\"4.0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/redis/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "redis", "path": "/usr/local/Cellar/redis/", "version": "4.0.2" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"redis\",\"path\":\"/usr/local/Cellar/redis/\",\"version\":\"4.0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"rocksdb\",\"path\":\"/usr/local/Cellar/rocksdb/\",\"version\":\"5.8.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/rocksdb/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "rocksdb", "path": "/usr/local/Cellar/rocksdb/", "version": "5.8.7" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"rocksdb\",\"path\":\"/usr/local/Cellar/rocksdb/\",\"version\":\"5.8.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"ruby\",\"path\":\"/usr/local/Cellar/ruby/\",\"version\":\"2.4.1_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/ruby/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "ruby", "path": "/usr/local/Cellar/ruby/", "version": "2.4.1_1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"ruby\",\"path\":\"/usr/local/Cellar/ruby/\",\"version\":\"2.4.1_1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"sleuthkit\",\"path\":\"/usr/local/Cellar/sleuthkit/\",\"version\":\"4.5.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/sleuthkit/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "sleuthkit", "path": "/usr/local/Cellar/sleuthkit/", "version": "4.5.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"sleuthkit\",\"path\":\"/usr/local/Cellar/sleuthkit/\",\"version\":\"4.5.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"snappy\",\"path\":\"/usr/local/Cellar/snappy/\",\"version\":\"1.1.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/snappy/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "snappy", "path": "/usr/local/Cellar/snappy/", "version": "1.1.7" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"snappy\",\"path\":\"/usr/local/Cellar/snappy/\",\"version\":\"1.1.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"sqlite\",\"path\":\"/usr/local/Cellar/sqlite/\",\"version\":\"3.20.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/sqlite/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "sqlite", "path": "/usr/local/Cellar/sqlite/", "version": "3.20.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"sqlite\",\"path\":\"/usr/local/Cellar/sqlite/\",\"version\":\"3.20.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"telnet\",\"path\":\"/usr/local/Cellar/telnet/\",\"version\":\"54.50.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/telnet/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "telnet", "path": "/usr/local/Cellar/telnet/", "version": "54.50.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"telnet\",\"path\":\"/usr/local/Cellar/telnet/\",\"version\":\"54.50.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"the_silver_searcher\",\"path\":\"/usr/local/Cellar/the_silver_searcher/\",\"version\":\"2.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/the_silver_searcher/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "the_silver_searcher", "path": "/usr/local/Cellar/the_silver_searcher/", "version": "2.1.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"the_silver_searcher\",\"path\":\"/usr/local/Cellar/the_silver_searcher/\",\"version\":\"2.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"tree\",\"path\":\"/usr/local/Cellar/tree/\",\"version\":\"1.7.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/tree/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "tree", "path": "/usr/local/Cellar/tree/", "version": "1.7.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"tree\",\"path\":\"/usr/local/Cellar/tree/\",\"version\":\"1.7.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"unibilium\",\"path\":\"/usr/local/Cellar/unibilium/\",\"version\":\"1.2.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/unibilium/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "unibilium", "path": "/usr/local/Cellar/unibilium/", "version": "1.2.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"unibilium\",\"path\":\"/usr/local/Cellar/unibilium/\",\"version\":\"1.2.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"vim\",\"path\":\"/usr/local/Cellar/vim/\",\"version\":\"8.0.0997\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/vim/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "vim", "path": "/usr/local/Cellar/vim/", "version": "8.0.0997" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"vim\",\"path\":\"/usr/local/Cellar/vim/\",\"version\":\"8.0.0997\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"webp\",\"path\":\"/usr/local/Cellar/webp/\",\"version\":\"0.6.0_2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/webp/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "webp", "path": "/usr/local/Cellar/webp/", "version": "0.6.0_2" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, - "rule": { - "name": "pack_it-compliance_homebrew_packages" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"webp\",\"path\":\"/usr/local/Cellar/webp/\",\"version\":\"0.6.0_2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "rule": { + "name": "pack_it-compliance_homebrew_packages" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"xz\",\"path\":\"/usr/local/Cellar/xz/\",\"version\":\"5.2.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/xz/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "xz", "path": "/usr/local/Cellar/xz/", "version": "5.2.3" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"xz\",\"path\":\"/usr/local/Cellar/xz/\",\"version\":\"5.2.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"yara\",\"path\":\"/usr/local/Cellar/yara/\",\"version\":\"3.7.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/yara/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "yara", "path": "/usr/local/Cellar/yara/", "version": "3.7.0" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"yara\",\"path\":\"/usr/local/Cellar/yara/\",\"version\":\"3.7.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"zsh\",\"path\":\"/usr/local/Cellar/zsh/\",\"version\":\"5.4.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/zsh/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "zsh", "path": "/usr/local/Cellar/zsh/", "version": "5.4.1" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"zsh\",\"path\":\"/usr/local/Cellar/zsh/\",\"version\":\"5.4.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"zstd\",\"path\":\"/usr/local/Cellar/zstd/\",\"version\":\"1.3.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/usr/local/Cellar/zstd/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "zstd", "path": "/usr/local/Cellar/zstd/", "version": "1.3.2" }, - "name": "pack_it-compliance_homebrew_packages", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_homebrew_packages", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_homebrew_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"name\":\"zstd\",\"path\":\"/usr/local/Cellar/zstd/\",\"version\":\"1.3.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_homebrew_packages\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bootpd\",\"name\":\"bootps.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/bootps.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/bootpd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/bootps.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/bootpd", + "disabled": "1", + "label": "com.apple.bootpd", "name": "bootps.plist", "path": "/System/Library/LaunchDaemons/bootps.plist", - "disabled": "1", - "label": "com.apple.bootpd" + "program_arguments": "/usr/libexec/bootpd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bootpd\",\"name\":\"bootps.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/bootps.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/bootpd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.AirPlayXPCHelper\",\"name\":\"com.apple.AirPlayXPCHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AirPlayXPCHelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/AirPlayXPCHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.AirPlayXPCHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/AirPlayXPCHelper", + "keep_alive": "1", + "label": "com.apple.AirPlayXPCHelper", "name": "com.apple.AirPlayXPCHelper.plist", "path": "/System/Library/LaunchDaemons/com.apple.AirPlayXPCHelper.plist", - "label": "com.apple.AirPlayXPCHelper", - "keep_alive": "1" + "program_arguments": "/usr/libexec/AirPlayXPCHelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.AirPlayXPCHelper\",\"name\":\"com.apple.AirPlayXPCHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AirPlayXPCHelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/AirPlayXPCHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"wheel\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AppleFileServer\",\"name\":\"com.apple.AppleFileServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AppleFileServer.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/AppleFileServer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.AppleFileServer.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/AppleFileServer", - "name": "com.apple.AppleFileServer.plist", - "path": "/System/Library/LaunchDaemons/com.apple.AppleFileServer.plist", "disabled": "1", + "groupname": "wheel", "label": "com.apple.AppleFileServer", - "groupname": "wheel" + "name": "com.apple.AppleFileServer.plist", + "path": "/System/Library/LaunchDaemons/com.apple.AppleFileServer.plist", + "program_arguments": "/usr/sbin/AppleFileServer" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"wheel\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AppleFileServer\",\"name\":\"com.apple.AppleFileServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AppleFileServer.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/AppleFileServer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCache.builtin\",\"name\":\"com.apple.AssetCache.builtin.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AssetCache.builtin.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/AssetCache/AssetCache\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.AssetCache.builtin.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/AssetCache/AssetCache", + "disabled": "0", + "label": "com.apple.AssetCache.builtin", "name": "com.apple.AssetCache.builtin.plist", "path": "/System/Library/LaunchDaemons/com.apple.AssetCache.builtin.plist", - "disabled": "0", "process_type": "Adaptive", - "label": "com.apple.AssetCache.builtin" + "program_arguments": "/usr/libexec/AssetCache/AssetCache" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCache.builtin\",\"name\":\"com.apple.AssetCache.builtin.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AssetCache.builtin.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/AssetCache/AssetCache\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCacheLocatorService\",\"name\":\"com.apple.AssetCacheLocatorService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AssetCacheLocatorService.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService -d\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_assetcache\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.AssetCacheLocatorService.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService -d", + "label": "com.apple.AssetCacheLocatorService", "name": "com.apple.AssetCacheLocatorService.plist", "path": "/System/Library/LaunchDaemons/com.apple.AssetCacheLocatorService.plist", "process_type": "Adaptive", - "label": "com.apple.AssetCacheLocatorService", + "program_arguments": "/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService -d", "username": "_assetcache" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCacheLocatorService\",\"name\":\"com.apple.AssetCacheLocatorService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AssetCacheLocatorService.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService -d\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_assetcache\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCacheManagerService\",\"name\":\"com.apple.AssetCacheManagerService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AssetCacheManagerService.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.AssetCacheManagerService.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService", + "label": "com.apple.AssetCacheManagerService", "name": "com.apple.AssetCacheManagerService.plist", "path": "/System/Library/LaunchDaemons/com.apple.AssetCacheManagerService.plist", "process_type": "Adaptive", - "label": "com.apple.AssetCacheManagerService" + "program_arguments": "/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCacheManagerService\",\"name\":\"com.apple.AssetCacheManagerService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AssetCacheManagerService.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCacheTetheratorService\",\"name\":\"com.apple.AssetCacheTetheratorService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AssetCacheTetheratorService.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheTetheratorService.xpc/Contents/MacOS/AssetCacheTetheratorService\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.AssetCacheTetheratorService.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheTetheratorService.xpc/Contents/MacOS/AssetCacheTetheratorService", + "label": "com.apple.AssetCacheTetheratorService", "name": "com.apple.AssetCacheTetheratorService.plist", "path": "/System/Library/LaunchDaemons/com.apple.AssetCacheTetheratorService.plist", "process_type": "Adaptive", - "label": "com.apple.AssetCacheTetheratorService" + "program_arguments": "/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheTetheratorService.xpc/Contents/MacOS/AssetCacheTetheratorService" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCacheTetheratorService\",\"name\":\"com.apple.AssetCacheTetheratorService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.AssetCacheTetheratorService.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheTetheratorService.xpc/Contents/MacOS/AssetCacheTetheratorService\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CommCenterRootHelper\",\"name\":\"com.apple.CommCenterRootHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.CommCenterRootHelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenterRootHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.CommCenterRootHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenterRootHelper", + "label": "com.apple.CommCenterRootHelper", "name": "com.apple.CommCenterRootHelper.plist", "path": "/System/Library/LaunchDaemons/com.apple.CommCenterRootHelper.plist", - "label": "com.apple.CommCenterRootHelper" + "program_arguments": "/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenterRootHelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { - "name": "pack_it-compliance_launchd" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CommCenterRootHelper\",\"name\":\"com.apple.CommCenterRootHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.CommCenterRootHelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenterRootHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "name": "pack_it-compliance_launchd" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CoreAuthentication.daemon\",\"name\":\"com.apple.CoreAuthentication.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.CoreAuthentication.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.CoreAuthentication.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd", + "label": "com.apple.CoreAuthentication.daemon", "name": "com.apple.CoreAuthentication.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.CoreAuthentication.daemon.plist", - "label": "com.apple.CoreAuthentication.daemon" + "program_arguments": "/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CoreAuthentication.daemon\",\"name\":\"com.apple.CoreAuthentication.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.CoreAuthentication.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CoreRAID\",\"name\":\"com.apple.CoreRAID.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.CoreRAID.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreRAID.framework/Resources/CoreRAIDServer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.CoreRAID.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CoreRAID.framework/Resources/CoreRAIDServer", + "label": "com.apple.CoreRAID", "name": "com.apple.CoreRAID.plist", "path": "/System/Library/LaunchDaemons/com.apple.CoreRAID.plist", - "label": "com.apple.CoreRAID", + "program_arguments": "/System/Library/PrivateFrameworks/CoreRAID.framework/Resources/CoreRAIDServer", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CoreRAID\",\"name\":\"com.apple.CoreRAID.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.CoreRAID.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreRAID.framework/Resources/CoreRAIDServer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CrashReporterSupportHelper\",\"name\":\"com.apple.CrashReporterSupportHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.CrashReporterSupportHelper.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/CrashReporterSupportHelper server-init\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.CrashReporterSupportHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/CrashReporterSupportHelper server-init", + "label": "com.apple.CrashReporterSupportHelper", "name": "com.apple.CrashReporterSupportHelper.plist", "path": "/System/Library/LaunchDaemons/com.apple.CrashReporterSupportHelper.plist", "process_type": "Adaptive", - "label": "com.apple.CrashReporterSupportHelper" + "program_arguments": "/System/Library/CoreServices/CrashReporterSupportHelper server-init" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CrashReporterSupportHelper\",\"name\":\"com.apple.CrashReporterSupportHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.CrashReporterSupportHelper.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/CrashReporterSupportHelper server-init\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CryptoTokenKit.ahp\",\"name\":\"com.apple.CryptoTokenKit.ahp.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.CryptoTokenKit.ahp.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp -d\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.CryptoTokenKit.ahp.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp -d", + "label": "com.apple.CryptoTokenKit.ahp", "name": "com.apple.CryptoTokenKit.ahp.plist", "path": "/System/Library/LaunchDaemons/com.apple.CryptoTokenKit.ahp.plist", - "label": "com.apple.CryptoTokenKit.ahp" + "program_arguments": "/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp -d" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CryptoTokenKit.ahp\",\"name\":\"com.apple.CryptoTokenKit.ahp.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.CryptoTokenKit.ahp.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp -d\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_datadetectors\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DataDetectorsSourceAccess\",\"name\":\"com.apple.DataDetectorsSourceAccess.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.DataDetectorsSourceAccess.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/DataDetectorsSourceAccess\",\"program_arguments\":\"/usr/libexec/DataDetectorsSourceAccess\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_datadetectors\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.DataDetectorsSourceAccess.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/DataDetectorsSourceAccess", - "path": "/System/Library/LaunchDaemons/com.apple.DataDetectorsSourceAccess.plist", - "name": "com.apple.DataDetectorsSourceAccess.plist", + "groupname": "_datadetectors", "label": "com.apple.DataDetectorsSourceAccess", + "name": "com.apple.DataDetectorsSourceAccess.plist", + "path": "/System/Library/LaunchDaemons/com.apple.DataDetectorsSourceAccess.plist", "program": "/usr/libexec/DataDetectorsSourceAccess", - "groupname": "_datadetectors", + "program_arguments": "/usr/libexec/DataDetectorsSourceAccess", "username": "_datadetectors" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_datadetectors\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DataDetectorsSourceAccess\",\"name\":\"com.apple.DataDetectorsSourceAccess.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.DataDetectorsSourceAccess.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/DataDetectorsSourceAccess\",\"program_arguments\":\"/usr/libexec/DataDetectorsSourceAccess\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_datadetectors\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DesktopServicesHelper\",\"name\":\"com.apple.DesktopServicesHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.DesktopServicesHelper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.DesktopServicesHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.DesktopServicesHelper", "name": "com.apple.DesktopServicesHelper.plist", "path": "/System/Library/LaunchDaemons/com.apple.DesktopServicesHelper.plist", - "label": "com.apple.DesktopServicesHelper", "program": "/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DesktopServicesHelper\",\"name\":\"com.apple.DesktopServicesHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.DesktopServicesHelper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.DumpGPURestart\",\"name\":\"com.apple.DumpGPURestart.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.DumpGPURestart.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/DumpGPURestart\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.DumpGPURestart.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/DumpGPURestart", + "keep_alive": "0", + "label": "com.apple.DumpGPURestart", "name": "com.apple.DumpGPURestart.plist", "path": "/System/Library/LaunchDaemons/com.apple.DumpGPURestart.plist", - "label": "com.apple.DumpGPURestart", - "keep_alive": "0" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/DumpGPURestart" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.DumpGPURestart\",\"name\":\"com.apple.DumpGPURestart.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.DumpGPURestart.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/DumpGPURestart\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DumpPanic\",\"name\":\"com.apple.DumpPanic.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.DumpPanic.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/DumpPanic\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.DumpPanic.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.DumpPanic", "name": "com.apple.DumpPanic.plist", "path": "/System/Library/LaunchDaemons/com.apple.DumpPanic.plist", - "label": "com.apple.DumpPanic", "program": "/System/Library/CoreServices/DumpPanic", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DumpPanic\",\"name\":\"com.apple.DumpPanic.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.DumpPanic.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/DumpPanic\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FileCoordination\",\"name\":\"com.apple.FileCoordination.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.FileCoordination.plist\",\"process_type\":\"\",\"program\":\"/usr/sbin/filecoordinationd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.FileCoordination.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.FileCoordination", "name": "com.apple.FileCoordination.plist", "path": "/System/Library/LaunchDaemons/com.apple.FileCoordination.plist", - "label": "com.apple.FileCoordination", "program": "/usr/sbin/filecoordinationd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FileCoordination\",\"name\":\"com.apple.FileCoordination.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.FileCoordination.plist\",\"process_type\":\"\",\"program\":\"/usr/sbin/filecoordinationd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FontWorker\",\"name\":\"com.apple.FontWorker.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.FontWorker.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/fontworker\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.FontWorker.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.FontWorker", "name": "com.apple.FontWorker.plist", "path": "/System/Library/LaunchDaemons/com.apple.FontWorker.plist", - "label": "com.apple.FontWorker", "program": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/fontworker" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FontWorker\",\"name\":\"com.apple.FontWorker.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.FontWorker.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/fontworker\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.GSSCred\",\"name\":\"com.apple.GSSCred.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.GSSCred.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/GSS.framework/Helpers/GSSCred\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.GSSCred.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/GSS.framework/Helpers/GSSCred", + "label": "com.apple.GSSCred", "name": "com.apple.GSSCred.plist", "path": "/System/Library/LaunchDaemons/com.apple.GSSCred.plist", - "label": "com.apple.GSSCred" + "program_arguments": "/System/Library/Frameworks/GSS.framework/Helpers/GSSCred" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.GSSCred\",\"name\":\"com.apple.GSSCred.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.GSSCred.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/GSS.framework/Helpers/GSSCred\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.GameController.gamecontrollerd\",\"name\":\"com.apple.GameController.gamecontrollerd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.GameController.gamecontrollerd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/gamecontrollerd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_gamecontrollerd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.GameController.gamecontrollerd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/gamecontrollerd", + "label": "com.apple.GameController.gamecontrollerd", "name": "com.apple.GameController.gamecontrollerd.plist", "path": "/System/Library/LaunchDaemons/com.apple.GameController.gamecontrollerd.plist", - "label": "com.apple.GameController.gamecontrollerd", + "program_arguments": "/usr/libexec/gamecontrollerd", "username": "_gamecontrollerd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.GameController.gamecontrollerd\",\"name\":\"com.apple.GameController.gamecontrollerd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.GameController.gamecontrollerd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/gamecontrollerd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_gamecontrollerd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.IFCStart\",\"name\":\"com.apple.IFCStart.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.IFCStart.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/ifcstart\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.IFCStart.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/ifcstart", + "label": "com.apple.IFCStart", "name": "com.apple.IFCStart.plist", "path": "/System/Library/LaunchDaemons/com.apple.IFCStart.plist", - "label": "com.apple.IFCStart", + "program_arguments": "/usr/libexec/ifcstart", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.IFCStart\",\"name\":\"com.apple.IFCStart.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.IFCStart.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/ifcstart\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.IOAccelMemoryInfoCollector\",\"name\":\"com.apple.IOAccelMemoryInfoCollector.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.IOAccelMemoryInfoCollector.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/IOAccelMemoryInfoCollector\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.IOAccelMemoryInfoCollector.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/IOAccelMemoryInfoCollector", + "label": "com.apple.IOAccelMemoryInfoCollector", "name": "com.apple.IOAccelMemoryInfoCollector.plist", "path": "/System/Library/LaunchDaemons/com.apple.IOAccelMemoryInfoCollector.plist", "process_type": "Background", - "label": "com.apple.IOAccelMemoryInfoCollector" + "program_arguments": "/usr/libexec/IOAccelMemoryInfoCollector" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.IOAccelMemoryInfoCollector\",\"name\":\"com.apple.IOAccelMemoryInfoCollector.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.IOAccelMemoryInfoCollector.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/IOAccelMemoryInfoCollector\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.IOBluetoothUSBDFU\",\"name\":\"com.apple.IOBluetoothUSBDFU.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.IOBluetoothUSBDFU.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothUSBDFU.kext/Contents/Resources/IOBluetoothUSBDFUTool\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.IOBluetoothUSBDFU.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothUSBDFU.kext/Contents/Resources/IOBluetoothUSBDFUTool", + "label": "com.apple.IOBluetoothUSBDFU", "name": "com.apple.IOBluetoothUSBDFU.plist", "path": "/System/Library/LaunchDaemons/com.apple.IOBluetoothUSBDFU.plist", - "label": "com.apple.IOBluetoothUSBDFU" + "program_arguments": "/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothUSBDFU.kext/Contents/Resources/IOBluetoothUSBDFUTool" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.IOBluetoothUSBDFU\",\"name\":\"com.apple.IOBluetoothUSBDFU.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.IOBluetoothUSBDFU.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothUSBDFU.kext/Contents/Resources/IOBluetoothUSBDFUTool\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.InstallerDiagnostics.installerdiagd\",\"name\":\"com.apple.InstallerDiagnostics.installerdiagd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.InstallerDiagnostics.installerdiagd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/InstallerDiagnostics.framework/Versions/A/Resources/installerdiagd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.InstallerDiagnostics.installerdiagd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/InstallerDiagnostics.framework/Versions/A/Resources/installerdiagd", + "label": "com.apple.InstallerDiagnostics.installerdiagd", "name": "com.apple.InstallerDiagnostics.installerdiagd.plist", "path": "/System/Library/LaunchDaemons/com.apple.InstallerDiagnostics.installerdiagd.plist", "process_type": "Adaptive", - "label": "com.apple.InstallerDiagnostics.installerdiagd" + "program_arguments": "/System/Library/PrivateFrameworks/InstallerDiagnostics.framework/Versions/A/Resources/installerdiagd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.InstallerDiagnostics.installerdiagd\",\"name\":\"com.apple.InstallerDiagnostics.installerdiagd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.InstallerDiagnostics.installerdiagd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/InstallerDiagnostics.framework/Versions/A/Resources/installerdiagd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.InstallerDiagnostics.installerdiagwatcher\",\"name\":\"com.apple.InstallerDiagnostics.installerdiagwatcher.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.InstallerDiagnostics.installerdiagwatcher.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/InstallerDiagnostics.framework/Versions/A/Resources/installerdiagwatcher\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.InstallerDiagnostics.installerdiagwatcher.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/InstallerDiagnostics.framework/Versions/A/Resources/installerdiagwatcher", + "label": "com.apple.InstallerDiagnostics.installerdiagwatcher", "name": "com.apple.InstallerDiagnostics.installerdiagwatcher.plist", "path": "/System/Library/LaunchDaemons/com.apple.InstallerDiagnostics.installerdiagwatcher.plist", "process_type": "Adaptive", - "label": "com.apple.InstallerDiagnostics.installerdiagwatcher" + "program_arguments": "/System/Library/PrivateFrameworks/InstallerDiagnostics.framework/Versions/A/Resources/installerdiagwatcher" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.InstallerDiagnostics.installerdiagwatcher\",\"name\":\"com.apple.InstallerDiagnostics.installerdiagwatcher.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.InstallerDiagnostics.installerdiagwatcher.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/InstallerDiagnostics.framework/Versions/A/Resources/installerdiagwatcher\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.InstallerProgress\",\"name\":\"com.apple.InstallerProgress.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.InstallerProgress.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Installer Progress.app/Contents/MacOS/Installer Progress --showProgress\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.InstallerProgress.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Installer Progress.app/Contents/MacOS/Installer Progress --showProgress", + "label": "com.apple.InstallerProgress", "name": "com.apple.InstallerProgress.plist", "path": "/System/Library/LaunchDaemons/com.apple.InstallerProgress.plist", - "label": "com.apple.InstallerProgress", + "program_arguments": "/System/Library/CoreServices/Installer Progress.app/Contents/MacOS/Installer Progress --showProgress", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.InstallerProgress\",\"name\":\"com.apple.InstallerProgress.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.InstallerProgress.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Installer Progress.app/Contents/MacOS/Installer Progress --showProgress\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Kerberos.digest-service\",\"name\":\"com.apple.Kerberos.digest-service.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.Kerberos.digest-service.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/digest-service\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.Kerberos.digest-service.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/digest-service", + "label": "com.apple.Kerberos.digest-service", "name": "com.apple.Kerberos.digest-service.plist", "path": "/System/Library/LaunchDaemons/com.apple.Kerberos.digest-service.plist", - "label": "com.apple.Kerberos.digest-service" + "program_arguments": "/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/digest-service" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Kerberos.digest-service\",\"name\":\"com.apple.Kerberos.digest-service.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.Kerberos.digest-service.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/digest-service\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Kerberos.kadmind\",\"name\":\"com.apple.Kerberos.kadmind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.Kerberos.kadmind.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kadmind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.Kerberos.kadmind.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kadmind", + "label": "com.apple.Kerberos.kadmind", "name": "com.apple.Kerberos.kadmind.plist", "path": "/System/Library/LaunchDaemons/com.apple.Kerberos.kadmind.plist", - "label": "com.apple.Kerberos.kadmind" + "program_arguments": "/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kadmind" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Kerberos.kadmind\",\"name\":\"com.apple.Kerberos.kadmind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.Kerberos.kadmind.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kadmind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Kerberos.kcm\",\"name\":\"com.apple.Kerberos.kcm.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.Kerberos.kcm.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kcm --launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.Kerberos.kcm.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kcm --launchd", + "label": "com.apple.Kerberos.kcm", "name": "com.apple.Kerberos.kcm.plist", "path": "/System/Library/LaunchDaemons/com.apple.Kerberos.kcm.plist", - "label": "com.apple.Kerberos.kcm" + "program_arguments": "/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kcm --launchd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Kerberos.kcm\",\"name\":\"com.apple.Kerberos.kcm.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.Kerberos.kcm.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kcm --launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Kerberos.kdc\",\"name\":\"com.apple.Kerberos.kdc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kdc\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kdc", + "label": "com.apple.Kerberos.kdc", "name": "com.apple.Kerberos.kdc.plist", "path": "/System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist", - "label": "com.apple.Kerberos.kdc" + "program_arguments": "/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kdc" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Kerberos.kdc\",\"name\":\"com.apple.Kerberos.kdc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kdc\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Kerberos.kpasswdd\",\"name\":\"com.apple.Kerberos.kpasswdd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.Kerberos.kpasswdd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kpasswdd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.Kerberos.kpasswdd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kpasswdd", + "label": "com.apple.Kerberos.kpasswdd", "name": "com.apple.Kerberos.kpasswdd.plist", "path": "/System/Library/LaunchDaemons/com.apple.Kerberos.kpasswdd.plist", - "label": "com.apple.Kerberos.kpasswdd" + "program_arguments": "/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kpasswdd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Kerberos.kpasswdd\",\"name\":\"com.apple.Kerberos.kpasswdd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.Kerberos.kpasswdd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kpasswdd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.KernelEventAgent\",\"name\":\"com.apple.KernelEventAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.KernelEventAgent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/KernelEventAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.KernelEventAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/KernelEventAgent", + "keep_alive": "1", + "label": "com.apple.KernelEventAgent", "name": "com.apple.KernelEventAgent.plist", "path": "/System/Library/LaunchDaemons/com.apple.KernelEventAgent.plist", "process_type": "Interactive", - "label": "com.apple.KernelEventAgent", - "keep_alive": "1" + "program_arguments": "/usr/sbin/KernelEventAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, - "rule": { - "name": "pack_it-compliance_launchd" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.KernelEventAgent\",\"name\":\"com.apple.KernelEventAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.KernelEventAgent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/KernelEventAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ], + "user": [ + "tsg" + ] }, - "user": { - "name": "tsg" + "rule": { + "name": "pack_it-compliance_launchd" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.MRTd\",\"name\":\"com.apple.MRTd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.MRTd.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/MRT.app/Contents/MacOS/MRT -d\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.MRTd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/MRT.app/Contents/MacOS/MRT -d", + "label": "com.apple.MRTd", "name": "com.apple.MRTd.plist", "path": "/System/Library/LaunchDaemons/com.apple.MRTd.plist", "process_type": "Background", - "label": "com.apple.MRTd", + "program_arguments": "/System/Library/CoreServices/MRT.app/Contents/MacOS/MRT -d", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.MRTd\",\"name\":\"com.apple.MRTd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.MRTd.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/MRT.app/Contents/MacOS/MRT -d\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClient.cloudconfigurationd\",\"name\":\"com.apple.ManagedClient.cloudconfigurationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ManagedClient.cloudconfigurationd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/cloudconfigurationd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ManagedClient.cloudconfigurationd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/cloudconfigurationd", + "label": "com.apple.ManagedClient.cloudconfigurationd", "name": "com.apple.ManagedClient.cloudconfigurationd.plist", "path": "/System/Library/LaunchDaemons/com.apple.ManagedClient.cloudconfigurationd.plist", - "label": "com.apple.ManagedClient.cloudconfigurationd", + "program_arguments": "/usr/libexec/cloudconfigurationd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClient.cloudconfigurationd\",\"name\":\"com.apple.ManagedClient.cloudconfigurationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ManagedClient.cloudconfigurationd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/cloudconfigurationd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClient.enroll\",\"name\":\"com.apple.ManagedClient.enroll.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient -e\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient -e", + "label": "com.apple.ManagedClient.enroll", "name": "com.apple.ManagedClient.enroll.plist", "path": "/System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist", - "label": "com.apple.ManagedClient.enroll" + "program_arguments": "/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient -e" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClient.enroll\",\"name\":\"com.apple.ManagedClient.enroll.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient -e\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClient\",\"name\":\"com.apple.ManagedClient.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ManagedClient.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ManagedClient.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.ManagedClient", "name": "com.apple.ManagedClient.plist", "path": "/System/Library/LaunchDaemons/com.apple.ManagedClient.plist", "process_type": "Interactive", - "label": "com.apple.ManagedClient", "program": "/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClient\",\"name\":\"com.apple.ManagedClient.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ManagedClient.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClient.startup\",\"name\":\"com.apple.ManagedClient.startup.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ManagedClient.startup.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient -i\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ManagedClient.startup.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient -i", + "label": "com.apple.ManagedClient.startup", "name": "com.apple.ManagedClient.startup.plist", "path": "/System/Library/LaunchDaemons/com.apple.ManagedClient.startup.plist", "process_type": "Interactive", - "label": "com.apple.ManagedClient.startup", + "program_arguments": "/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient -i", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClient.startup\",\"name\":\"com.apple.ManagedClient.startup.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ManagedClient.startup.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient -i\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.MobileAccessoryUpdater\",\"name\":\"com.apple.MobileAccessoryUpdater.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.MobileAccessoryUpdater.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/MobileAccessoryUpdater.framework/Support/fud 30\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.MobileAccessoryUpdater.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/MobileAccessoryUpdater.framework/Support/fud 30", + "label": "com.apple.MobileAccessoryUpdater", "name": "com.apple.MobileAccessoryUpdater.plist", "path": "/System/Library/LaunchDaemons/com.apple.MobileAccessoryUpdater.plist", - "label": "com.apple.MobileAccessoryUpdater", + "program_arguments": "/System/Library/PrivateFrameworks/MobileAccessoryUpdater.framework/Support/fud 30", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.MobileAccessoryUpdater\",\"name\":\"com.apple.MobileAccessoryUpdater.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.MobileAccessoryUpdater.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/MobileAccessoryUpdater.framework/Support/fud 30\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.MobileFileIntegrity\",\"name\":\"com.apple.MobileFileIntegrity.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/amfid\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/amfid", + "label": "com.apple.MobileFileIntegrity", "name": "com.apple.MobileFileIntegrity.plist", "path": "/System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist", - "label": "com.apple.MobileFileIntegrity" + "program_arguments": "/usr/libexec/amfid" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.MobileFileIntegrity\",\"name\":\"com.apple.MobileFileIntegrity.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/amfid\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.NetBootClientStatus\",\"name\":\"com.apple.NetBootClientStatus.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.NetBootClientStatus.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/NetBootClientStatus\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.NetBootClientStatus.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/NetBootClientStatus", + "label": "com.apple.NetBootClientStatus", "name": "com.apple.NetBootClientStatus.plist", "path": "/System/Library/LaunchDaemons/com.apple.NetBootClientStatus.plist", "process_type": "Background", - "label": "com.apple.NetBootClientStatus", + "program_arguments": "/usr/sbin/NetBootClientStatus", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.NetBootClientStatus\",\"name\":\"com.apple.NetBootClientStatus.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.NetBootClientStatus.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/NetBootClientStatus\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nlcd\",\"name\":\"com.apple.NetworkLinkConditioner.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.NetworkLinkConditioner.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/nlcd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.NetworkLinkConditioner.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/nlcd", + "label": "com.apple.nlcd", "name": "com.apple.NetworkLinkConditioner.plist", "path": "/System/Library/LaunchDaemons/com.apple.NetworkLinkConditioner.plist", "process_type": "Adaptive", - "label": "com.apple.nlcd", + "program_arguments": "/usr/libexec/nlcd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nlcd\",\"name\":\"com.apple.NetworkLinkConditioner.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.NetworkLinkConditioner.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/nlcd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.NetworkSharing\",\"name\":\"com.apple.NetworkSharing.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.NetworkSharing.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/InternetSharing\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/var/run\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.NetworkSharing.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/InternetSharing", + "label": "com.apple.NetworkSharing", "name": "com.apple.NetworkSharing.plist", "path": "/System/Library/LaunchDaemons/com.apple.NetworkSharing.plist", - "working_directory": "/var/run", - "label": "com.apple.NetworkSharing" + "program_arguments": "/usr/libexec/InternetSharing", + "working_directory": "/var/run" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.NetworkSharing\",\"name\":\"com.apple.NetworkSharing.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.NetworkSharing.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/InternetSharing\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/var/run\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.ODSAgent\",\"name\":\"com.apple.ODSAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ODSAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ODSAgent.app/Contents/MacOS/ODSAgent -launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ODSAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/ODSAgent.app/Contents/MacOS/ODSAgent -launchd", - "name": "com.apple.ODSAgent.plist", - "path": "/System/Library/LaunchDaemons/com.apple.ODSAgent.plist", "disabled": "1", + "keep_alive": "1", "label": "com.apple.ODSAgent", - "keep_alive": "1" + "name": "com.apple.ODSAgent.plist", + "path": "/System/Library/LaunchDaemons/com.apple.ODSAgent.plist", + "program_arguments": "/System/Library/CoreServices/ODSAgent.app/Contents/MacOS/ODSAgent -launchd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.ODSAgent\",\"name\":\"com.apple.ODSAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ODSAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ODSAgent.app/Contents/MacOS/ODSAgent -launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PCIELaneConfigTool\",\"name\":\"com.apple.PCIELaneConfigTool.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.PCIELaneConfigTool.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Expansion Slot Utility.app/Contents/Resources/PCIELaneConfigTool\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.PCIELaneConfigTool.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Expansion Slot Utility.app/Contents/Resources/PCIELaneConfigTool", + "label": "com.apple.PCIELaneConfigTool", "name": "com.apple.PCIELaneConfigTool.plist", "path": "/System/Library/LaunchDaemons/com.apple.PCIELaneConfigTool.plist", - "label": "com.apple.PCIELaneConfigTool", + "program_arguments": "/System/Library/CoreServices/Expansion Slot Utility.app/Contents/Resources/PCIELaneConfigTool", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PCIELaneConfigTool\",\"name\":\"com.apple.PCIELaneConfigTool.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.PCIELaneConfigTool.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Expansion Slot Utility.app/Contents/Resources/PCIELaneConfigTool\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PasswordService\",\"name\":\"com.apple.PasswordService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.PasswordService.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/PasswordService -n\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.PasswordService.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/PasswordService -n", + "disabled": "1", + "label": "com.apple.PasswordService", "name": "com.apple.PasswordService.plist", "path": "/System/Library/LaunchDaemons/com.apple.PasswordService.plist", - "disabled": "1", - "label": "com.apple.PasswordService" + "program_arguments": "/usr/sbin/PasswordService -n" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PasswordService\",\"name\":\"com.apple.PasswordService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.PasswordService.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/PasswordService -n\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.RFBEventHelper\",\"name\":\"com.apple.RFBEventHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.RFBEventHelper.plist\",\"process_type\":\"Standard\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/RFBEventHelper.bundle/Contents/MacOS/RFBEventHelperd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.RFBEventHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/RFBEventHelper.bundle/Contents/MacOS/RFBEventHelperd", + "label": "com.apple.RFBEventHelper", "name": "com.apple.RFBEventHelper.plist", "path": "/System/Library/LaunchDaemons/com.apple.RFBEventHelper.plist", "process_type": "Standard", - "label": "com.apple.RFBEventHelper" + "program_arguments": "/System/Library/CoreServices/RFBEventHelper.bundle/Contents/MacOS/RFBEventHelperd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.RFBEventHelper\",\"name\":\"com.apple.RFBEventHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.RFBEventHelper.plist\",\"process_type\":\"Standard\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/RFBEventHelper.bundle/Contents/MacOS/RFBEventHelperd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.RemoteDesktop.PrivilegeProxy\",\"name\":\"com.apple.RemoteDesktop.PrivilegeProxy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.RemoteDesktop.PrivilegeProxy.plist\",\"process_type\":\"Standard\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/VNCPrivilegeProxy\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.RemoteDesktop.PrivilegeProxy.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/VNCPrivilegeProxy", + "label": "com.apple.RemoteDesktop.PrivilegeProxy", "name": "com.apple.RemoteDesktop.PrivilegeProxy.plist", "path": "/System/Library/LaunchDaemons/com.apple.RemoteDesktop.PrivilegeProxy.plist", "process_type": "Standard", - "label": "com.apple.RemoteDesktop.PrivilegeProxy" + "program_arguments": "/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/VNCPrivilegeProxy" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.RemoteDesktop.PrivilegeProxy\",\"name\":\"com.apple.RemoteDesktop.PrivilegeProxy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.RemoteDesktop.PrivilegeProxy.plist\",\"process_type\":\"Standard\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/VNCPrivilegeProxy\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportCrash.Root.Self\",\"name\":\"com.apple.ReportCrash.Root.Self.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ReportCrash.Root.Self.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ReportCrash daemon-safety\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ReportCrash.Root.Self.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/ReportCrash daemon-safety", + "label": "com.apple.ReportCrash.Root.Self", "name": "com.apple.ReportCrash.Root.Self.plist", "path": "/System/Library/LaunchDaemons/com.apple.ReportCrash.Root.Self.plist", "process_type": "Background", - "label": "com.apple.ReportCrash.Root.Self" + "program_arguments": "/System/Library/CoreServices/ReportCrash daemon-safety" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportCrash.Root.Self\",\"name\":\"com.apple.ReportCrash.Root.Self.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ReportCrash.Root.Self.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ReportCrash daemon-safety\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportCrash.Root\",\"name\":\"com.apple.ReportCrash.Root.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ReportCrash.Root.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ReportCrash daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ReportCrash.Root.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/ReportCrash daemon", + "label": "com.apple.ReportCrash.Root", "name": "com.apple.ReportCrash.Root.plist", "path": "/System/Library/LaunchDaemons/com.apple.ReportCrash.Root.plist", "process_type": "Background", - "label": "com.apple.ReportCrash.Root" + "program_arguments": "/System/Library/CoreServices/ReportCrash daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportCrash.Root\",\"name\":\"com.apple.ReportCrash.Root.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ReportCrash.Root.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ReportCrash daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportPanicService\",\"name\":\"com.apple.ReportPanicService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ReportPanicService.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/ReportPanicService\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ReportPanicService.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.ReportPanicService", "name": "com.apple.ReportPanicService.plist", "path": "/System/Library/LaunchDaemons/com.apple.ReportPanicService.plist", - "label": "com.apple.ReportPanicService", "program": "/System/Library/CoreServices/ReportPanicService" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportPanicService\",\"name\":\"com.apple.ReportPanicService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ReportPanicService.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/ReportPanicService\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SCHelper\",\"name\":\"com.apple.SCHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.SCHelper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/Helpers/SCHelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.SCHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.SCHelper", "name": "com.apple.SCHelper.plist", "path": "/System/Library/LaunchDaemons/com.apple.SCHelper.plist", - "label": "com.apple.SCHelper", "program": "/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/Helpers/SCHelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SCHelper\",\"name\":\"com.apple.SCHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.SCHelper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/Helpers/SCHelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SubmitDiagInfo\",\"name\":\"com.apple.SubmitDiagInfo.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.SubmitDiagInfo.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/SubmitDiagInfo server-init\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.SubmitDiagInfo.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/SubmitDiagInfo server-init", + "label": "com.apple.SubmitDiagInfo", "name": "com.apple.SubmitDiagInfo.plist", "path": "/System/Library/LaunchDaemons/com.apple.SubmitDiagInfo.plist", "process_type": "Background", - "label": "com.apple.SubmitDiagInfo" + "program_arguments": "/System/Library/CoreServices/SubmitDiagInfo server-init" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SubmitDiagInfo\",\"name\":\"com.apple.SubmitDiagInfo.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.SubmitDiagInfo.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/SubmitDiagInfo server-init\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_trustevaluationagent\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.TrustEvaluationAgent.system\",\"name\":\"com.apple.TrustEvaluationAgent.system.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.TrustEvaluationAgent.system.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Resources/trustevaluationagent\",\"program_arguments\":\"trustevaluationagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_trustevaluationagent\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.TrustEvaluationAgent.system.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "trustevaluationagent", - "path": "/System/Library/LaunchDaemons/com.apple.TrustEvaluationAgent.system.plist", - "name": "com.apple.TrustEvaluationAgent.system.plist", + "groupname": "_trustevaluationagent", "label": "com.apple.TrustEvaluationAgent.system", + "name": "com.apple.TrustEvaluationAgent.system.plist", + "path": "/System/Library/LaunchDaemons/com.apple.TrustEvaluationAgent.system.plist", "program": "/System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Resources/trustevaluationagent", - "groupname": "_trustevaluationagent", + "program_arguments": "trustevaluationagent", "username": "_trustevaluationagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_trustevaluationagent\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.TrustEvaluationAgent.system\",\"name\":\"com.apple.TrustEvaluationAgent.system.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.TrustEvaluationAgent.system.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Resources/trustevaluationagent\",\"program_arguments\":\"trustevaluationagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_trustevaluationagent\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.UserEventAgent-System\",\"name\":\"com.apple.UserEventAgent-System.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.UserEventAgent-System.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/UserEventAgent (System)\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.UserEventAgent-System.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/UserEventAgent (System)", + "keep_alive": "1", + "label": "com.apple.UserEventAgent-System", "name": "com.apple.UserEventAgent-System.plist", "path": "/System/Library/LaunchDaemons/com.apple.UserEventAgent-System.plist", - "label": "com.apple.UserEventAgent-System", - "keep_alive": "1" + "program_arguments": "/usr/libexec/UserEventAgent (System)" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.UserEventAgent-System\",\"name\":\"com.apple.UserEventAgent-System.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.UserEventAgent-System.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/UserEventAgent (System)\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.UserNotificationCenter\",\"name\":\"com.apple.UserNotificationCenter.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.UserNotificationCenter.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/uncd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.UserNotificationCenter.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/uncd", + "label": "com.apple.UserNotificationCenter", "name": "com.apple.UserNotificationCenter.plist", "path": "/System/Library/LaunchDaemons/com.apple.UserNotificationCenter.plist", - "label": "com.apple.UserNotificationCenter" + "program_arguments": "/System/Library/CoreServices/uncd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.UserNotificationCenter\",\"name\":\"com.apple.UserNotificationCenter.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.UserNotificationCenter.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/uncd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.WindowServer\",\"name\":\"com.apple.WindowServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.WindowServer.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer -daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.WindowServer.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer -daemon", + "label": "com.apple.WindowServer", "name": "com.apple.WindowServer.plist", "path": "/System/Library/LaunchDaemons/com.apple.WindowServer.plist", - "label": "com.apple.WindowServer" - }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "program_arguments": "/System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer -daemon" + }, + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.WindowServer\",\"name\":\"com.apple.WindowServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.WindowServer.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer -daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.WirelessRadioManager\",\"name\":\"com.apple.WirelessRadioManager-osx.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.WirelessRadioManager-osx.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/WirelessRadioManagerd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.WirelessRadioManager-osx.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/WirelessRadioManagerd", + "label": "com.apple.WirelessRadioManager", "name": "com.apple.WirelessRadioManager-osx.plist", "path": "/System/Library/LaunchDaemons/com.apple.WirelessRadioManager-osx.plist", - "label": "com.apple.WirelessRadioManager" + "program_arguments": "/usr/sbin/WirelessRadioManagerd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.WirelessRadioManager\",\"name\":\"com.apple.WirelessRadioManager-osx.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.WirelessRadioManager-osx.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/WirelessRadioManagerd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.accessoryd\",\"name\":\"com.apple.accessoryd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.accessoryd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreAccessories.framework/Support/accessoryd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.accessoryd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CoreAccessories.framework/Support/accessoryd", + "label": "com.apple.accessoryd", "name": "com.apple.accessoryd.plist", "path": "/System/Library/LaunchDaemons/com.apple.accessoryd.plist", - "label": "com.apple.accessoryd" + "program_arguments": "/System/Library/PrivateFrameworks/CoreAccessories.framework/Support/accessoryd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.accessoryd\",\"name\":\"com.apple.accessoryd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.accessoryd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreAccessories.framework/Support/accessoryd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_fpsd\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.adid\",\"name\":\"com.apple.adid.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.adid.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CoreADI.framework/adid\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_fpsd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.adid.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "path": "/System/Library/LaunchDaemons/com.apple.adid.plist", - "run_at_load": "0", - "name": "com.apple.adid.plist", + "groupname": "_fpsd", "label": "com.apple.adid", + "name": "com.apple.adid.plist", + "path": "/System/Library/LaunchDaemons/com.apple.adid.plist", "program": "/System/Library/PrivateFrameworks/CoreADI.framework/adid", - "groupname": "_fpsd", + "run_at_load": "0", "username": "_fpsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_fpsd\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.adid\",\"name\":\"com.apple.adid.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.adid.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CoreADI.framework/adid\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_fpsd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.afpfs_afpLoad\",\"name\":\"com.apple.afpfs_afpLoad.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.afpfs_afpLoad.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Filesystems/AppleShare/afpLoad\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.afpfs_afpLoad.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Filesystems/AppleShare/afpLoad", + "label": "com.apple.afpfs_afpLoad", "name": "com.apple.afpfs_afpLoad.plist", "path": "/System/Library/LaunchDaemons/com.apple.afpfs_afpLoad.plist", - "label": "com.apple.afpfs_afpLoad" + "program_arguments": "/System/Library/Filesystems/AppleShare/afpLoad" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.afpfs_afpLoad\",\"name\":\"com.apple.afpfs_afpLoad.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.afpfs_afpLoad.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Filesystems/AppleShare/afpLoad\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.afpfs_checkafp\",\"name\":\"com.apple.afpfs_checkafp.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.afpfs_checkafp.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.afpfs_checkafp.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp", + "label": "com.apple.afpfs_checkafp", "name": "com.apple.afpfs_checkafp.plist", "path": "/System/Library/LaunchDaemons/com.apple.afpfs_checkafp.plist", - "label": "com.apple.afpfs_checkafp" + "program_arguments": "/System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.afpfs_checkafp\",\"name\":\"com.apple.afpfs_checkafp.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.afpfs_checkafp.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.airport.wps\",\"name\":\"com.apple.airport.wps.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.airport.wps.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/wps\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.airport.wps.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/wps", + "label": "com.apple.airport.wps", "name": "com.apple.airport.wps.plist", "path": "/System/Library/LaunchDaemons/com.apple.airport.wps.plist", - "label": "com.apple.airport.wps" + "program_arguments": "/usr/libexec/wps" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.airport.wps\",\"name\":\"com.apple.airport.wps.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.airport.wps.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/wps\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.airportd\",\"name\":\"com.apple.airportd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.airportd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/airportd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.airportd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.airportd", "name": "com.apple.airportd.plist", "path": "/System/Library/LaunchDaemons/com.apple.airportd.plist", - "label": "com.apple.airportd", "program": "/usr/libexec/airportd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.airportd\",\"name\":\"com.apple.airportd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.airportd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/airportd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.akd\",\"name\":\"com.apple.akd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.akd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.akd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd", + "label": "com.apple.akd", "name": "com.apple.akd.plist", "path": "/System/Library/LaunchDaemons/com.apple.akd.plist", - "label": "com.apple.akd" + "program_arguments": "/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.akd\",\"name\":\"com.apple.akd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.akd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.alf\",\"name\":\"com.apple.alf.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.alf.agent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/ApplicationFirewall/socketfilterfw\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/var/log/alf.log\",\"stdout_path\":\"/var/log/alf.log\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.alf.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.alf", "name": "com.apple.alf.agent.plist", "path": "/System/Library/LaunchDaemons/com.apple.alf.agent.plist", + "program": "/usr/libexec/ApplicationFirewall/socketfilterfw", "stderr_path": "/var/log/alf.log", - "stdout_path": "/var/log/alf.log", - "label": "com.apple.alf", - "program": "/usr/libexec/ApplicationFirewall/socketfilterfw" + "stdout_path": "/var/log/alf.log" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.alf\",\"name\":\"com.apple.alf.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.alf.agent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/ApplicationFirewall/socketfilterfw\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/var/log/alf.log\",\"stdout_path\":\"/var/log/alf.log\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.analyticsd\",\"name\":\"com.apple.analyticsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.analyticsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_analyticsd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.analyticsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd", + "label": "com.apple.analyticsd", "name": "com.apple.analyticsd.plist", "path": "/System/Library/LaunchDaemons/com.apple.analyticsd.plist", - "label": "com.apple.analyticsd", + "program_arguments": "/System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd", "username": "_analyticsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.analyticsd\",\"name\":\"com.apple.analyticsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.analyticsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_analyticsd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.apfsd\",\"name\":\"com.apple.apfsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.apfsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/apfsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.apfsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/apfsd", + "label": "com.apple.apfsd", "name": "com.apple.apfsd.plist", "path": "/System/Library/LaunchDaemons/com.apple.apfsd.plist", - "label": "com.apple.apfsd" + "program_arguments": "/usr/libexec/apfsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.apfsd\",\"name\":\"com.apple.apfsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.apfsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/apfsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.appleseed.fbahelperd\",\"name\":\"com.apple.appleseed.fbahelperd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.appleseed.fbahelperd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/fbahelperd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.appleseed.fbahelperd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.appleseed.fbahelperd", "name": "com.apple.appleseed.fbahelperd.plist", "path": "/System/Library/LaunchDaemons/com.apple.appleseed.fbahelperd.plist", - "label": "com.apple.appleseed.fbahelperd", "program": "/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/fbahelperd" - }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + }, + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.appleseed.fbahelperd\",\"name\":\"com.apple.appleseed.fbahelperd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.appleseed.fbahelperd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/fbahelperd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.applessdstatistics\",\"name\":\"com.apple.applessdstatistics.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.applessdstatistics.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/applessdstatistics\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.applessdstatistics.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/applessdstatistics", + "label": "com.apple.applessdstatistics", "name": "com.apple.applessdstatistics.plist", "path": "/System/Library/LaunchDaemons/com.apple.applessdstatistics.plist", - "label": "com.apple.applessdstatistics", + "program_arguments": "/usr/libexec/applessdstatistics", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.applessdstatistics\",\"name\":\"com.apple.applessdstatistics.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.applessdstatistics.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/applessdstatistics\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.apsd\",\"name\":\"com.apple.apsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.apsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/ApplePushService.framework/apsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.apsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/ApplePushService.framework/apsd", + "label": "com.apple.apsd", "name": "com.apple.apsd.plist", "path": "/System/Library/LaunchDaemons/com.apple.apsd.plist", - "label": "com.apple.apsd", + "program_arguments": "/System/Library/PrivateFrameworks/ApplePushService.framework/apsd", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.apsd\",\"name\":\"com.apple.apsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.apsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/ApplePushService.framework/apsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.aslmanager\",\"name\":\"com.apple.aslmanager.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.aslmanager.plist\",\"process_type\":\"\",\"program\":\"/usr/sbin/aslmanager\",\"program_arguments\":\"aslmanager\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.aslmanager.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "aslmanager", + "label": "com.apple.aslmanager", "name": "com.apple.aslmanager.plist", "path": "/System/Library/LaunchDaemons/com.apple.aslmanager.plist", - "label": "com.apple.aslmanager", - "program": "/usr/sbin/aslmanager" + "program": "/usr/sbin/aslmanager", + "program_arguments": "aslmanager" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.aslmanager\",\"name\":\"com.apple.aslmanager.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.aslmanager.plist\",\"process_type\":\"\",\"program\":\"/usr/sbin/aslmanager\",\"program_arguments\":\"aslmanager\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.atrun\",\"name\":\"com.apple.atrun.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.atrun.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/atrun\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"30\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.atrun.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/atrun", - "name": "com.apple.atrun.plist", - "path": "/System/Library/LaunchDaemons/com.apple.atrun.plist", "disabled": "1", "label": "com.apple.atrun", + "name": "com.apple.atrun.plist", + "path": "/System/Library/LaunchDaemons/com.apple.atrun.plist", + "program_arguments": "/usr/libexec/atrun", "start_interval": "30" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.atrun\",\"name\":\"com.apple.atrun.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.atrun.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/atrun\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"30\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.audio.AudioComponentRegistrar\",\"name\":\"com.apple.audio.AudioComponentRegistrar.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.audio.AudioComponentRegistrar.daemon.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.audio.AudioComponentRegistrar.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon", + "label": "com.apple.audio.AudioComponentRegistrar", "name": "com.apple.audio.AudioComponentRegistrar.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.audio.AudioComponentRegistrar.daemon.plist", "process_type": "Adaptive", - "label": "com.apple.audio.AudioComponentRegistrar" + "program_arguments": "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.audio.AudioComponentRegistrar\",\"name\":\"com.apple.audio.AudioComponentRegistrar.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.audio.AudioComponentRegistrar.daemon.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_coreaudiod\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.audio.coreaudiod\",\"name\":\"com.apple.audio.coreaudiod.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.audio.coreaudiod.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/coreaudiod\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_coreaudiod\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.audio.coreaudiod.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/coreaudiod", + "groupname": "_coreaudiod", + "label": "com.apple.audio.coreaudiod", "name": "com.apple.audio.coreaudiod.plist", "path": "/System/Library/LaunchDaemons/com.apple.audio.coreaudiod.plist", - "label": "com.apple.audio.coreaudiod", - "groupname": "_coreaudiod", + "program_arguments": "/usr/sbin/coreaudiod", "username": "_coreaudiod" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_coreaudiod\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.audio.coreaudiod\",\"name\":\"com.apple.audio.coreaudiod.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.audio.coreaudiod.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/coreaudiod\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_coreaudiod\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.audio.systemsoundserverd\",\"name\":\"com.apple.audio.systemsoundserverd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.audio.systemsoundserverd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/systemsoundserverd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.audio.systemsoundserverd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/systemsoundserverd", + "label": "com.apple.audio.systemsoundserverd", "name": "com.apple.audio.systemsoundserverd.plist", "path": "/System/Library/LaunchDaemons/com.apple.audio.systemsoundserverd.plist", - "label": "com.apple.audio.systemsoundserverd" + "program_arguments": "/usr/sbin/systemsoundserverd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.audio.systemsoundserverd\",\"name\":\"com.apple.audio.systemsoundserverd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.audio.systemsoundserverd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/systemsoundserverd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.auditd\",\"name\":\"com.apple.auditd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.auditd.plist\",\"process_type\":\"\",\"program\":\"/usr/sbin/auditd\",\"program_arguments\":\"auditd -l\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.auditd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "auditd -l", + "label": "com.apple.auditd", "name": "com.apple.auditd.plist", "path": "/System/Library/LaunchDaemons/com.apple.auditd.plist", - "label": "com.apple.auditd", - "program": "/usr/sbin/auditd" + "program": "/usr/sbin/auditd", + "program_arguments": "auditd -l" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.auditd\",\"name\":\"com.apple.auditd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.auditd.plist\",\"process_type\":\"\",\"program\":\"/usr/sbin/auditd\",\"program_arguments\":\"auditd -l\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.autofsd\",\"name\":\"com.apple.autofsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.autofsd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/autofsd\",\"program_arguments\":\"autofsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.autofsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "autofsd", + "keep_alive": "1", + "label": "com.apple.autofsd", "name": "com.apple.autofsd.plist", "path": "/System/Library/LaunchDaemons/com.apple.autofsd.plist", - "label": "com.apple.autofsd", "program": "/usr/libexec/autofsd", - "keep_alive": "1" + "program_arguments": "autofsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.autofsd\",\"name\":\"com.apple.autofsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.autofsd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/autofsd\",\"program_arguments\":\"autofsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.automountd\",\"name\":\"com.apple.automountd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.automountd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/automountd\",\"program_arguments\":\"automountd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.automountd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "automountd", + "label": "com.apple.automountd", "name": "com.apple.automountd.plist", "path": "/System/Library/LaunchDaemons/com.apple.automountd.plist", - "label": "com.apple.automountd", - "program": "/usr/libexec/automountd" + "program": "/usr/libexec/automountd", + "program_arguments": "automountd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.automountd\",\"name\":\"com.apple.automountd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.automountd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/automountd\",\"program_arguments\":\"automountd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.avbdeviced\",\"name\":\"com.apple.avbdeviced.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.avbdeviced.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/avbdeviced\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.avbdeviced.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/avbdeviced", + "label": "com.apple.avbdeviced", "name": "com.apple.avbdeviced.plist", "path": "/System/Library/LaunchDaemons/com.apple.avbdeviced.plist", "process_type": "Interactive", - "label": "com.apple.avbdeviced" + "program_arguments": "/usr/sbin/avbdeviced" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.avbdeviced\",\"name\":\"com.apple.avbdeviced.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.avbdeviced.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/avbdeviced\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.awacsd\",\"name\":\"com.apple.awacsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.awacsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/awacsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.awacsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/awacsd", + "label": "com.apple.awacsd", "name": "com.apple.awacsd.plist", "path": "/System/Library/LaunchDaemons/com.apple.awacsd.plist", - "label": "com.apple.awacsd" + "program_arguments": "/usr/libexec/awacsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.awacsd\",\"name\":\"com.apple.awacsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.awacsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/awacsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.awdd\",\"name\":\"com.apple.awdd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.awdd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/WirelessDiagnostics.framework/Support/awdd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.awdd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/WirelessDiagnostics.framework/Support/awdd", + "label": "com.apple.awdd", "name": "com.apple.awdd.plist", "path": "/System/Library/LaunchDaemons/com.apple.awdd.plist", - "label": "com.apple.awdd" + "program_arguments": "/System/Library/PrivateFrameworks/WirelessDiagnostics.framework/Support/awdd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.awdd\",\"name\":\"com.apple.awdd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.awdd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/WirelessDiagnostics.framework/Support/awdd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.backupd-helper\",\"name\":\"com.apple.backupd-helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.backupd-helper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper -launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.backupd-helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper -launchd", - "path": "/System/Library/LaunchDaemons/com.apple.backupd-helper.plist", - "run_at_load": "1", - "name": "com.apple.backupd-helper.plist", "disabled": "0", + "keep_alive": "1", "label": "com.apple.backupd-helper", - "keep_alive": "1" + "name": "com.apple.backupd-helper.plist", + "path": "/System/Library/LaunchDaemons/com.apple.backupd-helper.plist", + "program_arguments": "/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper -launchd", + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.backupd-helper\",\"name\":\"com.apple.backupd-helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.backupd-helper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper -launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.backupd\",\"name\":\"com.apple.backupd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.backupd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.backupd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.backupd", "name": "com.apple.backupd.plist", "path": "/System/Library/LaunchDaemons/com.apple.backupd.plist", - "label": "com.apple.backupd", "program": "/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.backupd\",\"name\":\"com.apple.backupd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.backupd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.biokitaggdd\",\"name\":\"com.apple.biokitaggdd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.biokitaggdd.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/biokitaggdd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.biokitaggdd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/biokitaggdd", + "label": "com.apple.biokitaggdd", "name": "com.apple.biokitaggdd.plist", "path": "/System/Library/LaunchDaemons/com.apple.biokitaggdd.plist", "process_type": "Background", - "label": "com.apple.biokitaggdd" + "program_arguments": "/usr/libexec/biokitaggdd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.biokitaggdd\",\"name\":\"com.apple.biokitaggdd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.biokitaggdd.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/biokitaggdd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.biometrickitd\",\"name\":\"com.apple.biometrickitd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.biometrickitd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/biometrickitd --launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.biometrickitd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/biometrickitd --launchd", + "label": "com.apple.biometrickitd", "name": "com.apple.biometrickitd.plist", "path": "/System/Library/LaunchDaemons/com.apple.biometrickitd.plist", - "label": "com.apple.biometrickitd" + "program_arguments": "/usr/libexec/biometrickitd --launchd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.biometrickitd\",\"name\":\"com.apple.biometrickitd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.biometrickitd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/biometrickitd --launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bluetoothReporter\",\"name\":\"com.apple.bluetoothReporter.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bluetoothReporter.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/IOBluetooth.framework/Versions/A/Resources/BluetoothReporter --dumpPacketLog /private/var/log/bluetooth.pklg\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.bluetoothReporter.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/IOBluetooth.framework/Versions/A/Resources/BluetoothReporter --dumpPacketLog /private/var/log/bluetooth.pklg", + "label": "com.apple.bluetoothReporter", "name": "com.apple.bluetoothReporter.plist", "path": "/System/Library/LaunchDaemons/com.apple.bluetoothReporter.plist", - "label": "com.apple.bluetoothReporter" + "program_arguments": "/System/Library/Frameworks/IOBluetooth.framework/Versions/A/Resources/BluetoothReporter --dumpPacketLog /private/var/log/bluetooth.pklg" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bluetoothReporter\",\"name\":\"com.apple.bluetoothReporter.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bluetoothReporter.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/IOBluetooth.framework/Versions/A/Resources/BluetoothReporter --dumpPacketLog /private/var/log/bluetooth.pklg\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bluetoothaudiod\",\"name\":\"com.apple.bluetoothaudiod.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bluetoothaudiod.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/bluetoothaudiod\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.bluetoothaudiod.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/bluetoothaudiod", + "label": "com.apple.bluetoothaudiod", "name": "com.apple.bluetoothaudiod.plist", "path": "/System/Library/LaunchDaemons/com.apple.bluetoothaudiod.plist", "process_type": "Interactive", - "label": "com.apple.bluetoothaudiod" + "program_arguments": "/usr/sbin/bluetoothaudiod" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bluetoothaudiod\",\"name\":\"com.apple.bluetoothaudiod.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bluetoothaudiod.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/bluetoothaudiod\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bluetoothd\",\"name\":\"com.apple.bluetoothd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bluetoothd.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/sbin/bluetoothd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.bluetoothd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.bluetoothd", "name": "com.apple.bluetoothd.plist", "path": "/System/Library/LaunchDaemons/com.apple.bluetoothd.plist", "process_type": "Interactive", - "label": "com.apple.bluetoothd", "program": "/usr/sbin/bluetoothd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bluetoothd\",\"name\":\"com.apple.bluetoothd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bluetoothd.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/sbin/bluetoothd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bnepd\",\"name\":\"com.apple.bnepd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bnepd.plist\",\"process_type\":\"\",\"program\":\"/usr/sbin/bnepd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.bnepd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.bnepd", "name": "com.apple.bnepd.plist", "path": "/System/Library/LaunchDaemons/com.apple.bnepd.plist", - "label": "com.apple.bnepd", "program": "/usr/sbin/bnepd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bnepd\",\"name\":\"com.apple.bnepd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bnepd.plist\",\"process_type\":\"\",\"program\":\"/usr/sbin/bnepd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bootinstalld\",\"name\":\"com.apple.bootinstalld.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bootinstalld.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/bootinstalld\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.bootinstalld.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/bootinstalld", + "label": "com.apple.bootinstalld", "name": "com.apple.bootinstalld.plist", "path": "/System/Library/LaunchDaemons/com.apple.bootinstalld.plist", - "label": "com.apple.bootinstalld" + "program_arguments": "/usr/libexec/bootinstalld" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bootinstalld\",\"name\":\"com.apple.bootinstalld.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bootinstalld.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/bootinstalld\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bridgeOSUpdateProxy\",\"name\":\"com.apple.bridgeOSUpdateProxy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bridgeOSUpdateProxy.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/BridgeOSSoftwareUpdate.framework/Support/bridgeOSUpdateProxy\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_softwareupdate\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.bridgeOSUpdateProxy.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/BridgeOSSoftwareUpdate.framework/Support/bridgeOSUpdateProxy", + "label": "com.apple.bridgeOSUpdateProxy", "name": "com.apple.bridgeOSUpdateProxy.plist", "path": "/System/Library/LaunchDaemons/com.apple.bridgeOSUpdateProxy.plist", - "label": "com.apple.bridgeOSUpdateProxy", + "program_arguments": "/System/Library/PrivateFrameworks/BridgeOSSoftwareUpdate.framework/Support/bridgeOSUpdateProxy", "username": "_softwareupdate" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bridgeOSUpdateProxy\",\"name\":\"com.apple.bridgeOSUpdateProxy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bridgeOSUpdateProxy.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/BridgeOSSoftwareUpdate.framework/Support/bridgeOSUpdateProxy\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_softwareupdate\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bsd.dirhelper\",\"name\":\"com.apple.bsd.dirhelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bsd.dirhelper.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/dirhelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.bsd.dirhelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/dirhelper", + "label": "com.apple.bsd.dirhelper", "name": "com.apple.bsd.dirhelper.plist", "path": "/System/Library/LaunchDaemons/com.apple.bsd.dirhelper.plist", "process_type": "Adaptive", - "label": "com.apple.bsd.dirhelper", + "program_arguments": "/usr/libexec/dirhelper", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bsd.dirhelper\",\"name\":\"com.apple.bsd.dirhelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.bsd.dirhelper.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/dirhelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.captiveagent\",\"name\":\"com.apple.captiveagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.captiveagent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/captiveagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_captiveagent\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.captiveagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.captiveagent", "name": "com.apple.captiveagent.plist", "path": "/System/Library/LaunchDaemons/com.apple.captiveagent.plist", "process_type": "Adaptive", - "label": "com.apple.captiveagent", "program": "/usr/libexec/captiveagent", "username": "_captiveagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.captiveagent\",\"name\":\"com.apple.captiveagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.captiveagent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/captiveagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_captiveagent\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cfprefsd.xpc.daemon\",\"name\":\"com.apple.cfprefsd.xpc.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cfprefsd.xpc.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/cfprefsd daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.cfprefsd.xpc.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/cfprefsd daemon", + "label": "com.apple.cfprefsd.xpc.daemon", "name": "com.apple.cfprefsd.xpc.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.cfprefsd.xpc.daemon.plist", - "label": "com.apple.cfprefsd.xpc.daemon" + "program_arguments": "/usr/sbin/cfprefsd daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cfprefsd.xpc.daemon\",\"name\":\"com.apple.cfprefsd.xpc.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cfprefsd.xpc.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/cfprefsd daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_cmiodalassistants\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmio.AVCAssistant\",\"name\":\"com.apple.cmio.AVCAssistant.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cmio.AVCAssistant.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreMediaIO.framework/Resources/AVC.plugin/Contents/Resources/AVCAssistant\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_cmiodalassistants\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.cmio.AVCAssistant.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreMediaIO.framework/Resources/AVC.plugin/Contents/Resources/AVCAssistant", + "groupname": "_cmiodalassistants", + "label": "com.apple.cmio.AVCAssistant", "name": "com.apple.cmio.AVCAssistant.plist", "path": "/System/Library/LaunchDaemons/com.apple.cmio.AVCAssistant.plist", - "label": "com.apple.cmio.AVCAssistant", - "groupname": "_cmiodalassistants", + "program_arguments": "/System/Library/Frameworks/CoreMediaIO.framework/Resources/AVC.plugin/Contents/Resources/AVCAssistant", "username": "_cmiodalassistants" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_cmiodalassistants\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmio.AVCAssistant\",\"name\":\"com.apple.cmio.AVCAssistant.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cmio.AVCAssistant.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreMediaIO.framework/Resources/AVC.plugin/Contents/Resources/AVCAssistant\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_cmiodalassistants\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_cmiodalassistants\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmio.AppleCameraAssistant\",\"name\":\"com.apple.cmio.AppleCameraAssistant.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cmio.AppleCameraAssistant.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/Resources/AppleCameraAssistant\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_cmiodalassistants\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.cmio.AppleCameraAssistant.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/Resources/AppleCameraAssistant", - "path": "/System/Library/LaunchDaemons/com.apple.cmio.AppleCameraAssistant.plist", + "groupname": "_cmiodalassistants", + "label": "com.apple.cmio.AppleCameraAssistant", "name": "com.apple.cmio.AppleCameraAssistant.plist", + "path": "/System/Library/LaunchDaemons/com.apple.cmio.AppleCameraAssistant.plist", "process_type": "Interactive", - "label": "com.apple.cmio.AppleCameraAssistant", - "groupname": "_cmiodalassistants", + "program_arguments": "/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/Resources/AppleCameraAssistant", "username": "_cmiodalassistants" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_cmiodalassistants\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmio.AppleCameraAssistant\",\"name\":\"com.apple.cmio.AppleCameraAssistant.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cmio.AppleCameraAssistant.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/Resources/AppleCameraAssistant\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_cmiodalassistants\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_cmiodalassistants\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmio.IIDCVideoAssistant\",\"name\":\"com.apple.cmio.IIDCVideoAssistant.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cmio.IIDCVideoAssistant.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreMediaIO.framework/Resources/IIDC.plugin/Contents/Resources/IIDCVideoAssistant\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_cmiodalassistants\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.cmio.IIDCVideoAssistant.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreMediaIO.framework/Resources/IIDC.plugin/Contents/Resources/IIDCVideoAssistant", + "groupname": "_cmiodalassistants", + "label": "com.apple.cmio.IIDCVideoAssistant", "name": "com.apple.cmio.IIDCVideoAssistant.plist", "path": "/System/Library/LaunchDaemons/com.apple.cmio.IIDCVideoAssistant.plist", - "label": "com.apple.cmio.IIDCVideoAssistant", - "groupname": "_cmiodalassistants", + "program_arguments": "/System/Library/Frameworks/CoreMediaIO.framework/Resources/IIDC.plugin/Contents/Resources/IIDCVideoAssistant", "username": "_cmiodalassistants" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_cmiodalassistants\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmio.IIDCVideoAssistant\",\"name\":\"com.apple.cmio.IIDCVideoAssistant.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cmio.IIDCVideoAssistant.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreMediaIO.framework/Resources/IIDC.plugin/Contents/Resources/IIDCVideoAssistant\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_cmiodalassistants\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_cmiodalassistants\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmio.VDCAssistant\",\"name\":\"com.apple.cmio.VDCAssistant.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cmio.VDCAssistant.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreMediaIO.framework/Resources/VDC.plugin/Contents/Resources/VDCAssistant\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_cmiodalassistants\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.cmio.VDCAssistant.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreMediaIO.framework/Resources/VDC.plugin/Contents/Resources/VDCAssistant", + "groupname": "_cmiodalassistants", + "label": "com.apple.cmio.VDCAssistant", "name": "com.apple.cmio.VDCAssistant.plist", "path": "/System/Library/LaunchDaemons/com.apple.cmio.VDCAssistant.plist", - "label": "com.apple.cmio.VDCAssistant", - "groupname": "_cmiodalassistants", + "program_arguments": "/System/Library/Frameworks/CoreMediaIO.framework/Resources/VDC.plugin/Contents/Resources/VDCAssistant", "username": "_cmiodalassistants" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_cmiodalassistants\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmio.VDCAssistant\",\"name\":\"com.apple.cmio.VDCAssistant.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cmio.VDCAssistant.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreMediaIO.framework/Resources/VDC.plugin/Contents/Resources/VDCAssistant\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_cmiodalassistants\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmio.iOSScreenCaptureAssistant\",\"name\":\"com.apple.cmio.iOSScreenCaptureAssistant.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cmio.iOSScreenCaptureAssistant.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreMediaIO.framework/Resources/iOSScreenCapture.plugin/Contents/Resources/iOSScreenCaptureAssistant\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.cmio.iOSScreenCaptureAssistant.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreMediaIO.framework/Resources/iOSScreenCapture.plugin/Contents/Resources/iOSScreenCaptureAssistant", + "label": "com.apple.cmio.iOSScreenCaptureAssistant", "name": "com.apple.cmio.iOSScreenCaptureAssistant.plist", "path": "/System/Library/LaunchDaemons/com.apple.cmio.iOSScreenCaptureAssistant.plist", - "label": "com.apple.cmio.iOSScreenCaptureAssistant" + "program_arguments": "/System/Library/Frameworks/CoreMediaIO.framework/Resources/iOSScreenCapture.plugin/Contents/Resources/iOSScreenCaptureAssistant" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmio.iOSScreenCaptureAssistant\",\"name\":\"com.apple.cmio.iOSScreenCaptureAssistant.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cmio.iOSScreenCaptureAssistant.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreMediaIO.framework/Resources/iOSScreenCapture.plugin/Contents/Resources/iOSScreenCaptureAssistant\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.colorsync.displayservices\",\"name\":\"com.apple.colorsync.displayservices.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.colorsync.displayservices.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/colorsync.displayservices\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.colorsync.displayservices.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/colorsync.displayservices", + "label": "com.apple.colorsync.displayservices", "name": "com.apple.colorsync.displayservices.plist", "path": "/System/Library/LaunchDaemons/com.apple.colorsync.displayservices.plist", "process_type": "Adaptive", - "label": "com.apple.colorsync.displayservices", + "program_arguments": "/usr/libexec/colorsync.displayservices", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.colorsync.displayservices\",\"name\":\"com.apple.colorsync.displayservices.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.colorsync.displayservices.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/colorsync.displayservices\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.colorsyncd\",\"name\":\"com.apple.colorsyncd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.colorsyncd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/colorsyncd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.colorsyncd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/colorsyncd", + "label": "com.apple.colorsyncd", "name": "com.apple.colorsyncd.plist", "path": "/System/Library/LaunchDaemons/com.apple.colorsyncd.plist", "process_type": "Adaptive", - "label": "com.apple.colorsyncd", + "program_arguments": "/usr/libexec/colorsyncd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.colorsyncd\",\"name\":\"com.apple.colorsyncd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.colorsyncd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/colorsyncd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.commerced\",\"name\":\"com.apple.commerced.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.commerced.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerced\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.commerced.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.commerced", "name": "com.apple.commerced.plist", "path": "/System/Library/LaunchDaemons/com.apple.commerced.plist", - "label": "com.apple.commerced", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerced" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.commerced\",\"name\":\"com.apple.commerced.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.commerced.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerced\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.comsat\",\"name\":\"com.apple.comsat.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.comsat.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/comsat\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.comsat.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/comsat", + "disabled": "1", + "label": "com.apple.comsat", "name": "com.apple.comsat.plist", "path": "/System/Library/LaunchDaemons/com.apple.comsat.plist", - "disabled": "1", - "label": "com.apple.comsat" + "program_arguments": "/usr/libexec/comsat" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.comsat\",\"name\":\"com.apple.comsat.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.comsat.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/comsat\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.configd\",\"name\":\"com.apple.configd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.configd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/configd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.configd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/configd", + "keep_alive": "1", + "label": "com.apple.configd", "name": "com.apple.configd.plist", "path": "/System/Library/LaunchDaemons/com.apple.configd.plist", - "label": "com.apple.configd", - "keep_alive": "1" + "program_arguments": "/usr/libexec/configd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.configd\",\"name\":\"com.apple.configd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.configd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/configd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.configureLocalKDC\",\"name\":\"com.apple.configureLocalKDC.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.configureLocalKDC.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/configureLocalKDC\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.configureLocalKDC.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/configureLocalKDC", + "label": "com.apple.configureLocalKDC", "name": "com.apple.configureLocalKDC.plist", "path": "/System/Library/LaunchDaemons/com.apple.configureLocalKDC.plist", - "label": "com.apple.configureLocalKDC" + "program_arguments": "/usr/libexec/configureLocalKDC" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.configureLocalKDC\",\"name\":\"com.apple.configureLocalKDC.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.configureLocalKDC.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/configureLocalKDC\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.corebrightnessd\",\"name\":\"com.apple.corebrightnessd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.corebrightnessd.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/corebrightnessd --launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.corebrightnessd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/corebrightnessd --launchd", + "keep_alive": "1", + "label": "com.apple.corebrightnessd", "name": "com.apple.corebrightnessd.plist", "path": "/System/Library/LaunchDaemons/com.apple.corebrightnessd.plist", "process_type": "Interactive", - "label": "com.apple.corebrightnessd", - "keep_alive": "1" + "program_arguments": "/usr/libexec/corebrightnessd --launchd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.corebrightnessd\",\"name\":\"com.apple.corebrightnessd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.corebrightnessd.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/corebrightnessd --launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.corecaptured\",\"name\":\"com.apple.corecaptured.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.corecaptured.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/corecaptured\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"86400\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.corecaptured.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/corecaptured", + "label": "com.apple.corecaptured", "name": "com.apple.corecaptured.plist", "path": "/System/Library/LaunchDaemons/com.apple.corecaptured.plist", - "label": "com.apple.corecaptured", + "program_arguments": "/usr/libexec/corecaptured", "start_interval": "86400" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.corecaptured\",\"name\":\"com.apple.corecaptured.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.corecaptured.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/corecaptured\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"86400\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.coreduetd\",\"name\":\"com.apple.coreduetd.osx.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreduetd.osx.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/coreduetd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.coreduetd.osx.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "path": "/System/Library/LaunchDaemons/com.apple.coreduetd.osx.plist", - "run_at_load": "1", + "keep_alive": "0", + "label": "com.apple.coreduetd", "name": "com.apple.coreduetd.osx.plist", + "path": "/System/Library/LaunchDaemons/com.apple.coreduetd.osx.plist", "process_type": "Adaptive", - "label": "com.apple.coreduetd", "program": "/usr/libexec/coreduetd", - "keep_alive": "0" + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.coreduetd\",\"name\":\"com.apple.coreduetd.osx.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreduetd.osx.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/coreduetd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.appleevents\",\"name\":\"com.apple.coreservices.appleevents.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreservices.appleevents.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/appleeventsd --server\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_appleevents\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.coreservices.appleevents.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/appleeventsd --server", + "label": "com.apple.coreservices.appleevents", "name": "com.apple.coreservices.appleevents.plist", "path": "/System/Library/LaunchDaemons/com.apple.coreservices.appleevents.plist", - "label": "com.apple.coreservices.appleevents", + "program_arguments": "/System/Library/CoreServices/appleeventsd --server", "run_at_load": "1", "username": "_appleevents" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.appleevents\",\"name\":\"com.apple.coreservices.appleevents.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreservices.appleevents.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/appleeventsd --server\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_appleevents\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.appleid.passwordcheck\",\"name\":\"com.apple.coreservices.appleid.passwordcheck.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreservices.appleid.passwordcheck.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/AppleIDAuthAgent --checkpassword\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.coreservices.appleid.passwordcheck.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/AppleIDAuthAgent --checkpassword", - "name": "com.apple.coreservices.appleid.passwordcheck.plist", - "path": "/System/Library/LaunchDaemons/com.apple.coreservices.appleid.passwordcheck.plist", "disabled": "0", "label": "com.apple.coreservices.appleid.passwordcheck", + "name": "com.apple.coreservices.appleid.passwordcheck.plist", + "path": "/System/Library/LaunchDaemons/com.apple.coreservices.appleid.passwordcheck.plist", + "program_arguments": "/System/Library/CoreServices/AppleIDAuthAgent --checkpassword", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.appleid.passwordcheck\",\"name\":\"com.apple.coreservices.appleid.passwordcheck.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreservices.appleid.passwordcheck.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/AppleIDAuthAgent --checkpassword\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.launchservicesd\",\"name\":\"com.apple.coreservices.launchservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreservices.launchservicesd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/launchservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.coreservices.launchservicesd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/launchservicesd", + "label": "com.apple.coreservices.launchservicesd", "name": "com.apple.coreservices.launchservicesd.plist", "path": "/System/Library/LaunchDaemons/com.apple.coreservices.launchservicesd.plist", - "label": "com.apple.coreservices.launchservicesd", + "program_arguments": "/System/Library/CoreServices/launchservicesd", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.launchservicesd\",\"name\":\"com.apple.coreservices.launchservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreservices.launchservicesd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/launchservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.sharedfilelistd\",\"name\":\"com.apple.coreservices.sharedfilelistd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreservices.sharedfilelistd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/sharedfilelistd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.coreservices.sharedfilelistd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/sharedfilelistd", + "label": "com.apple.coreservices.sharedfilelistd", "name": "com.apple.coreservices.sharedfilelistd.plist", "path": "/System/Library/LaunchDaemons/com.apple.coreservices.sharedfilelistd.plist", - "label": "com.apple.coreservices.sharedfilelistd", + "program_arguments": "/System/Library/CoreServices/sharedfilelistd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.sharedfilelistd\",\"name\":\"com.apple.coreservices.sharedfilelistd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreservices.sharedfilelistd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/sharedfilelistd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservicesd\",\"name\":\"com.apple.coreservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreservicesd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/coreservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.coreservicesd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/coreservicesd", + "label": "com.apple.coreservicesd", "name": "com.apple.coreservicesd.plist", "path": "/System/Library/LaunchDaemons/com.apple.coreservicesd.plist", - "label": "com.apple.coreservicesd" + "program_arguments": "/System/Library/CoreServices/coreservicesd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservicesd\",\"name\":\"com.apple.coreservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coreservicesd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/coreservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.corestorage.corestoraged\",\"name\":\"com.apple.corestorage.corestoraged.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.corestorage.corestoraged.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/corestoraged\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.corestorage.corestoraged.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/corestoraged", + "label": "com.apple.corestorage.corestoraged", "name": "com.apple.corestorage.corestoraged.plist", "path": "/System/Library/LaunchDaemons/com.apple.corestorage.corestoraged.plist", - "label": "com.apple.corestorage.corestoraged" + "program_arguments": "/usr/libexec/corestoraged" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.corestorage.corestoraged\",\"name\":\"com.apple.corestorage.corestoraged.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.corestorage.corestoraged.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/corestoraged\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.corestorage.corestoragehelperd\",\"name\":\"com.apple.corestorage.corestoragehelperd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.corestorage.corestoragehelperd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/corestoragehelperd\",\"program_arguments\":\"corestoragehelperd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.corestorage.corestoragehelperd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "corestoragehelperd", + "label": "com.apple.corestorage.corestoragehelperd", "name": "com.apple.corestorage.corestoragehelperd.plist", "path": "/System/Library/LaunchDaemons/com.apple.corestorage.corestoragehelperd.plist", - "label": "com.apple.corestorage.corestoragehelperd", - "program": "/usr/libexec/corestoragehelperd" + "program": "/usr/libexec/corestoragehelperd", + "program_arguments": "corestoragehelperd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.corestorage.corestoragehelperd\",\"name\":\"com.apple.corestorage.corestoragehelperd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.corestorage.corestoragehelperd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/corestoragehelperd\",\"program_arguments\":\"corestoragehelperd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coresymbolicationd\",\"name\":\"com.apple.coresymbolicationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coresymbolicationd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreSymbolication.framework/coresymbolicationd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.coresymbolicationd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CoreSymbolication.framework/coresymbolicationd", + "label": "com.apple.coresymbolicationd", "name": "com.apple.coresymbolicationd.plist", "path": "/System/Library/LaunchDaemons/com.apple.coresymbolicationd.plist", - "label": "com.apple.coresymbolicationd" + "program_arguments": "/System/Library/PrivateFrameworks/CoreSymbolication.framework/coresymbolicationd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coresymbolicationd\",\"name\":\"com.apple.coresymbolicationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.coresymbolicationd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreSymbolication.framework/coresymbolicationd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.csrutil.report\",\"name\":\"com.apple.csrutil.report.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.csrutil.report.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/bin/csrutil report\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.csrutil.report.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/bin/csrutil report", + "label": "com.apple.csrutil.report", "name": "com.apple.csrutil.report.plist", "path": "/System/Library/LaunchDaemons/com.apple.csrutil.report.plist", - "label": "com.apple.csrutil.report" + "program_arguments": "/usr/bin/csrutil report" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.csrutil.report\",\"name\":\"com.apple.csrutil.report.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.csrutil.report.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/bin/csrutil report\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ctkd\",\"name\":\"com.apple.ctkd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ctkd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_ctkd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ctkd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -s", + "label": "com.apple.ctkd", "name": "com.apple.ctkd.plist", "path": "/System/Library/LaunchDaemons/com.apple.ctkd.plist", - "label": "com.apple.ctkd", + "program_arguments": "/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -s", "run_at_load": "0", "username": "_ctkd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ctkd\",\"name\":\"com.apple.ctkd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ctkd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_ctkd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsServ\",\"name\":\"com.apple.cvmsServ.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cvmsServ.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMServer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.cvmsServ.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMServer", + "label": "com.apple.cvmsServ", "name": "com.apple.cvmsServ.plist", "path": "/System/Library/LaunchDaemons/com.apple.cvmsServ.plist", - "label": "com.apple.cvmsServ" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMServer" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsServ\",\"name\":\"com.apple.cvmsServ.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.cvmsServ.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMServer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.dasd\",\"name\":\"com.apple.dasd-OSX.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dasd-OSX.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/dasd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.dasd-OSX.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "path": "/System/Library/LaunchDaemons/com.apple.dasd-OSX.plist", - "run_at_load": "1", + "keep_alive": "1", + "label": "com.apple.dasd", "name": "com.apple.dasd-OSX.plist", + "path": "/System/Library/LaunchDaemons/com.apple.dasd-OSX.plist", "process_type": "Adaptive", - "label": "com.apple.dasd", "program": "/usr/libexec/dasd", - "keep_alive": "1" + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.dasd\",\"name\":\"com.apple.dasd-OSX.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dasd-OSX.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/dasd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.defragx\",\"name\":\"com.apple.defragx.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.defragx.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/defragx\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.defragx.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/defragx", + "label": "com.apple.defragx", "name": "com.apple.defragx.plist", "path": "/System/Library/LaunchDaemons/com.apple.defragx.plist", "process_type": "Background", - "label": "com.apple.defragx" + "program_arguments": "/usr/libexec/defragx" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.defragx\",\"name\":\"com.apple.defragx.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.defragx.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/defragx\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticd\",\"name\":\"com.apple.diagnosticd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/diagnosticd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.diagnosticd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.diagnosticd", "name": "com.apple.diagnosticd.plist", "path": "/System/Library/LaunchDaemons/com.apple.diagnosticd.plist", - "label": "com.apple.diagnosticd", "program": "/usr/libexec/diagnosticd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticd\",\"name\":\"com.apple.diagnosticd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/diagnosticd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticextensions.osx.bluetooth.helper\",\"name\":\"com.apple.diagnosticextensions.osx.bluetooth.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.bluetooth.helper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-bluetooth.appex/Contents/XPCServices/bluetoothhelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.bluetooth.helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.diagnosticextensions.osx.bluetooth.helper", "name": "com.apple.diagnosticextensions.osx.bluetooth.helper.plist", "path": "/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.bluetooth.helper.plist", - "label": "com.apple.diagnosticextensions.osx.bluetooth.helper", "program": "/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-bluetooth.appex/Contents/XPCServices/bluetoothhelper", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticextensions.osx.bluetooth.helper\",\"name\":\"com.apple.diagnosticextensions.osx.bluetooth.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.bluetooth.helper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-bluetooth.appex/Contents/XPCServices/bluetoothhelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticextensions.osx.getmobilityinfo.helper\",\"name\":\"com.apple.diagnosticextensions.osx.getmobilityinfo.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.getmobilityinfo.helper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-getmobilityinfo.appex/Contents/XPCServices/getmobilityinfohelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.getmobilityinfo.helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.diagnosticextensions.osx.getmobilityinfo.helper", "name": "com.apple.diagnosticextensions.osx.getmobilityinfo.helper.plist", "path": "/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.getmobilityinfo.helper.plist", - "label": "com.apple.diagnosticextensions.osx.getmobilityinfo.helper", "program": "/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-getmobilityinfo.appex/Contents/XPCServices/getmobilityinfohelper", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticextensions.osx.getmobilityinfo.helper\",\"name\":\"com.apple.diagnosticextensions.osx.getmobilityinfo.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.getmobilityinfo.helper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-getmobilityinfo.appex/Contents/XPCServices/getmobilityinfohelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticextensions.osx.spotlight.helper\",\"name\":\"com.apple.diagnosticextensions.osx.spotlight.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.spotlight.helper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-spotlight.appex/Contents/XPCServices/spotlighthelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.spotlight.helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.diagnosticextensions.osx.spotlight.helper", "name": "com.apple.diagnosticextensions.osx.spotlight.helper.plist", "path": "/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.spotlight.helper.plist", - "label": "com.apple.diagnosticextensions.osx.spotlight.helper", "program": "/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-spotlight.appex/Contents/XPCServices/spotlighthelper", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticextensions.osx.spotlight.helper\",\"name\":\"com.apple.diagnosticextensions.osx.spotlight.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.spotlight.helper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-spotlight.appex/Contents/XPCServices/spotlighthelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticextensions.osx.timemachine.helper\",\"name\":\"com.apple.diagnosticextensions.osx.timemachine.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.timemachine.helper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-timemachine.appex/Contents/XPCServices/timemachinehelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.timemachine.helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.diagnosticextensions.osx.timemachine.helper", "name": "com.apple.diagnosticextensions.osx.timemachine.helper.plist", "path": "/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.timemachine.helper.plist", - "label": "com.apple.diagnosticextensions.osx.timemachine.helper", "program": "/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-timemachine.appex/Contents/XPCServices/timemachinehelper", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticextensions.osx.timemachine.helper\",\"name\":\"com.apple.diagnosticextensions.osx.timemachine.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.timemachine.helper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-timemachine.appex/Contents/XPCServices/timemachinehelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticextensions.osx.wifi.helper\",\"name\":\"com.apple.diagnosticextensions.osx.wifi.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.wifi.helper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-WiFiDiagnose.appex/Contents/XPCServices/wifihelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.wifi.helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.diagnosticextensions.osx.wifi.helper", "name": "com.apple.diagnosticextensions.osx.wifi.helper.plist", "path": "/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.wifi.helper.plist", - "label": "com.apple.diagnosticextensions.osx.wifi.helper", "program": "/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-WiFiDiagnose.appex/Contents/XPCServices/wifihelper", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diagnosticextensions.osx.wifi.helper\",\"name\":\"com.apple.diagnosticextensions.osx.wifi.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diagnosticextensions.osx.wifi.helper.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/DiagnosticExtensions.framework/PlugIns/osx-WiFiDiagnose.appex/Contents/XPCServices/wifihelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.diskarbitrationd\",\"name\":\"com.apple.diskarbitrationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diskarbitrationd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/diskarbitrationd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.diskarbitrationd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.apple.diskarbitrationd", "name": "com.apple.diskarbitrationd.plist", "path": "/System/Library/LaunchDaemons/com.apple.diskarbitrationd.plist", - "label": "com.apple.diskarbitrationd", - "program": "/usr/libexec/diskarbitrationd", - "keep_alive": "1" + "program": "/usr/libexec/diskarbitrationd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.diskarbitrationd\",\"name\":\"com.apple.diskarbitrationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diskarbitrationd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/diskarbitrationd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diskmanagementd\",\"name\":\"com.apple.diskmanagementd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diskmanagementd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/diskmanagementd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.diskmanagementd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/diskmanagementd", + "label": "com.apple.diskmanagementd", "name": "com.apple.diskmanagementd.plist", "path": "/System/Library/LaunchDaemons/com.apple.diskmanagementd.plist", - "label": "com.apple.diskmanagementd" + "program_arguments": "/usr/libexec/diskmanagementd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diskmanagementd\",\"name\":\"com.apple.diskmanagementd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diskmanagementd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/diskmanagementd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diskmanagementstartup\",\"name\":\"com.apple.diskmanagementstartup.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diskmanagementstartup.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/diskmanagementstartup\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.diskmanagementstartup.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/diskmanagementstartup", + "label": "com.apple.diskmanagementstartup", "name": "com.apple.diskmanagementstartup.plist", "path": "/System/Library/LaunchDaemons/com.apple.diskmanagementstartup.plist", "process_type": "Background", - "label": "com.apple.diskmanagementstartup" + "program_arguments": "/usr/libexec/diskmanagementstartup" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diskmanagementstartup\",\"name\":\"com.apple.diskmanagementstartup.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.diskmanagementstartup.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/diskmanagementstartup\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.displaypolicyd\",\"name\":\"com.apple.displaypolicyd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.displaypolicyd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/displaypolicyd -k 1\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/var/log/displaypolicyd.stdout.log\",\"stdout_path\":\"/var/log/displaypolicyd.stdout.log\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.displaypolicyd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/displaypolicyd -k 1", + "label": "com.apple.displaypolicyd", + "name": "com.apple.displaypolicyd.plist", "path": "/System/Library/LaunchDaemons/com.apple.displaypolicyd.plist", - "stderr_path": "/var/log/displaypolicyd.stdout.log", - "stdout_path": "/var/log/displaypolicyd.stdout.log", + "program_arguments": "/usr/libexec/displaypolicyd -k 1", "run_at_load": "1", - "name": "com.apple.displaypolicyd.plist", - "label": "com.apple.displaypolicyd" + "stderr_path": "/var/log/displaypolicyd.stdout.log", + "stdout_path": "/var/log/displaypolicyd.stdout.log" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.displaypolicyd\",\"name\":\"com.apple.displaypolicyd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.displaypolicyd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/displaypolicyd -k 1\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/var/log/displaypolicyd.stdout.log\",\"stdout_path\":\"/var/log/displaypolicyd.stdout.log\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_distnote\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.distnoted.xpc.daemon\",\"name\":\"com.apple.distnoted.xpc.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.distnoted.xpc.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/distnoted daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_distnote\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.distnoted.xpc.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/distnoted daemon", + "groupname": "_distnote", + "label": "com.apple.distnoted.xpc.daemon", "name": "com.apple.distnoted.xpc.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.distnoted.xpc.daemon.plist", - "label": "com.apple.distnoted.xpc.daemon", - "groupname": "_distnote", + "program_arguments": "/usr/sbin/distnoted daemon", "username": "_distnote" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_distnote\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.distnoted.xpc.daemon\",\"name\":\"com.apple.distnoted.xpc.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.distnoted.xpc.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/distnoted daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_distnote\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dmd\",\"name\":\"com.apple.dmd.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dmd.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/dmd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.dmd.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/dmd", + "label": "com.apple.dmd", "name": "com.apple.dmd.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.dmd.daemon.plist", - "label": "com.apple.dmd", + "program_arguments": "/usr/libexec/dmd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dmd\",\"name\":\"com.apple.dmd.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dmd.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/dmd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dnsextd\",\"name\":\"com.apple.dnsextd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dnsextd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/dnsextd -launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.dnsextd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/dnsextd -launchd", + "disabled": "1", + "label": "com.apple.dnsextd", "name": "com.apple.dnsextd.plist", "path": "/System/Library/LaunchDaemons/com.apple.dnsextd.plist", - "disabled": "1", - "label": "com.apple.dnsextd" + "program_arguments": "/usr/sbin/dnsextd -launchd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dnsextd\",\"name\":\"com.apple.dnsextd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dnsextd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/dnsextd -launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dpaudiothru\",\"name\":\"com.apple.dpaudiothru.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dpaudiothru.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/dpaudiothru\",\"program_arguments\":\"dpaudiothru -service\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.dpaudiothru.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "dpaudiothru -service", + "label": "com.apple.dpaudiothru", "name": "com.apple.dpaudiothru.plist", "path": "/System/Library/LaunchDaemons/com.apple.dpaudiothru.plist", - "label": "com.apple.dpaudiothru", - "program": "/usr/libexec/dpaudiothru" + "program": "/usr/libexec/dpaudiothru", + "program_arguments": "dpaudiothru -service" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dpaudiothru\",\"name\":\"com.apple.dpaudiothru.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dpaudiothru.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/dpaudiothru\",\"program_arguments\":\"dpaudiothru -service\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dpd\",\"name\":\"com.apple.dpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dpd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/dpd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.dpd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/dpd", + "label": "com.apple.dpd", "name": "com.apple.dpd.plist", "path": "/System/Library/LaunchDaemons/com.apple.dpd.plist", - "label": "com.apple.dpd" + "program_arguments": "/usr/libexec/dpd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dpd\",\"name\":\"com.apple.dpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dpd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/dpd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dprivacyd\",\"name\":\"com.apple.dprivacyd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dprivacyd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/dprivacyd\",\"program_arguments\":\"/usr/libexec/dprivacyd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.dprivacyd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/dprivacyd", + "label": "com.apple.dprivacyd", "name": "com.apple.dprivacyd.plist", "path": "/System/Library/LaunchDaemons/com.apple.dprivacyd.plist", "process_type": "Adaptive", - "label": "com.apple.dprivacyd", - "program": "/usr/libexec/dprivacyd" + "program": "/usr/libexec/dprivacyd", + "program_arguments": "/usr/libexec/dprivacyd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dprivacyd\",\"name\":\"com.apple.dprivacyd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dprivacyd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/dprivacyd\",\"program_arguments\":\"/usr/libexec/dprivacyd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.driver.eficheck\",\"name\":\"com.apple.driver.eficheck.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.driver.eficheck.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.driver.eficheck.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon", + "label": "com.apple.driver.eficheck", "name": "com.apple.driver.eficheck.plist", "path": "/System/Library/LaunchDaemons/com.apple.driver.eficheck.plist", "process_type": "Background", - "label": "com.apple.driver.eficheck" + "program_arguments": "/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.driver.eficheck\",\"name\":\"com.apple.driver.eficheck.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.driver.eficheck.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.driver.ethcheck\",\"name\":\"com.apple.driver.ethcheck.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.driver.ethcheck.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/firmwarecheckers/ethcheck/ethcheck --integrity-check-daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.driver.ethcheck.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/firmwarecheckers/ethcheck/ethcheck --integrity-check-daemon", + "label": "com.apple.driver.ethcheck", "name": "com.apple.driver.ethcheck.plist", "path": "/System/Library/LaunchDaemons/com.apple.driver.ethcheck.plist", "process_type": "Background", - "label": "com.apple.driver.ethcheck" + "program_arguments": "/usr/libexec/firmwarecheckers/ethcheck/ethcheck --integrity-check-daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.driver.ethcheck\",\"name\":\"com.apple.driver.ethcheck.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.driver.ethcheck.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/firmwarecheckers/ethcheck/ethcheck --integrity-check-daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dspluginhelperd\",\"name\":\"com.apple.dspluginhelperd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dspluginhelperd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/dspluginhelperd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.dspluginhelperd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.dspluginhelperd", "name": "com.apple.dspluginhelperd.plist", "path": "/System/Library/LaunchDaemons/com.apple.dspluginhelperd.plist", - "label": "com.apple.dspluginhelperd", "program": "/usr/libexec/dspluginhelperd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dspluginhelperd\",\"name\":\"com.apple.dspluginhelperd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dspluginhelperd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/dspluginhelperd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dvdplayback.setregion\",\"name\":\"com.apple.dvdplayback.setregion.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dvdplayback.setregion.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/bin/setregion\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.dvdplayback.setregion.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/bin/setregion", + "label": "com.apple.dvdplayback.setregion", "name": "com.apple.dvdplayback.setregion.plist", "path": "/System/Library/LaunchDaemons/com.apple.dvdplayback.setregion.plist", "process_type": "Interactive", - "label": "com.apple.dvdplayback.setregion" + "program_arguments": "/usr/bin/setregion" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dvdplayback.setregion\",\"name\":\"com.apple.dvdplayback.setregion.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dvdplayback.setregion.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/bin/setregion\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dynamic_pager\",\"name\":\"com.apple.dynamic_pager.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dynamic_pager.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/sbin/dynamic_pager\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.dynamic_pager.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/sbin/dynamic_pager", + "label": "com.apple.dynamic_pager", "name": "com.apple.dynamic_pager.plist", "path": "/System/Library/LaunchDaemons/com.apple.dynamic_pager.plist", - "label": "com.apple.dynamic_pager" + "program_arguments": "/sbin/dynamic_pager" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dynamic_pager\",\"name\":\"com.apple.dynamic_pager.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.dynamic_pager.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/sbin/dynamic_pager\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.eapolcfg_auth\",\"name\":\"com.apple.eapolcfg_auth.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.eapolcfg_auth.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/EAP8021X.framework/Resources/eapolcfg_auth\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.eapolcfg_auth.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.eapolcfg_auth", "name": "com.apple.eapolcfg_auth.plist", "path": "/System/Library/LaunchDaemons/com.apple.eapolcfg_auth.plist", - "label": "com.apple.eapolcfg_auth", "program": "/System/Library/PrivateFrameworks/EAP8021X.framework/Resources/eapolcfg_auth" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.eapolcfg_auth\",\"name\":\"com.apple.eapolcfg_auth.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.eapolcfg_auth.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/EAP8021X.framework/Resources/eapolcfg_auth\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.efilogin-helper\",\"name\":\"com.apple.efilogin-helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.efilogin-helper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.efilogin-helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper", + "label": "com.apple.efilogin-helper", "name": "com.apple.efilogin-helper.plist", "path": "/System/Library/LaunchDaemons/com.apple.efilogin-helper.plist", - "label": "com.apple.efilogin-helper", + "program_arguments": "/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper", "username": "root" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.efilogin-helper\",\"name\":\"com.apple.efilogin-helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.efilogin-helper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.emlog\",\"name\":\"com.apple.emlog.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.emlog.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/emlog.pl\",\"program_arguments\":\"/usr/libexec/emlog.pl -l\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.emlog.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/emlog.pl -l", - "name": "com.apple.emlog.plist", - "path": "/System/Library/LaunchDaemons/com.apple.emlog.plist", "disabled": "1", "label": "com.apple.emlog", - "program": "/usr/libexec/emlog.pl" + "name": "com.apple.emlog.plist", + "path": "/System/Library/LaunchDaemons/com.apple.emlog.plist", + "program": "/usr/libexec/emlog.pl", + "program_arguments": "/usr/libexec/emlog.pl -l" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.emlog\",\"name\":\"com.apple.emlog.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.emlog.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/emlog.pl\",\"program_arguments\":\"/usr/libexec/emlog.pl -l\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.emond.aslmanager\",\"name\":\"com.apple.emond.aslmanager.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.emond.aslmanager.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/aslmanager -s /var/log/eventmonitor\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.emond.aslmanager.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/aslmanager -s /var/log/eventmonitor", + "disabled": "0", + "label": "com.apple.emond.aslmanager", "name": "com.apple.emond.aslmanager.plist", "path": "/System/Library/LaunchDaemons/com.apple.emond.aslmanager.plist", - "disabled": "0", - "label": "com.apple.emond.aslmanager" + "program_arguments": "/usr/sbin/aslmanager -s /var/log/eventmonitor" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.emond.aslmanager\",\"name\":\"com.apple.emond.aslmanager.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.emond.aslmanager.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/aslmanager -s /var/log/eventmonitor\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.emond\",\"name\":\"com.apple.emond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.emond.plist\",\"process_type\":\"\",\"program\":\"/sbin/emond\",\"program_arguments\":\"/sbin/emond\",\"queue_directories\":\"/private/var/db/emondClients\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.emond.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/sbin/emond", - "path": "/System/Library/LaunchDaemons/com.apple.emond.plist", - "name": "com.apple.emond.plist", "disabled": "0", "label": "com.apple.emond", + "name": "com.apple.emond.plist", + "path": "/System/Library/LaunchDaemons/com.apple.emond.plist", "program": "/sbin/emond", + "program_arguments": "/sbin/emond", "queue_directories": "/private/var/db/emondClients" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.emond\",\"name\":\"com.apple.emond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.emond.plist\",\"process_type\":\"\",\"program\":\"/sbin/emond\",\"program_arguments\":\"/sbin/emond\",\"queue_directories\":\"/private/var/db/emondClients\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.eoshostd\",\"name\":\"com.apple.eoshostd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.eoshostd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/eoshostd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.eoshostd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/eoshostd", + "label": "com.apple.eoshostd", "name": "com.apple.eoshostd.plist", "path": "/System/Library/LaunchDaemons/com.apple.eoshostd.plist", - "label": "com.apple.eoshostd" + "program_arguments": "/usr/libexec/eoshostd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.eoshostd\",\"name\":\"com.apple.eoshostd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.eoshostd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/eoshostd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AEServer\",\"name\":\"com.apple.eppc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.eppc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/AE.framework/Versions/A/Support/AEServer --debug\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_eppc\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.eppc.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/AE.framework/Versions/A/Support/AEServer --debug", - "name": "com.apple.eppc.plist", - "path": "/System/Library/LaunchDaemons/com.apple.eppc.plist", "disabled": "1", "label": "com.apple.AEServer", + "name": "com.apple.eppc.plist", + "path": "/System/Library/LaunchDaemons/com.apple.eppc.plist", + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/AE.framework/Versions/A/Support/AEServer --debug", "username": "_eppc" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AEServer\",\"name\":\"com.apple.eppc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.eppc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/AE.framework/Versions/A/Support/AEServer --debug\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_eppc\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.familycontrols\",\"name\":\"com.apple.familycontrols.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.familycontrols.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/parentalcontrolsd\",\"queue_directories\":\"/Library/Application Support/Apple/ParentalControls/ALRHelperJobs\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.familycontrols.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/parentalcontrolsd", + "label": "com.apple.familycontrols", "name": "com.apple.familycontrols.plist", "path": "/System/Library/LaunchDaemons/com.apple.familycontrols.plist", - "label": "com.apple.familycontrols", + "program_arguments": "/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/parentalcontrolsd", "queue_directories": "/Library/Application Support/Apple/ParentalControls/ALRHelperJobs" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.familycontrols\",\"name\":\"com.apple.familycontrols.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.familycontrols.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/parentalcontrolsd\",\"queue_directories\":\"/Library/Application Support/Apple/ParentalControls/ALRHelperJobs\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.findmymacd\",\"name\":\"com.apple.findmymac.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.findmymac.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FindMyMac.framework/Resources/FindMyMacd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.findmymac.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.findmymacd", "name": "com.apple.findmymac.plist", "path": "/System/Library/LaunchDaemons/com.apple.findmymac.plist", - "label": "com.apple.findmymacd", "program": "/System/Library/PrivateFrameworks/FindMyMac.framework/Resources/FindMyMacd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.findmymacd\",\"name\":\"com.apple.findmymac.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.findmymac.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FindMyMac.framework/Resources/FindMyMacd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.findmymacmessenger\",\"name\":\"com.apple.findmymacmessenger.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.findmymacmessenger.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FindMyMac.framework/Resources/FindMyMacMessenger.app/Contents/MacOS/FindMyMacMessenger\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.findmymacmessenger.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.findmymacmessenger", "name": "com.apple.findmymacmessenger.plist", "path": "/System/Library/LaunchDaemons/com.apple.findmymacmessenger.plist", - "label": "com.apple.findmymacmessenger", "program": "/System/Library/PrivateFrameworks/FindMyMac.framework/Resources/FindMyMacMessenger.app/Contents/MacOS/FindMyMacMessenger" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.findmymacmessenger\",\"name\":\"com.apple.findmymacmessenger.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.findmymacmessenger.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FindMyMac.framework/Resources/FindMyMacMessenger.app/Contents/MacOS/FindMyMacMessenger\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.firmwaresyncd\",\"name\":\"com.apple.firmwaresyncd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.firmwaresyncd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/firmwaresyncd\",\"program_arguments\":\"firmwaresyncd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.firmwaresyncd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "firmwaresyncd", + "label": "com.apple.firmwaresyncd", "name": "com.apple.firmwaresyncd.plist", "path": "/System/Library/LaunchDaemons/com.apple.firmwaresyncd.plist", - "label": "com.apple.firmwaresyncd", "program": "/usr/libexec/firmwaresyncd", + "program_arguments": "firmwaresyncd", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.firmwaresyncd\",\"name\":\"com.apple.firmwaresyncd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.firmwaresyncd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/firmwaresyncd\",\"program_arguments\":\"firmwaresyncd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_atsserver\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.fontd\",\"name\":\"com.apple.fontd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.fontd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/fontd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_atsserver\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.fontd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/fontd", + "groupname": "_atsserver", + "label": "com.apple.fontd", "name": "com.apple.fontd.plist", "path": "/System/Library/LaunchDaemons/com.apple.fontd.plist", - "label": "com.apple.fontd", - "groupname": "_atsserver", + "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/fontd", "username": "_atsserver" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_atsserver\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.fontd\",\"name\":\"com.apple.fontd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.fontd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/fontd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_atsserver\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.fontmover\",\"name\":\"com.apple.fontmover.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.fontmover.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/fontmover -d\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.fontmover.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/fontmover -d", + "label": "com.apple.fontmover", "name": "com.apple.fontmover.plist", "path": "/System/Library/LaunchDaemons/com.apple.fontmover.plist", - "label": "com.apple.fontmover" + "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/fontmover -d" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.fontmover\",\"name\":\"com.apple.fontmover.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.fontmover.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/fontmover -d\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_fpsd\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.fpsd\",\"name\":\"com.apple.fpsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.fpsd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CoreFP.framework/Versions/A/fpsd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_fpsd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.fpsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "path": "/System/Library/LaunchDaemons/com.apple.fpsd.plist", - "run_at_load": "0", - "name": "com.apple.fpsd.plist", + "groupname": "_fpsd", "label": "com.apple.fpsd", + "name": "com.apple.fpsd.plist", + "path": "/System/Library/LaunchDaemons/com.apple.fpsd.plist", "program": "/System/Library/PrivateFrameworks/CoreFP.framework/Versions/A/fpsd", - "groupname": "_fpsd", + "run_at_load": "0", "username": "_fpsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_fpsd\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.fpsd\",\"name\":\"com.apple.fpsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.fpsd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CoreFP.framework/Versions/A/fpsd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_fpsd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.fseventsd\",\"name\":\"com.apple.fseventsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.fseventsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.fseventsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd", + "keep_alive": "1", + "label": "com.apple.fseventsd", "name": "com.apple.fseventsd.plist", "path": "/System/Library/LaunchDaemons/com.apple.fseventsd.plist", - "label": "com.apple.fseventsd", - "keep_alive": "1" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.fseventsd\",\"name\":\"com.apple.fseventsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.fseventsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ftp-proxy\",\"name\":\"com.apple.ftp-proxy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ftp-proxy.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/ftp-proxy\",\"program_arguments\":\"ftp-proxy -p -n -V -D3 -t1800\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_ftp\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ftp-proxy.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "ftp-proxy -p -n -V -D3 -t1800", - "path": "/System/Library/LaunchDaemons/com.apple.ftp-proxy.plist", - "name": "com.apple.ftp-proxy.plist", "disabled": "1", "label": "com.apple.ftp-proxy", + "name": "com.apple.ftp-proxy.plist", + "path": "/System/Library/LaunchDaemons/com.apple.ftp-proxy.plist", "program": "/usr/libexec/ftp-proxy", + "program_arguments": "ftp-proxy -p -n -V -D3 -t1800", "username": "_ftp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ftp-proxy\",\"name\":\"com.apple.ftp-proxy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ftp-proxy.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/ftp-proxy\",\"program_arguments\":\"ftp-proxy -p -n -V -D3 -t1800\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_ftp\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.getty\",\"name\":\"com.apple.getty.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.getty.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/getty std.9600 console\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.getty.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/getty std.9600 console", - "name": "com.apple.getty.plist", - "path": "/System/Library/LaunchDaemons/com.apple.getty.plist", "disabled": "1", + "keep_alive": "1", "label": "com.apple.getty", - "keep_alive": "1" + "name": "com.apple.getty.plist", + "path": "/System/Library/LaunchDaemons/com.apple.getty.plist", + "program_arguments": "/usr/libexec/getty std.9600 console" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.getty\",\"name\":\"com.apple.getty.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.getty.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/getty std.9600 console\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.gkreport\",\"name\":\"com.apple.gkreport.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.gkreport.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/gkreport\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.gkreport.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/gkreport", + "label": "com.apple.gkreport", "name": "com.apple.gkreport.plist", "path": "/System/Library/LaunchDaemons/com.apple.gkreport.plist", - "label": "com.apple.gkreport" + "program_arguments": "/usr/libexec/gkreport" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.gkreport\",\"name\":\"com.apple.gkreport.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.gkreport.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/gkreport\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.gssd\",\"name\":\"com.apple.gssd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.gssd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/gssd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.gssd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/gssd", + "label": "com.apple.gssd", "name": "com.apple.gssd.plist", "path": "/System/Library/LaunchDaemons/com.apple.gssd.plist", - "label": "com.apple.gssd" + "program_arguments": "/usr/sbin/gssd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.gssd\",\"name\":\"com.apple.gssd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.gssd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/gssd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.hdiejectd\",\"name\":\"com.apple.hdiejectd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.hdiejectd.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.hdiejectd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd", + "label": "com.apple.hdiejectd", "name": "com.apple.hdiejectd.plist", "path": "/System/Library/LaunchDaemons/com.apple.hdiejectd.plist", "process_type": "Background", - "label": "com.apple.hdiejectd" + "program_arguments": "/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.hdiejectd\",\"name\":\"com.apple.hdiejectd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.hdiejectd.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.hidd\",\"name\":\"com.apple.hidd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.hidd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/hidd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_hidd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.hidd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/hidd", + "keep_alive": "1", + "label": "com.apple.hidd", "name": "com.apple.hidd.plist", "path": "/System/Library/LaunchDaemons/com.apple.hidd.plist", - "label": "com.apple.hidd", - "keep_alive": "1", + "program_arguments": "/usr/libexec/hidd", "username": "_hidd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.hidd\",\"name\":\"com.apple.hidd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.hidd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/hidd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_hidd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.icloud.findmydeviced\",\"name\":\"com.apple.icloud.findmydeviced.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.icloud.findmydeviced.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/findmydeviced\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.icloud.findmydeviced.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.icloud.findmydeviced", "name": "com.apple.icloud.findmydeviced.plist", "path": "/System/Library/LaunchDaemons/com.apple.icloud.findmydeviced.plist", - "label": "com.apple.icloud.findmydeviced", "program": "/usr/libexec/findmydeviced" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.icloud.findmydeviced\",\"name\":\"com.apple.icloud.findmydeviced.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.icloud.findmydeviced.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/findmydeviced\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.iconservices.iconservicesagent\",\"name\":\"com.apple.iconservices.iconservicesagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.iconservices.iconservicesagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/iconservicesagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.iconservices.iconservicesagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/iconservicesagent", + "label": "com.apple.iconservices.iconservicesagent", "name": "com.apple.iconservices.iconservicesagent.plist", "path": "/System/Library/LaunchDaemons/com.apple.iconservices.iconservicesagent.plist", - "label": "com.apple.iconservices.iconservicesagent", + "program_arguments": "/System/Library/CoreServices/iconservicesagent", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.iconservices.iconservicesagent\",\"name\":\"com.apple.iconservices.iconservicesagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.iconservices.iconservicesagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/iconservicesagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.iconservices.iconservicesd\",\"name\":\"com.apple.iconservices.iconservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.iconservices.iconservicesd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/iconservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_iconservices\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.iconservices.iconservicesd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/iconservicesd", + "label": "com.apple.iconservices.iconservicesd", "name": "com.apple.iconservices.iconservicesd.plist", "path": "/System/Library/LaunchDaemons/com.apple.iconservices.iconservicesd.plist", - "label": "com.apple.iconservices.iconservicesd", + "program_arguments": "/System/Library/CoreServices/iconservicesd", "run_at_load": "1", "username": "_iconservices" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.iconservices.iconservicesd\",\"name\":\"com.apple.iconservices.iconservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.iconservices.iconservicesd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/iconservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_iconservices\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ifdreader\",\"name\":\"com.apple.ifdreader.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ifdreader.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ifdreader.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader", + "label": "com.apple.ifdreader", "name": "com.apple.ifdreader.plist", "path": "/System/Library/LaunchDaemons/com.apple.ifdreader.plist", - "label": "com.apple.ifdreader" + "program_arguments": "/System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ifdreader\",\"name\":\"com.apple.ifdreader.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ifdreader.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installandsetup.systemmigrationd\",\"name\":\"com.apple.installandsetup.systemmigrationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.installandsetup.systemmigrationd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd\",\"queue_directories\":\"/Library/SystemMigration/Queue\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.installandsetup.systemmigrationd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd", + "label": "com.apple.installandsetup.systemmigrationd", "name": "com.apple.installandsetup.systemmigrationd.plist", "path": "/System/Library/LaunchDaemons/com.apple.installandsetup.systemmigrationd.plist", - "label": "com.apple.installandsetup.systemmigrationd", + "program_arguments": "/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd", "queue_directories": "/Library/SystemMigration/Queue" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installandsetup.systemmigrationd\",\"name\":\"com.apple.installandsetup.systemmigrationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.installandsetup.systemmigrationd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd\",\"queue_directories\":\"/Library/SystemMigration/Queue\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installd\",\"name\":\"com.apple.installd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.installd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.installd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd", + "label": "com.apple.installd", "name": "com.apple.installd.plist", "path": "/System/Library/LaunchDaemons/com.apple.installd.plist", - "label": "com.apple.installd" + "program_arguments": "/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installd\",\"name\":\"com.apple.installd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.installd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ionodecache\",\"name\":\"com.apple.ionodecache.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ionodecache.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ionodecache -r -k 10 /var/db/ionodecache.json\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ionodecache.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/ionodecache -r -k 10 /var/db/ionodecache.json", + "label": "com.apple.ionodecache", "name": "com.apple.ionodecache.plist", "path": "/System/Library/LaunchDaemons/com.apple.ionodecache.plist", "process_type": "Background", - "label": "com.apple.ionodecache", + "program_arguments": "/System/Library/CoreServices/ionodecache -r -k 10 /var/db/ionodecache.json", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ionodecache\",\"name\":\"com.apple.ionodecache.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ionodecache.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ionodecache -r -k 10 /var/db/ionodecache.json\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"\",\"name\":\"com.apple.jetsamproperties.Mac.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.jetsamproperties.Mac.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.jetsamproperties.Mac.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { "name": "com.apple.jetsamproperties.Mac.plist", "path": "/System/Library/LaunchDaemons/com.apple.jetsamproperties.Mac.plist" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"\",\"name\":\"com.apple.jetsamproperties.Mac.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.jetsamproperties.Mac.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.kcproxy\",\"name\":\"com.apple.kcproxy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.kcproxy.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/kcproxy\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.kcproxy.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.kcproxy", "name": "com.apple.kcproxy.plist", "path": "/System/Library/LaunchDaemons/com.apple.kcproxy.plist", - "label": "com.apple.kcproxy", "program": "/usr/libexec/kcproxy" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.kcproxy\",\"name\":\"com.apple.kcproxy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.kcproxy.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/kcproxy\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.kdumpd\",\"name\":\"com.apple.kdumpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.kdumpd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/kdumpd /PanicDumps\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"nobody\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.kdumpd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/kdumpd /PanicDumps", - "name": "com.apple.kdumpd.plist", - "path": "/System/Library/LaunchDaemons/com.apple.kdumpd.plist", "disabled": "1", "label": "com.apple.kdumpd", + "name": "com.apple.kdumpd.plist", + "path": "/System/Library/LaunchDaemons/com.apple.kdumpd.plist", + "program_arguments": "/usr/libexec/kdumpd /PanicDumps", "username": "nobody" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, - "rule": { - "name": "pack_it-compliance_launchd" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.kdumpd\",\"name\":\"com.apple.kdumpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.kdumpd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/kdumpd /PanicDumps\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"nobody\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, + "rule": { + "name": "pack_it-compliance_launchd" + }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.kextd\",\"name\":\"com.apple.kextd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.kextd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/kextd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.kextd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/kextd", + "label": "com.apple.kextd", "name": "com.apple.kextd.plist", "path": "/System/Library/LaunchDaemons/com.apple.kextd.plist", - "label": "com.apple.kextd", + "program_arguments": "/usr/libexec/kextd", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.kextd\",\"name\":\"com.apple.kextd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.kextd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/kextd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.kuncd\",\"name\":\"com.apple.kuncd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.kuncd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/kuncd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.kuncd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/kuncd", + "label": "com.apple.kuncd", "name": "com.apple.kuncd.plist", "path": "/System/Library/LaunchDaemons/com.apple.kuncd.plist", - "label": "com.apple.kuncd" + "program_arguments": "/usr/libexec/kuncd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.kuncd\",\"name\":\"com.apple.kuncd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.kuncd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/kuncd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.locate\",\"name\":\"com.apple.locate.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.locate.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/locate.updatedb\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.locate.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/locate.updatedb", + "disabled": "1", + "label": "com.apple.locate", "name": "com.apple.locate.plist", "path": "/System/Library/LaunchDaemons/com.apple.locate.plist", - "disabled": "1", - "label": "com.apple.locate" + "program_arguments": "/usr/libexec/locate.updatedb" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.locate\",\"name\":\"com.apple.locate.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.locate.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/locate.updatedb\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_locationd\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.locationd\",\"name\":\"com.apple.locationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.locationd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/locationd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"86400\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_locationd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.locationd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/locationd", + "groupname": "_locationd", + "label": "com.apple.locationd", + "name": "com.apple.locationd.plist", "path": "/System/Library/LaunchDaemons/com.apple.locationd.plist", + "program_arguments": "/usr/libexec/locationd", "run_at_load": "0", "start_interval": "86400", - "name": "com.apple.locationd.plist", - "label": "com.apple.locationd", - "groupname": "_locationd", "username": "_locationd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_locationd\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.locationd\",\"name\":\"com.apple.locationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.locationd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/locationd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"86400\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_locationd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.lockd\",\"name\":\"com.apple.lockd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.lockd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/rpc.lockd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.lockd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/rpc.lockd", + "label": "com.apple.lockd", "name": "com.apple.lockd.plist", "path": "/System/Library/LaunchDaemons/com.apple.lockd.plist", - "label": "com.apple.lockd" + "program_arguments": "/usr/sbin/rpc.lockd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.lockd\",\"name\":\"com.apple.lockd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.lockd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/rpc.lockd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.logd\",\"name\":\"com.apple.logd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.logd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/logd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.logd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.apple.logd", "name": "com.apple.logd.plist", "path": "/System/Library/LaunchDaemons/com.apple.logd.plist", - "label": "com.apple.logd", "program": "/usr/libexec/logd", - "keep_alive": "1", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.logd\",\"name\":\"com.apple.logd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.logd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/logd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.logind\",\"name\":\"com.apple.logind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.logind.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/logind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.logind.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/logind", + "keep_alive": "1", + "label": "com.apple.logind", "name": "com.apple.logind.plist", "path": "/System/Library/LaunchDaemons/com.apple.logind.plist", - "label": "com.apple.logind", - "keep_alive": "1", + "program_arguments": "/System/Library/CoreServices/logind", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.logind\",\"name\":\"com.apple.logind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.logind.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/logind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.loginwindow\",\"name\":\"com.apple.loginwindow.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.loginwindow.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.loginwindow.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console", + "keep_alive": "1", + "label": "com.apple.loginwindow", "name": "com.apple.loginwindow.plist", "path": "/System/Library/LaunchDaemons/com.apple.loginwindow.plist", - "label": "com.apple.loginwindow", - "keep_alive": "1" + "program_arguments": "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.loginwindow\",\"name\":\"com.apple.loginwindow.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.loginwindow.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.logkextloadsd\",\"name\":\"com.apple.logkextloadsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.logkextloadsd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/logkextloadsd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.logkextloadsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.logkextloadsd", "name": "com.apple.logkextloadsd.plist", "path": "/System/Library/LaunchDaemons/com.apple.logkextloadsd.plist", - "label": "com.apple.logkextloadsd", "program": "/usr/libexec/logkextloadsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.logkextloadsd\",\"name\":\"com.apple.logkextloadsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.logkextloadsd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/logkextloadsd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.lsd\",\"name\":\"com.apple.lsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.lsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/lsd runAsRoot\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.lsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/lsd runAsRoot", + "label": "com.apple.lsd", "name": "com.apple.lsd.plist", "path": "/System/Library/LaunchDaemons/com.apple.lsd.plist", - "label": "com.apple.lsd" + "program_arguments": "/usr/libexec/lsd runAsRoot" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.lsd\",\"name\":\"com.apple.lsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.lsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/lsd runAsRoot\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_mdnsresponder\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mDNSResponder.reloaded\",\"name\":\"com.apple.mDNSResponder.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/mDNSResponder\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_mdnsresponder\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/mDNSResponder", + "groupname": "_mdnsresponder", + "label": "com.apple.mDNSResponder.reloaded", "name": "com.apple.mDNSResponder.plist", "path": "/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist", - "label": "com.apple.mDNSResponder.reloaded", - "groupname": "_mdnsresponder", + "program_arguments": "/usr/sbin/mDNSResponder", "username": "_mdnsresponder" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_mdnsresponder\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mDNSResponder.reloaded\",\"name\":\"com.apple.mDNSResponder.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/mDNSResponder\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_mdnsresponder\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mDNSResponderHelper.reloaded\",\"name\":\"com.apple.mDNSResponderHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mDNSResponderHelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/mDNSResponderHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.mDNSResponderHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/mDNSResponderHelper", + "label": "com.apple.mDNSResponderHelper.reloaded", "name": "com.apple.mDNSResponderHelper.plist", "path": "/System/Library/LaunchDaemons/com.apple.mDNSResponderHelper.plist", - "label": "com.apple.mDNSResponderHelper.reloaded" + "program_arguments": "/usr/sbin/mDNSResponderHelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mDNSResponderHelper.reloaded\",\"name\":\"com.apple.mDNSResponderHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mDNSResponderHelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/mDNSResponderHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mbsystemadministration\",\"name\":\"com.apple.mbsystemadministration.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mbsystemadministration.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbsystemadministration\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.mbsystemadministration.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbsystemadministration", + "label": "com.apple.mbsystemadministration", "name": "com.apple.mbsystemadministration.plist", "path": "/System/Library/LaunchDaemons/com.apple.mbsystemadministration.plist", - "label": "com.apple.mbsystemadministration", + "program_arguments": "/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbsystemadministration", "username": "root" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mbsystemadministration\",\"name\":\"com.apple.mbsystemadministration.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mbsystemadministration.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbsystemadministration\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mbusertrampoline\",\"name\":\"com.apple.mbusertrampoline.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mbusertrampoline.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbusertrampoline\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.mbusertrampoline.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbusertrampoline", + "label": "com.apple.mbusertrampoline", "name": "com.apple.mbusertrampoline.plist", "path": "/System/Library/LaunchDaemons/com.apple.mbusertrampoline.plist", - "label": "com.apple.mbusertrampoline", + "program_arguments": "/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbusertrampoline", "username": "root" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mbusertrampoline\",\"name\":\"com.apple.mbusertrampoline.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mbusertrampoline.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbusertrampoline\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdmclient.daemon\",\"name\":\"com.apple.mdmclient.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mdmclient.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/mdmclient daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.mdmclient.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/mdmclient daemon", + "label": "com.apple.mdmclient.daemon", "name": "com.apple.mdmclient.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.mdmclient.daemon.plist", - "label": "com.apple.mdmclient.daemon" + "program_arguments": "/usr/libexec/mdmclient daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdmclient.daemon\",\"name\":\"com.apple.mdmclient.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mdmclient.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/mdmclient daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdmclient.daemon.runatboot\",\"name\":\"com.apple.mdmclient.daemon.runatboot.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mdmclient.daemon.runatboot.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/mdmclient rundaemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.mdmclient.daemon.runatboot.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/mdmclient rundaemon", - "name": "com.apple.mdmclient.daemon.runatboot.plist", - "path": "/System/Library/LaunchDaemons/com.apple.mdmclient.daemon.runatboot.plist", "disabled": "1", "label": "com.apple.mdmclient.daemon.runatboot", + "name": "com.apple.mdmclient.daemon.runatboot.plist", + "path": "/System/Library/LaunchDaemons/com.apple.mdmclient.daemon.runatboot.plist", + "program_arguments": "/usr/libexec/mdmclient rundaemon", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdmclient.daemon.runatboot\",\"name\":\"com.apple.mdmclient.daemon.runatboot.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mdmclient.daemon.runatboot.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/mdmclient rundaemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mediaremoted\",\"name\":\"com.apple.mediaremoted.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mediaremoted.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.mediaremoted.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted", + "label": "com.apple.mediaremoted", "name": "com.apple.mediaremoted.plist", "path": "/System/Library/LaunchDaemons/com.apple.mediaremoted.plist", - "label": "com.apple.mediaremoted" + "program_arguments": "/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mediaremoted\",\"name\":\"com.apple.mediaremoted.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mediaremoted.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mds.index\",\"name\":\"com.apple.metadata.mds.index.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.metadata.mds.index.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mds_stores\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.metadata.mds.index.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mds_stores", + "label": "com.apple.metadata.mds.index", "name": "com.apple.metadata.mds.index.plist", "path": "/System/Library/LaunchDaemons/com.apple.metadata.mds.index.plist", - "label": "com.apple.metadata.mds.index" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mds_stores" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mds.index\",\"name\":\"com.apple.metadata.mds.index.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.metadata.mds.index.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mds_stores\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.metadata.mds\",\"name\":\"com.apple.metadata.mds.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.metadata.mds.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Support/mds\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.metadata.mds.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Support/mds", + "keep_alive": "1", + "label": "com.apple.metadata.mds", "name": "com.apple.metadata.mds.plist", "path": "/System/Library/LaunchDaemons/com.apple.metadata.mds.plist", - "label": "com.apple.metadata.mds", - "keep_alive": "1" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Support/mds" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.metadata.mds\",\"name\":\"com.apple.metadata.mds.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.metadata.mds.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Support/mds\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mds.scan\",\"name\":\"com.apple.metadata.mds.scan.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.metadata.mds.scan.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-scan -c MDSSyncScanWorker -m com.apple.metadata.mds.scan\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.metadata.mds.scan.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-scan -c MDSSyncScanWorker -m com.apple.metadata.mds.scan", + "label": "com.apple.metadata.mds.scan", "name": "com.apple.metadata.mds.scan.plist", "path": "/System/Library/LaunchDaemons/com.apple.metadata.mds.scan.plist", - "label": "com.apple.metadata.mds.scan" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-scan -c MDSSyncScanWorker -m com.apple.metadata.mds.scan" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mds.scan\",\"name\":\"com.apple.metadata.mds.scan.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.metadata.mds.scan.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-scan -c MDSSyncScanWorker -m com.apple.metadata.mds.scan\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mds.spindump\",\"name\":\"com.apple.metadata.mds.spindump.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.metadata.mds.spindump.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s none -c MDSSpinDumpWorker -m com.apple.metadata.mds.spindump\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.metadata.mds.spindump.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s none -c MDSSpinDumpWorker -m com.apple.metadata.mds.spindump", + "label": "com.apple.metadata.mds.spindump", "name": "com.apple.metadata.mds.spindump.plist", "path": "/System/Library/LaunchDaemons/com.apple.metadata.mds.spindump.plist", - "label": "com.apple.metadata.mds.spindump" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s none -c MDSSpinDumpWorker -m com.apple.metadata.mds.spindump" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mds.spindump\",\"name\":\"com.apple.metadata.mds.spindump.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.metadata.mds.spindump.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s none -c MDSSpinDumpWorker -m com.apple.metadata.mds.spindump\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mobile.keybagd\",\"name\":\"com.apple.mobile.keybagd.plist\",\"on_demand\":\"1\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mobile.keybagd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/keybagd -t 15\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.mobile.keybagd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/keybagd -t 15", + "label": "com.apple.mobile.keybagd", "name": "com.apple.mobile.keybagd.plist", + "on_demand": "1", "path": "/System/Library/LaunchDaemons/com.apple.mobile.keybagd.plist", - "label": "com.apple.mobile.keybagd", - "run_at_load": "1", - "on_demand": "1" + "program_arguments": "/usr/libexec/keybagd -t 15", + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mobile.keybagd\",\"name\":\"com.apple.mobile.keybagd.plist\",\"on_demand\":\"1\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mobile.keybagd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/keybagd -t 15\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mobileassetd\",\"name\":\"com.apple.mobileassetd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mobileassetd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/mobileassetd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.mobileassetd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/mobileassetd", + "label": "com.apple.mobileassetd", "name": "com.apple.mobileassetd.plist", "path": "/System/Library/LaunchDaemons/com.apple.mobileassetd.plist", - "label": "com.apple.mobileassetd" + "program_arguments": "/usr/libexec/mobileassetd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mobileassetd\",\"name\":\"com.apple.mobileassetd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.mobileassetd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/mobileassetd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.echosvc\",\"name\":\"com.apple.msrpc.echosvc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.echosvc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd echosvc.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.msrpc.echosvc.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/rpcsvchost -launchd echosvc.bundle", + "disabled": "1", + "label": "com.apple.msrpc.echosvc", "name": "com.apple.msrpc.echosvc.plist", "path": "/System/Library/LaunchDaemons/com.apple.msrpc.echosvc.plist", - "disabled": "1", - "label": "com.apple.msrpc.echosvc" + "program_arguments": "/usr/libexec/rpcsvchost -launchd echosvc.bundle" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.echosvc\",\"name\":\"com.apple.msrpc.echosvc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.echosvc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd echosvc.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.lsarpc\",\"name\":\"com.apple.msrpc.lsarpc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.lsarpc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd -sandbox lsarpc.bundle dssetup.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.msrpc.lsarpc.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/rpcsvchost -launchd -sandbox lsarpc.bundle dssetup.bundle", + "label": "com.apple.msrpc.lsarpc", "name": "com.apple.msrpc.lsarpc.plist", "path": "/System/Library/LaunchDaemons/com.apple.msrpc.lsarpc.plist", - "label": "com.apple.msrpc.lsarpc" + "program_arguments": "/usr/libexec/rpcsvchost -launchd -sandbox lsarpc.bundle dssetup.bundle" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.lsarpc\",\"name\":\"com.apple.msrpc.lsarpc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.lsarpc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd -sandbox lsarpc.bundle dssetup.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.mdssvc\",\"name\":\"com.apple.msrpc.mdssvc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.mdssvc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd -sandbox mdssvc.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.msrpc.mdssvc.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/rpcsvchost -launchd -sandbox mdssvc.bundle", + "label": "com.apple.msrpc.mdssvc", "name": "com.apple.msrpc.mdssvc.plist", "path": "/System/Library/LaunchDaemons/com.apple.msrpc.mdssvc.plist", - "label": "com.apple.msrpc.mdssvc" + "program_arguments": "/usr/libexec/rpcsvchost -launchd -sandbox mdssvc.bundle" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.mdssvc\",\"name\":\"com.apple.msrpc.mdssvc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.mdssvc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd -sandbox mdssvc.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.netlogon\",\"name\":\"com.apple.msrpc.netlogon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.netlogon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd netlogon.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.msrpc.netlogon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/rpcsvchost -launchd netlogon.bundle", + "label": "com.apple.msrpc.netlogon", "name": "com.apple.msrpc.netlogon.plist", "path": "/System/Library/LaunchDaemons/com.apple.msrpc.netlogon.plist", - "label": "com.apple.msrpc.netlogon" + "program_arguments": "/usr/libexec/rpcsvchost -launchd netlogon.bundle" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.netlogon\",\"name\":\"com.apple.msrpc.netlogon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.netlogon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd netlogon.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.srvsvc\",\"name\":\"com.apple.msrpc.srvsvc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.srvsvc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd -sandbox srvsvc.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.msrpc.srvsvc.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/rpcsvchost -launchd -sandbox srvsvc.bundle", + "label": "com.apple.msrpc.srvsvc", "name": "com.apple.msrpc.srvsvc.plist", "path": "/System/Library/LaunchDaemons/com.apple.msrpc.srvsvc.plist", - "label": "com.apple.msrpc.srvsvc" + "program_arguments": "/usr/libexec/rpcsvchost -launchd -sandbox srvsvc.bundle" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.srvsvc\",\"name\":\"com.apple.msrpc.srvsvc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.srvsvc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd -sandbox srvsvc.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.wkssvc\",\"name\":\"com.apple.msrpc.wkssvc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.wkssvc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd -sandbox wkssvc.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"nobody\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.msrpc.wkssvc.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/rpcsvchost -launchd -sandbox wkssvc.bundle", + "label": "com.apple.msrpc.wkssvc", "name": "com.apple.msrpc.wkssvc.plist", "path": "/System/Library/LaunchDaemons/com.apple.msrpc.wkssvc.plist", - "label": "com.apple.msrpc.wkssvc", + "program_arguments": "/usr/libexec/rpcsvchost -launchd -sandbox wkssvc.bundle", "username": "nobody" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.msrpc.wkssvc\",\"name\":\"com.apple.msrpc.wkssvc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.msrpc.wkssvc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rpcsvchost -launchd -sandbox wkssvc.bundle\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"nobody\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.multiversed\",\"name\":\"com.apple.multiversed.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.multiversed.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/multiversed\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.multiversed.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/multiversed", + "label": "com.apple.multiversed", "name": "com.apple.multiversed.plist", "path": "/System/Library/LaunchDaemons/com.apple.multiversed.plist", - "label": "com.apple.multiversed" + "program_arguments": "/usr/libexec/multiversed" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.multiversed\",\"name\":\"com.apple.multiversed.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.multiversed.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/multiversed\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nehelper\",\"name\":\"com.apple.nehelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nehelper.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/nehelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.nehelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.nehelper", "name": "com.apple.nehelper.plist", "path": "/System/Library/LaunchDaemons/com.apple.nehelper.plist", "process_type": "Adaptive", - "label": "com.apple.nehelper", "program": "/usr/libexec/nehelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nehelper\",\"name\":\"com.apple.nehelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nehelper.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/nehelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nesessionmanager\",\"name\":\"com.apple.nesessionmanager.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nesessionmanager.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/nesessionmanager\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.nesessionmanager.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.nesessionmanager", "name": "com.apple.nesessionmanager.plist", "path": "/System/Library/LaunchDaemons/com.apple.nesessionmanager.plist", "process_type": "Adaptive", - "label": "com.apple.nesessionmanager", "program": "/usr/libexec/nesessionmanager" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nesessionmanager\",\"name\":\"com.apple.nesessionmanager.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nesessionmanager.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/nesessionmanager\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.netauth.sys.auth\",\"name\":\"com.apple.netauth.sys.auth.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.netauth.sys.auth.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent --sys\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.netauth.sys.auth.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent --sys", + "label": "com.apple.netauth.sys.auth", "name": "com.apple.netauth.sys.auth.plist", "path": "/System/Library/LaunchDaemons/com.apple.netauth.sys.auth.plist", - "label": "com.apple.netauth.sys.auth" + "program_arguments": "/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent --sys" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.netauth.sys.auth\",\"name\":\"com.apple.netauth.sys.auth.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.netauth.sys.auth.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent --sys\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.netauth.sys.gui\",\"name\":\"com.apple.netauth.sys.gui.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.netauth.sys.gui.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent --sys\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.netauth.sys.gui.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent --sys", + "label": "com.apple.netauth.sys.gui", "name": "com.apple.netauth.sys.gui.plist", "path": "/System/Library/LaunchDaemons/com.apple.netauth.sys.gui.plist", - "label": "com.apple.netauth.sys.gui" + "program_arguments": "/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent --sys" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.netauth.sys.gui\",\"name\":\"com.apple.netauth.sys.gui.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.netauth.sys.gui.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent --sys\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.netbiosd\",\"name\":\"com.apple.netbiosd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.netbiosd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/netbiosd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_netbios\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.netbiosd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/netbiosd", - "name": "com.apple.netbiosd.plist", - "path": "/System/Library/LaunchDaemons/com.apple.netbiosd.plist", "disabled": "0", "label": "com.apple.netbiosd", + "name": "com.apple.netbiosd.plist", + "path": "/System/Library/LaunchDaemons/com.apple.netbiosd.plist", + "program_arguments": "/usr/sbin/netbiosd", "username": "_netbios" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.netbiosd\",\"name\":\"com.apple.netbiosd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.netbiosd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/netbiosd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_netbios\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.newsyslog\",\"name\":\"com.apple.newsyslog.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.newsyslog.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/newsyslog\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.newsyslog.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/newsyslog", + "label": "com.apple.newsyslog", "name": "com.apple.newsyslog.plist", "path": "/System/Library/LaunchDaemons/com.apple.newsyslog.plist", - "label": "com.apple.newsyslog" + "program_arguments": "/usr/sbin/newsyslog" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, - "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "epoch": "0", + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.newsyslog\",\"name\":\"com.apple.newsyslog.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.newsyslog.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/newsyslog\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nfcd\",\"name\":\"com.apple.nfcd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nfcd.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/libexec/nfcd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_applepay\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.nfcd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.nfcd", "name": "com.apple.nfcd.plist", "path": "/System/Library/LaunchDaemons/com.apple.nfcd.plist", "process_type": "Interactive", - "label": "com.apple.nfcd", "program": "/usr/libexec/nfcd", "username": "_applepay" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nfcd\",\"name\":\"com.apple.nfcd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nfcd.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/libexec/nfcd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_applepay\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nfrestore_service\",\"name\":\"com.apple.nfrestore.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nfrestore.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/nfrestore_service\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_applepay\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.nfrestore.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.nfrestore_service", "name": "com.apple.nfrestore.plist", "path": "/System/Library/LaunchDaemons/com.apple.nfrestore.plist", "process_type": "Adaptive", - "label": "com.apple.nfrestore_service", "program": "/usr/libexec/nfrestore_service", "username": "_applepay" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nfrestore_service\",\"name\":\"com.apple.nfrestore.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nfrestore.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/nfrestore_service\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_applepay\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nfsconf\",\"name\":\"com.apple.nfsconf.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nfsconf.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/sbin/mount_nfs configupdate\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/etc/nfs.conf\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.nfsconf.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/sbin/mount_nfs configupdate", - "watch_paths": "/etc/nfs.conf", + "label": "com.apple.nfsconf", "name": "com.apple.nfsconf.plist", "path": "/System/Library/LaunchDaemons/com.apple.nfsconf.plist", - "label": "com.apple.nfsconf", - "run_at_load": "1" + "program_arguments": "/sbin/mount_nfs configupdate", + "run_at_load": "1", + "watch_paths": "/etc/nfs.conf" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nfsconf\",\"name\":\"com.apple.nfsconf.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nfsconf.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/sbin/mount_nfs configupdate\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/etc/nfs.conf\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nfsd\",\"name\":\"com.apple.nfsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nfsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/sbin/nfsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.nfsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/sbin/nfsd", + "label": "com.apple.nfsd", "name": "com.apple.nfsd.plist", "path": "/System/Library/LaunchDaemons/com.apple.nfsd.plist", - "label": "com.apple.nfsd" + "program_arguments": "/sbin/nfsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nfsd\",\"name\":\"com.apple.nfsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nfsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/sbin/nfsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nis.ypbind\",\"name\":\"com.apple.nis.ypbind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nis.ypbind.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/ypbind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.nis.ypbind.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/ypbind", + "label": "com.apple.nis.ypbind", "name": "com.apple.nis.ypbind.plist", "path": "/System/Library/LaunchDaemons/com.apple.nis.ypbind.plist", - "label": "com.apple.nis.ypbind" + "program_arguments": "/usr/sbin/ypbind" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nis.ypbind\",\"name\":\"com.apple.nis.ypbind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nis.ypbind.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/ypbind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.noticeboard.state\",\"name\":\"com.apple.noticeboard.state.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.noticeboard.state.plist\",\"process_type\":\"Background\",\"program\":\"/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbstated\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.noticeboard.state.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.apple.noticeboard.state", "name": "com.apple.noticeboard.state.plist", "path": "/System/Library/LaunchDaemons/com.apple.noticeboard.state.plist", "process_type": "Background", - "label": "com.apple.noticeboard.state", - "program": "/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbstated", - "keep_alive": "1" + "program": "/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbstated" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.noticeboard.state\",\"name\":\"com.apple.noticeboard.state.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.noticeboard.state.plist\",\"process_type\":\"Background\",\"program\":\"/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbstated\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.notifyd\",\"name\":\"com.apple.notifyd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.notifyd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/notifyd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.notifyd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/notifyd", + "label": "com.apple.notifyd", "name": "com.apple.notifyd.plist", "path": "/System/Library/LaunchDaemons/com.apple.notifyd.plist", - "label": "com.apple.notifyd" + "program_arguments": "/usr/sbin/notifyd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.notifyd\",\"name\":\"com.apple.notifyd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.notifyd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/notifyd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_nsurlsessiond\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nsurlsessiond_privileged\",\"name\":\"com.apple.nsurlsessiond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nsurlsessiond.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/nsurlsessiond --privileged\",\"queue_directories\":\"/var/root/Library/com.apple.nsurlsessiond\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_nsurlsessiond\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.nsurlsessiond.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/nsurlsessiond --privileged", - "path": "/System/Library/LaunchDaemons/com.apple.nsurlsessiond.plist", - "name": "com.apple.nsurlsessiond.plist", - "label": "com.apple.nsurlsessiond_privileged", "groupname": "_nsurlsessiond", + "label": "com.apple.nsurlsessiond_privileged", + "name": "com.apple.nsurlsessiond.plist", + "path": "/System/Library/LaunchDaemons/com.apple.nsurlsessiond.plist", + "program_arguments": "/usr/libexec/nsurlsessiond --privileged", "queue_directories": "/var/root/Library/com.apple.nsurlsessiond", "username": "_nsurlsessiond" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_nsurlsessiond\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nsurlsessiond_privileged\",\"name\":\"com.apple.nsurlsessiond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nsurlsessiond.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/nsurlsessiond --privileged\",\"queue_directories\":\"/var/root/Library/com.apple.nsurlsessiond\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_nsurlsessiond\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_nsurlstoraged\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nsurlstoraged\",\"name\":\"com.apple.nsurlstoraged.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nsurlstoraged.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/nsurlstoraged --privileged\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_nsurlstoraged\",\"watch_paths\":\"/System/Library/Assets/com_apple_MobileAsset_TopLevelDomainDafsa\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.nsurlstoraged.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/nsurlstoraged --privileged", - "path": "/System/Library/LaunchDaemons/com.apple.nsurlstoraged.plist", - "watch_paths": "/System/Library/Assets/com_apple_MobileAsset_TopLevelDomainDafsa", - "name": "com.apple.nsurlstoraged.plist", - "label": "com.apple.nsurlstoraged", "groupname": "_nsurlstoraged", - "username": "_nsurlstoraged" + "label": "com.apple.nsurlstoraged", + "name": "com.apple.nsurlstoraged.plist", + "path": "/System/Library/LaunchDaemons/com.apple.nsurlstoraged.plist", + "program_arguments": "/usr/libexec/nsurlstoraged --privileged", + "username": "_nsurlstoraged", + "watch_paths": "/System/Library/Assets/com_apple_MobileAsset_TopLevelDomainDafsa" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_nsurlstoraged\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nsurlstoraged\",\"name\":\"com.apple.nsurlstoraged.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.nsurlstoraged.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/nsurlstoraged --privileged\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_nsurlstoraged\",\"watch_paths\":\"/System/Library/Assets/com_apple_MobileAsset_TopLevelDomainDafsa\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ocspd\",\"name\":\"com.apple.ocspd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ocspd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/ocspd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ocspd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/ocspd", + "label": "com.apple.ocspd", "name": "com.apple.ocspd.plist", "path": "/System/Library/LaunchDaemons/com.apple.ocspd.plist", - "label": "com.apple.ocspd" + "program_arguments": "/usr/sbin/ocspd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ocspd\",\"name\":\"com.apple.ocspd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ocspd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/ocspd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.odproxyd\",\"name\":\"com.apple.odproxyd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.odproxyd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/odproxyd\",\"program_arguments\":\"odproxyd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.odproxyd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "odproxyd", - "name": "com.apple.odproxyd.plist", - "path": "/System/Library/LaunchDaemons/com.apple.odproxyd.plist", "disabled": "1", "label": "com.apple.odproxyd", - "program": "/usr/libexec/odproxyd" + "name": "com.apple.odproxyd.plist", + "path": "/System/Library/LaunchDaemons/com.apple.odproxyd.plist", + "program": "/usr/libexec/odproxyd", + "program_arguments": "odproxyd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.odproxyd\",\"name\":\"com.apple.odproxyd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.odproxyd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/odproxyd\",\"program_arguments\":\"odproxyd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.opendirectoryd\",\"name\":\"com.apple.opendirectoryd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.opendirectoryd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/opendirectoryd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:51.000Z", "file": { "path": "/System/Library/LaunchDaemons/com.apple.opendirectoryd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.apple.opendirectoryd", "name": "com.apple.opendirectoryd.plist", "path": "/System/Library/LaunchDaemons/com.apple.opendirectoryd.plist", - "label": "com.apple.opendirectoryd", - "program": "/usr/libexec/opendirectoryd", - "keep_alive": "1" + "program": "/usr/libexec/opendirectoryd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.opendirectoryd\",\"name\":\"com.apple.opendirectoryd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.opendirectoryd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/opendirectoryd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.osanalytics.osanalyticshelper\",\"name\":\"com.apple.osanalytics.osanalyticshelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.osanalytics.osanalyticshelper.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/osanalyticshelper com.apple.osanalytics.osanalyticshelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.osanalytics.osanalyticshelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/osanalyticshelper com.apple.osanalytics.osanalyticshelper", + "label": "com.apple.osanalytics.osanalyticshelper", "name": "com.apple.osanalytics.osanalyticshelper.plist", "path": "/System/Library/LaunchDaemons/com.apple.osanalytics.osanalyticshelper.plist", "process_type": "Adaptive", - "label": "com.apple.osanalytics.osanalyticshelper" + "program_arguments": "/System/Library/CoreServices/osanalyticshelper com.apple.osanalytics.osanalyticshelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.osanalytics.osanalyticshelper\",\"name\":\"com.apple.osanalytics.osanalyticshelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.osanalytics.osanalyticshelper.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/osanalyticshelper com.apple.osanalytics.osanalyticshelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.periodic-daily\",\"name\":\"com.apple.periodic-daily.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.periodic-daily.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/periodic-wrapper daily\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.periodic-daily.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/periodic-wrapper daily", + "label": "com.apple.periodic-daily", "name": "com.apple.periodic-daily.plist", "path": "/System/Library/LaunchDaemons/com.apple.periodic-daily.plist", - "label": "com.apple.periodic-daily" + "program_arguments": "/usr/libexec/periodic-wrapper daily" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.periodic-daily\",\"name\":\"com.apple.periodic-daily.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.periodic-daily.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/periodic-wrapper daily\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.periodic-monthly\",\"name\":\"com.apple.periodic-monthly.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.periodic-monthly.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/periodic-wrapper monthly\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.periodic-monthly.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/periodic-wrapper monthly", + "label": "com.apple.periodic-monthly", "name": "com.apple.periodic-monthly.plist", "path": "/System/Library/LaunchDaemons/com.apple.periodic-monthly.plist", - "label": "com.apple.periodic-monthly" + "program_arguments": "/usr/libexec/periodic-wrapper monthly" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.periodic-monthly\",\"name\":\"com.apple.periodic-monthly.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.periodic-monthly.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/periodic-wrapper monthly\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.periodic-weekly\",\"name\":\"com.apple.periodic-weekly.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.periodic-weekly.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/periodic-wrapper weekly\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.periodic-weekly.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/periodic-wrapper weekly", + "label": "com.apple.periodic-weekly", "name": "com.apple.periodic-weekly.plist", "path": "/System/Library/LaunchDaemons/com.apple.periodic-weekly.plist", - "label": "com.apple.periodic-weekly" + "program_arguments": "/usr/libexec/periodic-wrapper weekly" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.periodic-weekly\",\"name\":\"com.apple.periodic-weekly.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.periodic-weekly.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/periodic-wrapper weekly\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pfctl\",\"name\":\"com.apple.pfctl.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.pfctl.plist\",\"process_type\":\"\",\"program\":\"/sbin/pfctl\",\"program_arguments\":\"pfctl -f /etc/pf.conf\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/var/run\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.pfctl.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "pfctl -f /etc/pf.conf", - "path": "/System/Library/LaunchDaemons/com.apple.pfctl.plist", - "run_at_load": "1", - "name": "com.apple.pfctl.plist", - "working_directory": "/var/run", "disabled": "0", "label": "com.apple.pfctl", - "program": "/sbin/pfctl" + "name": "com.apple.pfctl.plist", + "path": "/System/Library/LaunchDaemons/com.apple.pfctl.plist", + "program": "/sbin/pfctl", + "program_arguments": "pfctl -f /etc/pf.conf", + "run_at_load": "1", + "working_directory": "/var/run" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pfctl\",\"name\":\"com.apple.pfctl.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.pfctl.plist\",\"process_type\":\"\",\"program\":\"/sbin/pfctl\",\"program_arguments\":\"pfctl -f /etc/pf.conf\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/var/run\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pfd\",\"name\":\"com.apple.pfd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.pfd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/pfd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.pfd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/pfd", + "label": "com.apple.pfd", "name": "com.apple.pfd.plist", "path": "/System/Library/LaunchDaemons/com.apple.pfd.plist", - "label": "com.apple.pfd" + "program_arguments": "/usr/libexec/pfd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pfd\",\"name\":\"com.apple.pfd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.pfd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/pfd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.platform.ptmd\",\"name\":\"com.apple.platform.ptmd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.platform.ptmd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/ptmd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.platform.ptmd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.platform.ptmd", "name": "com.apple.platform.ptmd.plist", "path": "/System/Library/LaunchDaemons/com.apple.platform.ptmd.plist", - "label": "com.apple.platform.ptmd", "program": "/usr/libexec/ptmd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.platform.ptmd\",\"name\":\"com.apple.platform.ptmd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.platform.ptmd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/ptmd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.postfix.master\",\"name\":\"com.apple.postfix.master.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.postfix.master.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/postfix/master\",\"program_arguments\":\"master -e 60\",\"queue_directories\":\"/var/spool/postfix/maildrop\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.postfix.master.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "master -e 60", + "label": "com.apple.postfix.master", "name": "com.apple.postfix.master.plist", "path": "/System/Library/LaunchDaemons/com.apple.postfix.master.plist", - "label": "com.apple.postfix.master", "program": "/usr/libexec/postfix/master", + "program_arguments": "master -e 60", "queue_directories": "/var/spool/postfix/maildrop" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.postfix.master\",\"name\":\"com.apple.postfix.master.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.postfix.master.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/postfix/master\",\"program_arguments\":\"master -e 60\",\"queue_directories\":\"/var/spool/postfix/maildrop\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.postfix.newaliases\",\"name\":\"com.apple.postfix.newaliases.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.postfix.newaliases.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/bin/newaliases\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/etc/postfix/aliases\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.postfix.newaliases.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/bin/newaliases", - "watch_paths": "/etc/postfix/aliases", + "label": "com.apple.postfix.newaliases", "name": "com.apple.postfix.newaliases.plist", "path": "/System/Library/LaunchDaemons/com.apple.postfix.newaliases.plist", - "label": "com.apple.postfix.newaliases" + "program_arguments": "/usr/bin/newaliases", + "watch_paths": "/etc/postfix/aliases" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.postfix.newaliases\",\"name\":\"com.apple.postfix.newaliases.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.postfix.newaliases.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/bin/newaliases\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/etc/postfix/aliases\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.powerd\",\"name\":\"com.apple.powerd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.powerd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/powerd.bundle/powerd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.powerd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.apple.powerd", "name": "com.apple.powerd.plist", "path": "/System/Library/LaunchDaemons/com.apple.powerd.plist", - "label": "com.apple.powerd", - "program": "/System/Library/CoreServices/powerd.bundle/powerd", - "keep_alive": "1" + "program": "/System/Library/CoreServices/powerd.bundle/powerd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.powerd\",\"name\":\"com.apple.powerd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.powerd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/powerd.bundle/powerd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.powerd.swd\",\"name\":\"com.apple.powerd.swd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.powerd.swd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/powerd.bundle/swd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.powerd.swd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/powerd.bundle/swd", + "label": "com.apple.powerd.swd", "name": "com.apple.powerd.swd.plist", "path": "/System/Library/LaunchDaemons/com.apple.powerd.swd.plist", - "label": "com.apple.powerd.swd" + "program_arguments": "/System/Library/CoreServices/powerd.bundle/swd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.powerd.swd\",\"name\":\"com.apple.powerd.swd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.powerd.swd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/powerd.bundle/swd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.powerlogd\",\"name\":\"com.apple.powerlogd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.powerlogd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/powerlogd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.powerlogd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/powerlogd", + "label": "com.apple.powerlogd", "name": "com.apple.powerlogd.plist", "path": "/System/Library/LaunchDaemons/com.apple.powerlogd.plist", "process_type": "Adaptive", - "label": "com.apple.powerlogd" + "program_arguments": "/usr/libexec/powerlogd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.powerlogd\",\"name\":\"com.apple.powerlogd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.powerlogd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/powerlogd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.preferences.timezone.admintool\",\"name\":\"com.apple.preferences.timezone.admintool.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.preferences.timezone.admintool.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PreferencePanes/DateAndTime.prefPane/Contents/Resources/TimeZone.prefPane/Contents/Resources/TimeZoneAdminTool\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.preferences.timezone.admintool.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PreferencePanes/DateAndTime.prefPane/Contents/Resources/TimeZone.prefPane/Contents/Resources/TimeZoneAdminTool", + "label": "com.apple.preferences.timezone.admintool", "name": "com.apple.preferences.timezone.admintool.plist", "path": "/System/Library/LaunchDaemons/com.apple.preferences.timezone.admintool.plist", - "label": "com.apple.preferences.timezone.admintool", + "program_arguments": "/System/Library/PreferencePanes/DateAndTime.prefPane/Contents/Resources/TimeZone.prefPane/Contents/Resources/TimeZoneAdminTool", "username": "root" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.preferences.timezone.admintool\",\"name\":\"com.apple.preferences.timezone.admintool.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.preferences.timezone.admintool.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PreferencePanes/DateAndTime.prefPane/Contents/Resources/TimeZone.prefPane/Contents/Resources/TimeZoneAdminTool\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.preferences.timezone.auto\",\"name\":\"com.apple.preferences.timezone.auto.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.preferences.timezone.auto.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PreferencePanes/DateAndTime.prefPane/Contents/Resources/TimeZone.prefPane/Contents/Resources/timezoned.app/Contents/MacOS/timezoned\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_timezone\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.preferences.timezone.auto.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PreferencePanes/DateAndTime.prefPane/Contents/Resources/TimeZone.prefPane/Contents/Resources/timezoned.app/Contents/MacOS/timezoned", + "keep_alive": "0", + "label": "com.apple.preferences.timezone.auto", "name": "com.apple.preferences.timezone.auto.plist", "path": "/System/Library/LaunchDaemons/com.apple.preferences.timezone.auto.plist", - "label": "com.apple.preferences.timezone.auto", - "keep_alive": "0", + "program_arguments": "/System/Library/PreferencePanes/DateAndTime.prefPane/Contents/Resources/TimeZone.prefPane/Contents/Resources/timezoned.app/Contents/MacOS/timezoned", "username": "_timezone" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.preferences.timezone.auto\",\"name\":\"com.apple.preferences.timezone.auto.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.preferences.timezone.auto.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PreferencePanes/DateAndTime.prefPane/Contents/Resources/TimeZone.prefPane/Contents/Resources/timezoned.app/Contents/MacOS/timezoned\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_timezone\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.printtool.daemon\",\"name\":\"com.apple.printtool.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.printtool.daemon.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.printtool.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool daemon", + "disabled": "0", + "label": "com.apple.printtool.daemon", "name": "com.apple.printtool.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.printtool.daemon.plist", - "disabled": "0", "process_type": "Adaptive", - "label": "com.apple.printtool.daemon" + "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.printtool.daemon\",\"name\":\"com.apple.printtool.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.printtool.daemon.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.racoon\",\"name\":\"com.apple.racoon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.racoon.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/racoon -D\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.racoon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/racoon -D", + "label": "com.apple.racoon", "name": "com.apple.racoon.plist", "path": "/System/Library/LaunchDaemons/com.apple.racoon.plist", "process_type": "Interactive", - "label": "com.apple.racoon", + "program_arguments": "/usr/sbin/racoon -D", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.racoon\",\"name\":\"com.apple.racoon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.racoon.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/racoon -D\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.rapportd\",\"name\":\"com.apple.rapportd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.rapportd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/rapportd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.rapportd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.rapportd", "name": "com.apple.rapportd.plist", "path": "/System/Library/LaunchDaemons/com.apple.rapportd.plist", - "label": "com.apple.rapportd", "program": "/usr/libexec/rapportd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.rapportd\",\"name\":\"com.apple.rapportd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.rapportd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/rapportd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.RemotePairTool\",\"name\":\"com.apple.remotepairtool.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.remotepairtool.plist\",\"process_type\":\"Standard\",\"program\":\"/System/Library/CoreServices/RemotePairTool\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.remotepairtool.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.RemotePairTool", "name": "com.apple.remotepairtool.plist", "path": "/System/Library/LaunchDaemons/com.apple.remotepairtool.plist", "process_type": "Standard", - "label": "com.apple.RemotePairTool", "program": "/System/Library/CoreServices/RemotePairTool" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.RemotePairTool\",\"name\":\"com.apple.remotepairtool.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.remotepairtool.plist\",\"process_type\":\"Standard\",\"program\":\"/System/Library/CoreServices/RemotePairTool\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.revisiond\",\"name\":\"com.apple.revisiond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.revisiond.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/Support/revisiond\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.revisiond.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/Support/revisiond", + "keep_alive": "1", + "label": "com.apple.revisiond", "name": "com.apple.revisiond.plist", "path": "/System/Library/LaunchDaemons/com.apple.revisiond.plist", - "label": "com.apple.revisiond", - "keep_alive": "1", + "program_arguments": "/System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/Support/revisiond", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.revisiond\",\"name\":\"com.apple.revisiond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.revisiond.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/Support/revisiond\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.rootless.init\",\"name\":\"com.apple.rootless.init.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.rootless.init.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rootless-init\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/System/Library/Sandbox/Compatibility.bundle/Contents/Resources/paths\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.rootless.init.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/rootless-init", - "watch_paths": "/System/Library/Sandbox/Compatibility.bundle/Contents/Resources/paths", + "label": "com.apple.rootless.init", "name": "com.apple.rootless.init.plist", "path": "/System/Library/LaunchDaemons/com.apple.rootless.init.plist", - "label": "com.apple.rootless.init" + "program_arguments": "/usr/libexec/rootless-init", + "watch_paths": "/System/Library/Sandbox/Compatibility.bundle/Contents/Resources/paths" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.rootless.init\",\"name\":\"com.apple.rootless.init.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.rootless.init.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rootless-init\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/System/Library/Sandbox/Compatibility.bundle/Contents/Resources/paths\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.rpcbind\",\"name\":\"com.apple.rpcbind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.rpcbind.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/rpcbind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.rpcbind.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/rpcbind", + "label": "com.apple.rpcbind", "name": "com.apple.rpcbind.plist", "path": "/System/Library/LaunchDaemons/com.apple.rpcbind.plist", - "label": "com.apple.rpcbind" + "program_arguments": "/usr/sbin/rpcbind" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.rpcbind\",\"name\":\"com.apple.rpcbind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.rpcbind.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/rpcbind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.rtcreportingd\",\"name\":\"com.apple.rtcreportingd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.rtcreportingd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rtcreportingd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.rtcreportingd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/rtcreportingd", + "label": "com.apple.rtcreportingd", "name": "com.apple.rtcreportingd.plist", "path": "/System/Library/LaunchDaemons/com.apple.rtcreportingd.plist", - "label": "com.apple.rtcreportingd", + "program_arguments": "/usr/libexec/rtcreportingd", "username": "root" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.rtcreportingd\",\"name\":\"com.apple.rtcreportingd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.rtcreportingd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/rtcreportingd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sandboxd\",\"name\":\"com.apple.sandboxd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.sandboxd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/sandboxd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.sandboxd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/sandboxd", + "label": "com.apple.sandboxd", "name": "com.apple.sandboxd.plist", "path": "/System/Library/LaunchDaemons/com.apple.sandboxd.plist", - "label": "com.apple.sandboxd" + "program_arguments": "/usr/libexec/sandboxd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sandboxd\",\"name\":\"com.apple.sandboxd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.sandboxd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/sandboxd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.screensharing\",\"name\":\"com.apple.screensharing.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.screensharing.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/RemoteManagement/screensharingd.bundle/Contents/MacOS/screensharingd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.screensharing.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/RemoteManagement/screensharingd.bundle/Contents/MacOS/screensharingd", + "disabled": "1", + "label": "com.apple.screensharing", "name": "com.apple.screensharing.plist", "path": "/System/Library/LaunchDaemons/com.apple.screensharing.plist", - "disabled": "1", "process_type": "Interactive", - "label": "com.apple.screensharing" + "program_arguments": "/System/Library/CoreServices/RemoteManagement/screensharingd.bundle/Contents/MacOS/screensharingd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.screensharing\",\"name\":\"com.apple.screensharing.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.screensharing.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/RemoteManagement/screensharingd.bundle/Contents/MacOS/screensharingd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.scsid\",\"name\":\"com.apple.scsid.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.scsid.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/scsid\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.scsid.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/scsid", + "label": "com.apple.scsid", "name": "com.apple.scsid.plist", "path": "/System/Library/LaunchDaemons/com.apple.scsid.plist", - "label": "com.apple.scsid", + "program_arguments": "/usr/libexec/scsid", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.scsid\",\"name\":\"com.apple.scsid.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.scsid.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/scsid\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.secinitd\",\"name\":\"com.apple.secinitd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.secinitd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/secinitd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.secinitd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.secinitd", "name": "com.apple.secinitd.plist", "path": "/System/Library/LaunchDaemons/com.apple.secinitd.plist", - "label": "com.apple.secinitd", "program": "/usr/libexec/secinitd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.secinitd\",\"name\":\"com.apple.secinitd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.secinitd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/secinitd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.FDERecoveryAgent\",\"name\":\"com.apple.security.FDERecoveryAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.security.FDERecoveryAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/FDERecoveryAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.security.FDERecoveryAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/FDERecoveryAgent", - "name": "com.apple.security.FDERecoveryAgent.plist", - "path": "/System/Library/LaunchDaemons/com.apple.security.FDERecoveryAgent.plist", "disabled": "1", "label": "com.apple.security.FDERecoveryAgent", + "name": "com.apple.security.FDERecoveryAgent.plist", + "path": "/System/Library/LaunchDaemons/com.apple.security.FDERecoveryAgent.plist", + "program_arguments": "/usr/libexec/FDERecoveryAgent", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.FDERecoveryAgent\",\"name\":\"com.apple.security.FDERecoveryAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.security.FDERecoveryAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/FDERecoveryAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.agent.login\",\"name\":\"com.apple.security.agent.login.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.security.agent.login.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_securityagent\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.security.agent.login.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent", + "label": "com.apple.security.agent.login", "name": "com.apple.security.agent.login.plist", "path": "/System/Library/LaunchDaemons/com.apple.security.agent.login.plist", - "label": "com.apple.security.agent.login", + "program_arguments": "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent", "username": "_securityagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.agent.login\",\"name\":\"com.apple.security.agent.login.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.security.agent.login.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_securityagent\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.authhost\",\"name\":\"com.apple.security.authhost.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.security.authhost.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.security.authhost.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost", + "label": "com.apple.security.authhost", "name": "com.apple.security.authhost.plist", "path": "/System/Library/LaunchDaemons/com.apple.security.authhost.plist", - "label": "com.apple.security.authhost" + "program_arguments": "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.authhost\",\"name\":\"com.apple.security.authhost.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.security.authhost.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.syspolicy\",\"name\":\"com.apple.security.syspolicy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.security.syspolicy.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/syspolicyd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.security.syspolicy.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/syspolicyd", + "disabled": "0", + "label": "com.apple.security.syspolicy", "name": "com.apple.security.syspolicy.plist", "path": "/System/Library/LaunchDaemons/com.apple.security.syspolicy.plist", - "disabled": "0", - "label": "com.apple.security.syspolicy" + "program_arguments": "/usr/libexec/syspolicyd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.syspolicy\",\"name\":\"com.apple.security.syspolicy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.security.syspolicy.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/syspolicyd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.securityd\",\"name\":\"com.apple.securityd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.securityd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/securityd -i\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.securityd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/securityd -i", + "label": "com.apple.securityd", "name": "com.apple.securityd.plist", "path": "/System/Library/LaunchDaemons/com.apple.securityd.plist", - "label": "com.apple.securityd", + "program_arguments": "/usr/sbin/securityd -i", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.securityd\",\"name\":\"com.apple.securityd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.securityd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/securityd -i\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.securityd_service\",\"name\":\"com.apple.securityd_service.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.securityd_service.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/securityd_service\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.securityd_service.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.securityd_service", "name": "com.apple.securityd_service.plist", "path": "/System/Library/LaunchDaemons/com.apple.securityd_service.plist", - "label": "com.apple.securityd_service", "program": "/usr/libexec/securityd_service" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.securityd_service\",\"name\":\"com.apple.securityd_service.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.securityd_service.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/securityd_service\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.seld\",\"name\":\"com.apple.seld.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.seld.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/seld\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_applepay\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.seld.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.seld", "name": "com.apple.seld.plist", "path": "/System/Library/LaunchDaemons/com.apple.seld.plist", "process_type": "Adaptive", - "label": "com.apple.seld", "program": "/usr/libexec/seld", "username": "_applepay" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.seld\",\"name\":\"com.apple.seld.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.seld.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/seld\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_applepay\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sessionlogoutd\",\"name\":\"com.apple.sessionlogoutd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.sessionlogoutd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/sessionlogoutd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.sessionlogoutd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/sessionlogoutd", + "label": "com.apple.sessionlogoutd", "name": "com.apple.sessionlogoutd.plist", "path": "/System/Library/LaunchDaemons/com.apple.sessionlogoutd.plist", - "label": "com.apple.sessionlogoutd" + "program_arguments": "/System/Library/CoreServices/sessionlogoutd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sessionlogoutd\",\"name\":\"com.apple.sessionlogoutd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.sessionlogoutd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/sessionlogoutd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.signpost.signpost_reporter\",\"name\":\"com.apple.signpost.signpost_reporter.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.signpost.signpost_reporter.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/signpost_reporter\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.signpost.signpost_reporter.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/signpost_reporter", + "label": "com.apple.signpost.signpost_reporter", "name": "com.apple.signpost.signpost_reporter.plist", "path": "/System/Library/LaunchDaemons/com.apple.signpost.signpost_reporter.plist", "process_type": "Background", - "label": "com.apple.signpost.signpost_reporter" + "program_arguments": "/usr/libexec/signpost_reporter" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.signpost.signpost_reporter\",\"name\":\"com.apple.signpost.signpost_reporter.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.signpost.signpost_reporter.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/signpost_reporter\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.smb.preferences\",\"name\":\"com.apple.smb.preferences.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.smb.preferences.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/smb-sync-preferences\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.smb.preferences.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/smb-sync-preferences", + "label": "com.apple.smb.preferences", "name": "com.apple.smb.preferences.plist", "path": "/System/Library/LaunchDaemons/com.apple.smb.preferences.plist", - "label": "com.apple.smb.preferences", + "program_arguments": "/usr/libexec/smb-sync-preferences", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.smb.preferences\",\"name\":\"com.apple.smb.preferences.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.smb.preferences.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/smb-sync-preferences\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.smbd\",\"name\":\"com.apple.smbd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.smbd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/smbd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.smbd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/smbd", + "disabled": "1", + "label": "com.apple.smbd", "name": "com.apple.smbd.plist", "path": "/System/Library/LaunchDaemons/com.apple.smbd.plist", - "disabled": "1", - "label": "com.apple.smbd" + "program_arguments": "/usr/sbin/smbd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.smbd\",\"name\":\"com.apple.smbd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.smbd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/smbd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.softwareupdate_download_service\",\"name\":\"com.apple.softwareupdate_download_service.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.softwareupdate_download_service.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_download_service\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_softwareupdate\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.softwareupdate_download_service.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_download_service", + "label": "com.apple.softwareupdate_download_service", "name": "com.apple.softwareupdate_download_service.plist", "path": "/System/Library/LaunchDaemons/com.apple.softwareupdate_download_service.plist", - "label": "com.apple.softwareupdate_download_service", + "program_arguments": "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_download_service", "username": "_softwareupdate" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.softwareupdate_download_service\",\"name\":\"com.apple.softwareupdate_download_service.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.softwareupdate_download_service.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_download_service\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_softwareupdate\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.softwareupdate_firstrun_tasks\",\"name\":\"com.apple.softwareupdate_firstrun_tasks.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.softwareupdate_firstrun_tasks.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_firstrun_tasks -BuildTagCache YES\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_softwareupdate\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.softwareupdate_firstrun_tasks.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_firstrun_tasks -BuildTagCache YES", + "label": "com.apple.softwareupdate_firstrun_tasks", "name": "com.apple.softwareupdate_firstrun_tasks.plist", "path": "/System/Library/LaunchDaemons/com.apple.softwareupdate_firstrun_tasks.plist", - "label": "com.apple.softwareupdate_firstrun_tasks", + "program_arguments": "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_firstrun_tasks -BuildTagCache YES", "username": "_softwareupdate" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.softwareupdate_firstrun_tasks\",\"name\":\"com.apple.softwareupdate_firstrun_tasks.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.softwareupdate_firstrun_tasks.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_firstrun_tasks -BuildTagCache YES\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_softwareupdate\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.softwareupdated\",\"name\":\"com.apple.softwareupdated.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.softwareupdated.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_softwareupdate\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.softwareupdated.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated", + "label": "com.apple.softwareupdated", "name": "com.apple.softwareupdated.plist", "path": "/System/Library/LaunchDaemons/com.apple.softwareupdated.plist", - "label": "com.apple.softwareupdated", + "program_arguments": "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated", "username": "_softwareupdate" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.softwareupdated\",\"name\":\"com.apple.softwareupdated.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.softwareupdated.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_softwareupdate\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.speech.speechsynthesisd\",\"name\":\"com.apple.speech.speechsynthesisd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.speech.speechsynthesisd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.speech.speechsynthesisd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "0", + "label": "com.apple.speech.speechsynthesisd", "name": "com.apple.speech.speechsynthesisd.plist", "path": "/System/Library/LaunchDaemons/com.apple.speech.speechsynthesisd.plist", - "label": "com.apple.speech.speechsynthesisd", - "program": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd", - "keep_alive": "0" + "program": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.speech.speechsynthesisd\",\"name\":\"com.apple.speech.speechsynthesisd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.speech.speechsynthesisd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.spindump\",\"name\":\"com.apple.spindump.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.spindump.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/spindump\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.spindump.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/spindump", + "label": "com.apple.spindump", "name": "com.apple.spindump.plist", "path": "/System/Library/LaunchDaemons/com.apple.spindump.plist", - "label": "com.apple.spindump" + "program_arguments": "/usr/sbin/spindump" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.spindump\",\"name\":\"com.apple.spindump.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.spindump.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/spindump\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.startupdiskhelper\",\"name\":\"com.apple.startupdiskhelper.plist\",\"on_demand\":\"1\",\"path\":\"/System/Library/LaunchDaemons/com.apple.startupdiskhelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/startupdiskhelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.startupdiskhelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/startupdiskhelper", - "name": "com.apple.startupdiskhelper.plist", - "path": "/System/Library/LaunchDaemons/com.apple.startupdiskhelper.plist", "label": "com.apple.startupdiskhelper", + "name": "com.apple.startupdiskhelper.plist", "on_demand": "1", + "path": "/System/Library/LaunchDaemons/com.apple.startupdiskhelper.plist", + "program_arguments": "/usr/libexec/startupdiskhelper", "username": "root" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.startupdiskhelper\",\"name\":\"com.apple.startupdiskhelper.plist\",\"on_demand\":\"1\",\"path\":\"/System/Library/LaunchDaemons/com.apple.startupdiskhelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/startupdiskhelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.statd.notify\",\"name\":\"com.apple.statd.notify.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.statd.notify.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/rpc.statd -n\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.statd.notify.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/rpc.statd -n", + "label": "com.apple.statd.notify", "name": "com.apple.statd.notify.plist", "path": "/System/Library/LaunchDaemons/com.apple.statd.notify.plist", - "label": "com.apple.statd.notify", + "program_arguments": "/usr/sbin/rpc.statd -n", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.statd.notify\",\"name\":\"com.apple.statd.notify.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.statd.notify.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/rpc.statd -n\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storagekitd\",\"name\":\"com.apple.storagekitd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storagekitd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.storagekitd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd", + "label": "com.apple.storagekitd", "name": "com.apple.storagekitd.plist", "path": "/System/Library/LaunchDaemons/com.apple.storagekitd.plist", - "label": "com.apple.storagekitd", + "program_arguments": "/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd", "username": "root" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storagekitd\",\"name\":\"com.apple.storagekitd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storagekitd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeaccountd.daemon\",\"name\":\"com.apple.storeaccountd.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storeaccountd.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeaccountd daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.storeaccountd.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeaccountd daemon", + "label": "com.apple.storeaccountd.daemon", "name": "com.apple.storeaccountd.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.storeaccountd.daemon.plist", - "label": "com.apple.storeaccountd.daemon" + "program_arguments": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeaccountd daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeaccountd.daemon\",\"name\":\"com.apple.storeaccountd.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storeaccountd.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeaccountd daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeagent.daemon\",\"name\":\"com.apple.storeagent.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storeagent.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storelegacy daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:51.000Z", "file": { "path": "/System/Library/LaunchDaemons/com.apple.storeagent.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storelegacy daemon", + "label": "com.apple.storeagent.daemon", "name": "com.apple.storeagent.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.storeagent.daemon.plist", - "label": "com.apple.storeagent.daemon" + "program_arguments": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storelegacy daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeagent.daemon\",\"name\":\"com.apple.storeagent.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storeagent.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storelegacy daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeassetd.daemon\",\"name\":\"com.apple.storeassetd.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storeassetd.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeassetd daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.storeassetd.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeassetd daemon", + "label": "com.apple.storeassetd.daemon", "name": "com.apple.storeassetd.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.storeassetd.daemon.plist", - "label": "com.apple.storeassetd.daemon" + "program_arguments": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeassetd daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeassetd.daemon\",\"name\":\"com.apple.storeassetd.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storeassetd.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeassetd daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storedownloadd.daemon\",\"name\":\"com.apple.storedownloadd.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storedownloadd.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.storedownloadd.daemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd daemon", + "label": "com.apple.storedownloadd.daemon", "name": "com.apple.storedownloadd.daemon.plist", "path": "/System/Library/LaunchDaemons/com.apple.storedownloadd.daemon.plist", - "label": "com.apple.storedownloadd.daemon" + "program_arguments": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd daemon" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storedownloadd.daemon\",\"name\":\"com.apple.storedownloadd.daemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storedownloadd.daemon.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeinstalld\",\"name\":\"com.apple.storeinstalld.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storeinstalld.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeinstalld\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.storeinstalld.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.storeinstalld", "name": "com.apple.storeinstalld.plist", "path": "/System/Library/LaunchDaemons/com.apple.storeinstalld.plist", - "label": "com.apple.storeinstalld", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeinstalld" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeinstalld\",\"name\":\"com.apple.storeinstalld.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storeinstalld.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeinstalld\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storereceiptinstaller\",\"name\":\"com.apple.storereceiptinstaller.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storereceiptinstaller.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/ReceiptInstaller\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.storereceiptinstaller.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.storereceiptinstaller", "name": "com.apple.storereceiptinstaller.plist", "path": "/System/Library/LaunchDaemons/com.apple.storereceiptinstaller.plist", - "label": "com.apple.storereceiptinstaller", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/ReceiptInstaller", "username": "root" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storereceiptinstaller\",\"name\":\"com.apple.storereceiptinstaller.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.storereceiptinstaller.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/ReceiptInstaller\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"root\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.suhelperd\",\"name\":\"com.apple.suhelperd.plist\",\"on_demand\":\"1\",\"path\":\"/System/Library/LaunchDaemons/com.apple.suhelperd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.suhelperd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd", + "label": "com.apple.suhelperd", "name": "com.apple.suhelperd.plist", + "on_demand": "1", "path": "/System/Library/LaunchDaemons/com.apple.suhelperd.plist", - "label": "com.apple.suhelperd", - "on_demand": "1" + "program_arguments": "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.suhelperd\",\"name\":\"com.apple.suhelperd.plist\",\"on_demand\":\"1\",\"path\":\"/System/Library/LaunchDaemons/com.apple.suhelperd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.symptomsd-diag\",\"name\":\"com.apple.symptomsd-diag.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.symptomsd-diag.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/symptomsd-diag\",\"program_arguments\":\"/usr/libexec/symptomsd-diag\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.symptomsd-diag.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/symptomsd-diag", + "label": "com.apple.symptomsd-diag", "name": "com.apple.symptomsd-diag.plist", "path": "/System/Library/LaunchDaemons/com.apple.symptomsd-diag.plist", - "label": "com.apple.symptomsd-diag", - "program": "/usr/libexec/symptomsd-diag" + "program": "/usr/libexec/symptomsd-diag", + "program_arguments": "/usr/libexec/symptomsd-diag" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.symptomsd-diag\",\"name\":\"com.apple.symptomsd-diag.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.symptomsd-diag.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/symptomsd-diag\",\"program_arguments\":\"/usr/libexec/symptomsd-diag\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_networkd\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.symptomsd\",\"name\":\"com.apple.symptomsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.symptomsd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/symptomsd\",\"program_arguments\":\"/usr/libexec/symptomsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_networkd\",\"watch_paths\":\"/Library/Preferences/com.apple.symptoms.plist\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.symptomsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/symptomsd", - "path": "/System/Library/LaunchDaemons/com.apple.symptomsd.plist", - "watch_paths": "/Library/Preferences/com.apple.symptoms.plist", - "name": "com.apple.symptomsd.plist", + "groupname": "_networkd", "label": "com.apple.symptomsd", + "name": "com.apple.symptomsd.plist", + "path": "/System/Library/LaunchDaemons/com.apple.symptomsd.plist", "program": "/usr/libexec/symptomsd", - "groupname": "_networkd", - "username": "_networkd" + "program_arguments": "/usr/libexec/symptomsd", + "username": "_networkd", + "watch_paths": "/Library/Preferences/com.apple.symptoms.plist" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_networkd\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.symptomsd\",\"name\":\"com.apple.symptomsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.symptomsd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/symptomsd\",\"program_arguments\":\"/usr/libexec/symptomsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_networkd\",\"watch_paths\":\"/Library/Preferences/com.apple.symptoms.plist\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sysdiagnose\",\"name\":\"com.apple.sysdiagnose.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.sysdiagnose.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/bin/sysdiagnose\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.sysdiagnose.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/bin/sysdiagnose", + "label": "com.apple.sysdiagnose", "name": "com.apple.sysdiagnose.plist", "path": "/System/Library/LaunchDaemons/com.apple.sysdiagnose.plist", "process_type": "Interactive", - "label": "com.apple.sysdiagnose" + "program_arguments": "/usr/bin/sysdiagnose" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sysdiagnose\",\"name\":\"com.apple.sysdiagnose.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.sysdiagnose.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/bin/sysdiagnose\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sysdiagnose_helper\",\"name\":\"com.apple.sysdiagnose_helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.sysdiagnose_helper.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/sysdiagnose_helper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.sysdiagnose_helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.sysdiagnose_helper", "name": "com.apple.sysdiagnose_helper.plist", "path": "/System/Library/LaunchDaemons/com.apple.sysdiagnose_helper.plist", - "label": "com.apple.sysdiagnose_helper", "program": "/usr/libexec/sysdiagnose_helper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sysdiagnose_helper\",\"name\":\"com.apple.sysdiagnose_helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.sysdiagnose_helper.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/sysdiagnose_helper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.syslogd\",\"name\":\"com.apple.syslogd.plist\",\"on_demand\":\"0\",\"path\":\"/System/Library/LaunchDaemons/com.apple.syslogd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/syslogd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.syslogd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/syslogd", + "label": "com.apple.syslogd", "name": "com.apple.syslogd.plist", + "on_demand": "0", "path": "/System/Library/LaunchDaemons/com.apple.syslogd.plist", - "label": "com.apple.syslogd", - "on_demand": "0" + "program_arguments": "/usr/sbin/syslogd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.syslogd\",\"name\":\"com.apple.syslogd.plist\",\"on_demand\":\"0\",\"path\":\"/System/Library/LaunchDaemons/com.apple.syslogd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/syslogd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sysmond\",\"name\":\"com.apple.sysmond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.sysmond.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/sysmond\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.sysmond.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.sysmond", "name": "com.apple.sysmond.plist", "path": "/System/Library/LaunchDaemons/com.apple.sysmond.plist", - "label": "com.apple.sysmond", "program": "/usr/libexec/sysmond" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sysmond\",\"name\":\"com.apple.sysmond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.sysmond.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/sysmond\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.system_installd\",\"name\":\"com.apple.system_installd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.system_installd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:51.000Z", "file": { "path": "/System/Library/LaunchDaemons/com.apple.system_installd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd", + "label": "com.apple.system_installd", "name": "com.apple.system_installd.plist", "path": "/System/Library/LaunchDaemons/com.apple.system_installd.plist", - "label": "com.apple.system_installd" + "program_arguments": "/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.system_installd\",\"name\":\"com.apple.system_installd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.system_installd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.systemkeychain\",\"name\":\"com.apple.systemkeychain.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.systemkeychain.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/systemkeychain -d\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.systemkeychain.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/systemkeychain -d", + "label": "com.apple.systemkeychain", "name": "com.apple.systemkeychain.plist", "path": "/System/Library/LaunchDaemons/com.apple.systemkeychain.plist", - "label": "com.apple.systemkeychain" + "program_arguments": "/usr/sbin/systemkeychain -d" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.systemkeychain\",\"name\":\"com.apple.systemkeychain.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.systemkeychain.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/systemkeychain -d\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.systemstats.analysis\",\"name\":\"com.apple.systemstats.analysis.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.systemstats.analysis.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/systemstats --daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.systemstats.analysis.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/systemstats --daemon", + "keep_alive": "1", + "label": "com.apple.systemstats.analysis", "name": "com.apple.systemstats.analysis.plist", "path": "/System/Library/LaunchDaemons/com.apple.systemstats.analysis.plist", - "label": "com.apple.systemstats.analysis", - "keep_alive": "1", + "program_arguments": "/usr/sbin/systemstats --daemon", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.systemstats.analysis\",\"name\":\"com.apple.systemstats.analysis.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.systemstats.analysis.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/systemstats --daemon\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.systemstats.daily\",\"name\":\"com.apple.systemstats.daily.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.systemstats.daily.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/systemstats --daily\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.systemstats.daily.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/systemstats --daily", + "label": "com.apple.systemstats.daily", "name": "com.apple.systemstats.daily.plist", "path": "/System/Library/LaunchDaemons/com.apple.systemstats.daily.plist", - "label": "com.apple.systemstats.daily" + "program_arguments": "/usr/sbin/systemstats --daily" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.systemstats.daily\",\"name\":\"com.apple.systemstats.daily.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.systemstats.daily.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/systemstats --daily\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tailspind\",\"name\":\"com.apple.tailspind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.tailspind.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/tailspind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.tailspind.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/tailspind", + "label": "com.apple.tailspind", "name": "com.apple.tailspind.plist", "path": "/System/Library/LaunchDaemons/com.apple.tailspind.plist", "process_type": "Adaptive", - "label": "com.apple.tailspind" + "program_arguments": "/usr/libexec/tailspind" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tailspind\",\"name\":\"com.apple.tailspind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.tailspind.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/tailspind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.taskgated-helper\",\"name\":\"com.apple.taskgated-helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.taskgated-helper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/taskgated-helper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.taskgated-helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/taskgated-helper", + "label": "com.apple.taskgated-helper", "name": "com.apple.taskgated-helper.plist", "path": "/System/Library/LaunchDaemons/com.apple.taskgated-helper.plist", - "label": "com.apple.taskgated-helper" + "program_arguments": "/usr/libexec/taskgated-helper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.taskgated-helper\",\"name\":\"com.apple.taskgated-helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.taskgated-helper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/taskgated-helper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.taskgated\",\"name\":\"com.apple.taskgated.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.taskgated.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/taskgated -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.taskgated.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/taskgated -s", + "label": "com.apple.taskgated", "name": "com.apple.taskgated.plist", "path": "/System/Library/LaunchDaemons/com.apple.taskgated.plist", - "label": "com.apple.taskgated" + "program_arguments": "/usr/libexec/taskgated -s" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.taskgated\",\"name\":\"com.apple.taskgated.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.taskgated.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/taskgated -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tccd.system\",\"name\":\"com.apple.tccd.system.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.tccd.system.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd system\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.tccd.system.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd system", + "label": "com.apple.tccd.system", "name": "com.apple.tccd.system.plist", "path": "/System/Library/LaunchDaemons/com.apple.tccd.system.plist", - "label": "com.apple.tccd.system" + "program_arguments": "/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd system" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tccd.system\",\"name\":\"com.apple.tccd.system.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.tccd.system.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd system\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.testmanagerd\",\"name\":\"com.apple.testmanagerd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.testmanagerd.plist\",\"process_type\":\"Background\",\"program\":\"/usr/libexec/testmanagerd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.testmanagerd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.testmanagerd", "name": "com.apple.testmanagerd.plist", "path": "/System/Library/LaunchDaemons/com.apple.testmanagerd.plist", "process_type": "Background", - "label": "com.apple.testmanagerd", "program": "/usr/libexec/testmanagerd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.testmanagerd\",\"name\":\"com.apple.testmanagerd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.testmanagerd.plist\",\"process_type\":\"Background\",\"program\":\"/usr/libexec/testmanagerd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.thermald\",\"name\":\"com.apple.thermald.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.thermald.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/thermald\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.thermald.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/thermald", + "label": "com.apple.thermald", "name": "com.apple.thermald.plist", "path": "/System/Library/LaunchDaemons/com.apple.thermald.plist", "process_type": "Interactive", - "label": "com.apple.thermald" + "program_arguments": "/usr/libexec/thermald" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.thermald\",\"name\":\"com.apple.thermald.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.thermald.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/thermald\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_timed\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.timed\",\"name\":\"com.apple.timed.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.timed.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/timed\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"3600\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_timed\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.timed.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/timed", + "groupname": "_timed", + "label": "com.apple.timed", + "name": "com.apple.timed.plist", "path": "/System/Library/LaunchDaemons/com.apple.timed.plist", + "program_arguments": "/usr/libexec/timed", "run_at_load": "1", "start_interval": "3600", - "name": "com.apple.timed.plist", - "label": "com.apple.timed", - "groupname": "_timed", "username": "_timed" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_timed\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.timed\",\"name\":\"com.apple.timed.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.timed.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/timed\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"3600\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_timed\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.timezoneupdates.tzd\",\"name\":\"com.apple.timezoneupdates.tzd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.timezoneupdates.tzd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/tzd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.timezoneupdates.tzd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.timezoneupdates.tzd", "name": "com.apple.timezoneupdates.tzd.plist", "path": "/System/Library/LaunchDaemons/com.apple.timezoneupdates.tzd.plist", "process_type": "Adaptive", - "label": "com.apple.timezoneupdates.tzd", "program": "/usr/libexec/tzd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, - "rule": { - "name": "pack_it-compliance_launchd" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.timezoneupdates.tzd\",\"name\":\"com.apple.timezoneupdates.tzd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.timezoneupdates.tzd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/tzd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, + "rule": { + "name": "pack_it-compliance_launchd" + }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.touchbarserver\",\"name\":\"com.apple.touchbarserver.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.touchbarserver.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/libexec/TouchBarServer\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.touchbarserver.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.touchbarserver", "name": "com.apple.touchbarserver.plist", "path": "/System/Library/LaunchDaemons/com.apple.touchbarserver.plist", "process_type": "Interactive", - "label": "com.apple.touchbarserver", "program": "/usr/libexec/TouchBarServer" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.touchbarserver\",\"name\":\"com.apple.touchbarserver.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.touchbarserver.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/libexec/TouchBarServer\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.trustd\",\"name\":\"com.apple.trustd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.trustd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/trustd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.trustd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/trustd", + "label": "com.apple.trustd", "name": "com.apple.trustd.plist", "path": "/System/Library/LaunchDaemons/com.apple.trustd.plist", - "label": "com.apple.trustd" + "program_arguments": "/usr/libexec/trustd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.trustd\",\"name\":\"com.apple.trustd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.trustd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/trustd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tzlinkd\",\"name\":\"com.apple.tzlinkd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.tzlinkd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/tzlinkd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.tzlinkd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.tzlinkd", "name": "com.apple.tzlinkd.plist", "path": "/System/Library/LaunchDaemons/com.apple.tzlinkd.plist", - "label": "com.apple.tzlinkd", "program": "/usr/libexec/tzlinkd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tzlinkd\",\"name\":\"com.apple.tzlinkd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.tzlinkd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/tzlinkd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ucupdate.plist\",\"name\":\"com.apple.ucupdate.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ucupdate.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/ucupdate -m /usr/share/ucupdate/microcode.dat\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.ucupdate.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/ucupdate -m /usr/share/ucupdate/microcode.dat", + "label": "com.apple.ucupdate.plist", "name": "com.apple.ucupdate.plist", "path": "/System/Library/LaunchDaemons/com.apple.ucupdate.plist", - "label": "com.apple.ucupdate.plist", + "program_arguments": "/usr/libexec/ucupdate -m /usr/share/ucupdate/microcode.dat", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ucupdate.plist\",\"name\":\"com.apple.ucupdate.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.ucupdate.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/ucupdate -m /usr/share/ucupdate/microcode.dat\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.uninstalld\",\"name\":\"com.apple.uninstalld.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.uninstalld.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Uninstall.framework/Resources/uninstalld\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.uninstalld.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/Uninstall.framework/Resources/uninstalld", + "keep_alive": "1", + "label": "com.apple.uninstalld", "name": "com.apple.uninstalld.plist", "path": "/System/Library/LaunchDaemons/com.apple.uninstalld.plist", - "label": "com.apple.uninstalld", - "keep_alive": "1" + "program_arguments": "/System/Library/PrivateFrameworks/Uninstall.framework/Resources/uninstalld" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.uninstalld\",\"name\":\"com.apple.uninstalld.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.uninstalld.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/Uninstall.framework/Resources/uninstalld\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.unmountassistant.sysagent\",\"name\":\"com.apple.unmountassistant.sysagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.unmountassistant.sysagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/UnmountAssistantAgent.app/Contents/Resources/UASysAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.unmountassistant.sysagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/UnmountAssistantAgent.app/Contents/Resources/UASysAgent", + "label": "com.apple.unmountassistant.sysagent", "name": "com.apple.unmountassistant.sysagent.plist", "path": "/System/Library/LaunchDaemons/com.apple.unmountassistant.sysagent.plist", - "label": "com.apple.unmountassistant.sysagent" + "program_arguments": "/System/Library/CoreServices/UnmountAssistantAgent.app/Contents/Resources/UASysAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.unmountassistant.sysagent\",\"name\":\"com.apple.unmountassistant.sysagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.unmountassistant.sysagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/UnmountAssistantAgent.app/Contents/Resources/UASysAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.updateEFIDesktopPicture-apfs\",\"name\":\"com.apple.updateEFIDesktopPicture-apfs.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.updateEFIDesktopPicture-apfs.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/diskutil apfs updatePreboot /\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/Library/Caches/.com.apple.updateEFIResources /Library/Caches/com.apple.desktop.admin.png /System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.updateEFIDesktopPicture-apfs.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/diskutil apfs updatePreboot /", - "watch_paths": "/Library/Caches/.com.apple.updateEFIResources /Library/Caches/com.apple.desktop.admin.png /System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources", + "label": "com.apple.updateEFIDesktopPicture-apfs", "name": "com.apple.updateEFIDesktopPicture-apfs.plist", "path": "/System/Library/LaunchDaemons/com.apple.updateEFIDesktopPicture-apfs.plist", - "label": "com.apple.updateEFIDesktopPicture-apfs" + "program_arguments": "/usr/sbin/diskutil apfs updatePreboot /", + "watch_paths": "/Library/Caches/.com.apple.updateEFIResources /Library/Caches/com.apple.desktop.admin.png /System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.updateEFIDesktopPicture-apfs\",\"name\":\"com.apple.updateEFIDesktopPicture-apfs.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.updateEFIDesktopPicture-apfs.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/diskutil apfs updatePreboot /\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/Library/Caches/.com.apple.updateEFIResources /Library/Caches/com.apple.desktop.admin.png /System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.updateEFIDesktopPicture\",\"name\":\"com.apple.updateEFIDesktopPicture.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.updateEFIDesktopPicture.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/kextcache -u /\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/Library/Caches/.com.apple.updateEFIResources /Library/Caches/com.apple.desktop.admin.png /System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.updateEFIDesktopPicture.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/kextcache -u /", - "watch_paths": "/Library/Caches/.com.apple.updateEFIResources /Library/Caches/com.apple.desktop.admin.png /System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources", + "label": "com.apple.updateEFIDesktopPicture", "name": "com.apple.updateEFIDesktopPicture.plist", "path": "/System/Library/LaunchDaemons/com.apple.updateEFIDesktopPicture.plist", - "label": "com.apple.updateEFIDesktopPicture" + "program_arguments": "/usr/sbin/kextcache -u /", + "watch_paths": "/Library/Caches/.com.apple.updateEFIResources /Library/Caches/com.apple.desktop.admin.png /System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.updateEFIDesktopPicture\",\"name\":\"com.apple.updateEFIDesktopPicture.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.updateEFIDesktopPicture.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/kextcache -u /\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/Library/Caches/.com.apple.updateEFIResources /Library/Caches/com.apple.desktop.admin.png /System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.usbd\",\"name\":\"com.apple.usbd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.usbd.plist\",\"process_type\":\"Background\",\"program\":\"/usr/libexec/usbd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.usbd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.usbd", "name": "com.apple.usbd.plist", "path": "/System/Library/LaunchDaemons/com.apple.usbd.plist", "process_type": "Background", - "label": "com.apple.usbd", "program": "/usr/libexec/usbd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.usbd\",\"name\":\"com.apple.usbd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.usbd.plist\",\"process_type\":\"Background\",\"program\":\"/usr/libexec/usbd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_usbmuxd\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.usbmuxd\",\"name\":\"com.apple.usbmuxd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.usbmuxd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/usbmuxd -launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_usbmuxd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.usbmuxd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/usbmuxd -launchd", + "groupname": "_usbmuxd", + "keep_alive": "1", + "label": "com.apple.usbmuxd", + "name": "com.apple.usbmuxd.plist", "path": "/System/Library/LaunchDaemons/com.apple.usbmuxd.plist", + "program_arguments": "/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/usbmuxd -launchd", "run_at_load": "1", - "name": "com.apple.usbmuxd.plist", - "label": "com.apple.usbmuxd", - "keep_alive": "1", - "groupname": "_usbmuxd", "username": "_usbmuxd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"_usbmuxd\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.usbmuxd\",\"name\":\"com.apple.usbmuxd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.usbmuxd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/usbmuxd -launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_usbmuxd\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.uucp\",\"name\":\"com.apple.uucp.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.uucp.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/uucico -l -D\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.uucp.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/uucico -l -D", + "disabled": "1", + "label": "com.apple.uucp", "name": "com.apple.uucp.plist", "path": "/System/Library/LaunchDaemons/com.apple.uucp.plist", - "disabled": "1", - "label": "com.apple.uucp" + "program_arguments": "/usr/sbin/uucico -l -D" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.uucp\",\"name\":\"com.apple.uucp.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.uucp.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/uucico -l -D\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.var-db-dslocal-backup\",\"name\":\"com.apple.var-db-dslocal-backup.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.var-db-dslocal-backup.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/bin/xar -c -f dslocal-backup.xar dslocal\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/var/db\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.var-db-dslocal-backup.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/bin/xar -c -f dslocal-backup.xar dslocal", + "label": "com.apple.var-db-dslocal-backup", "name": "com.apple.var-db-dslocal-backup.plist", "path": "/System/Library/LaunchDaemons/com.apple.var-db-dslocal-backup.plist", - "working_directory": "/var/db", - "label": "com.apple.var-db-dslocal-backup" + "program_arguments": "/usr/bin/xar -c -f dslocal-backup.xar dslocal", + "working_directory": "/var/db" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, - "related": { - "user": [ - "tsg" - ], + "related": { "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.var-db-dslocal-backup\",\"name\":\"com.apple.var-db-dslocal-backup.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.var-db-dslocal-backup.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/bin/xar -c -f dslocal-backup.xar dslocal\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/var/db\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.vsdbutil\",\"name\":\"com.apple.vsdbutil.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.vsdbutil.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/vsdbutil -i\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.vsdbutil.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/vsdbutil -i", + "label": "com.apple.vsdbutil", "name": "com.apple.vsdbutil.plist", "path": "/System/Library/LaunchDaemons/com.apple.vsdbutil.plist", - "label": "com.apple.vsdbutil" + "program_arguments": "/usr/sbin/vsdbutil -i" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.vsdbutil\",\"name\":\"com.apple.vsdbutil.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.vsdbutil.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/vsdbutil -i\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.warmd\",\"name\":\"com.apple.warmd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.warmd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/warmd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.warmd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/warmd", + "label": "com.apple.warmd", "name": "com.apple.warmd.plist", "path": "/System/Library/LaunchDaemons/com.apple.warmd.plist", - "label": "com.apple.warmd", + "program_arguments": "/usr/libexec/warmd", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.warmd\",\"name\":\"com.apple.warmd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.warmd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/warmd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.watchdogd\",\"name\":\"com.apple.watchdogd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.watchdogd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/watchdogd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.watchdogd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/watchdogd", + "label": "com.apple.watchdogd", "name": "com.apple.watchdogd.plist", "path": "/System/Library/LaunchDaemons/com.apple.watchdogd.plist", - "label": "com.apple.watchdogd" + "program_arguments": "/usr/libexec/watchdogd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.watchdogd\",\"name\":\"com.apple.watchdogd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.watchdogd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/watchdogd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wifiFirmwareLoader\",\"name\":\"com.apple.wifiFirmwareLoader.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.wifiFirmwareLoader.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/wifiFirmwareLoader\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.wifiFirmwareLoader.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/wifiFirmwareLoader", + "label": "com.apple.wifiFirmwareLoader", "name": "com.apple.wifiFirmwareLoader.plist", "path": "/System/Library/LaunchDaemons/com.apple.wifiFirmwareLoader.plist", - "label": "com.apple.wifiFirmwareLoader", + "program_arguments": "/usr/libexec/wifiFirmwareLoader", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wifiFirmwareLoader\",\"name\":\"com.apple.wifiFirmwareLoader.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.wifiFirmwareLoader.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/wifiFirmwareLoader\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wifid\",\"name\":\"com.apple.wifid.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.wifid.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/wifid\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.wifid.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.wifid", "name": "com.apple.wifid.plist", "path": "/System/Library/LaunchDaemons/com.apple.wifid.plist", - "label": "com.apple.wifid", "program": "/usr/libexec/wifid", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wifid\",\"name\":\"com.apple.wifid.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.wifid.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/wifid\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wifivelocityd\",\"name\":\"com.apple.wifivelocityd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.wifivelocityd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/wifivelocityd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.wifivelocityd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.wifivelocityd", "name": "com.apple.wifivelocityd.plist", "path": "/System/Library/LaunchDaemons/com.apple.wifivelocityd.plist", - "label": "com.apple.wifivelocityd", "program": "/usr/libexec/wifivelocityd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wifivelocityd\",\"name\":\"com.apple.wifivelocityd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.wifivelocityd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/wifivelocityd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wirelessproxd\",\"name\":\"com.apple.wirelessproxd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.wirelessproxd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/wirelessproxd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.wirelessproxd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/wirelessproxd", + "label": "com.apple.wirelessproxd", "name": "com.apple.wirelessproxd.plist", "path": "/System/Library/LaunchDaemons/com.apple.wirelessproxd.plist", - "label": "com.apple.wirelessproxd" + "program_arguments": "/usr/sbin/wirelessproxd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wirelessproxd\",\"name\":\"com.apple.wirelessproxd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.wirelessproxd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/wirelessproxd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wwand\",\"name\":\"com.apple.wwand.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.wwand.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Extensions/IOSerialFamily.kext/Contents/PlugIns/AppleWWANSupport.kext/Contents/Resources/wwand\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.wwand.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.wwand", "name": "com.apple.wwand.plist", "path": "/System/Library/LaunchDaemons/com.apple.wwand.plist", - "label": "com.apple.wwand", "program": "/System/Library/Extensions/IOSerialFamily.kext/Contents/PlugIns/AppleWWANSupport.kext/Contents/Resources/wwand" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wwand\",\"name\":\"com.apple.wwand.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.wwand.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Extensions/IOSerialFamily.kext/Contents/PlugIns/AppleWWANSupport.kext/Contents/Resources/wwand\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xartstorageremoted\",\"name\":\"com.apple.xartstorageremoted.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xartstorageremoted.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/libexec/xartstorageremoted\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.xartstorageremoted.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.xartstorageremoted", "name": "com.apple.xartstorageremoted.plist", "path": "/System/Library/LaunchDaemons/com.apple.xartstorageremoted.plist", "process_type": "Interactive", - "label": "com.apple.xartstorageremoted", "program": "/usr/libexec/xartstorageremoted" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xartstorageremoted\",\"name\":\"com.apple.xartstorageremoted.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xartstorageremoted.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/libexec/xartstorageremoted\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xpc.roleaccountd\",\"name\":\"com.apple.xpc.roleaccountd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xpc.roleaccountd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/xpcroleaccountd -launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.xpc.roleaccountd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/xpcroleaccountd -launchd", + "label": "com.apple.xpc.roleaccountd", "name": "com.apple.xpc.roleaccountd.plist", "path": "/System/Library/LaunchDaemons/com.apple.xpc.roleaccountd.plist", - "label": "com.apple.xpc.roleaccountd" + "program_arguments": "/usr/libexec/xpcroleaccountd -launchd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xpc.roleaccountd\",\"name\":\"com.apple.xpc.roleaccountd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xpc.roleaccountd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/xpcroleaccountd -launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xpc.smd\",\"name\":\"com.apple.xpc.smd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xpc.smd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/smd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.xpc.smd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.xpc.smd", "name": "com.apple.xpc.smd.plist", "path": "/System/Library/LaunchDaemons/com.apple.xpc.smd.plist", "process_type": "Adaptive", - "label": "com.apple.xpc.smd", "program": "/usr/libexec/smd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xpc.smd\",\"name\":\"com.apple.xpc.smd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xpc.smd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/smd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xpc.uscwoap\",\"name\":\"com.apple.xpc.uscwoap.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xpc.uscwoap.plist\",\"process_type\":\"Interactive\",\"program\":\"/bin/bash\",\"program_arguments\":\"bash -sh\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/console\",\"stdout_path\":\"/dev/console\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.xpc.uscwoap.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "bash -sh", - "path": "/System/Library/LaunchDaemons/com.apple.xpc.uscwoap.plist", - "stderr_path": "/dev/console", - "stdout_path": "/dev/console", + "label": "com.apple.xpc.uscwoap", "name": "com.apple.xpc.uscwoap.plist", + "path": "/System/Library/LaunchDaemons/com.apple.xpc.uscwoap.plist", "process_type": "Interactive", - "label": "com.apple.xpc.uscwoap", - "program": "/bin/bash" + "program": "/bin/bash", + "program_arguments": "bash -sh", + "stderr_path": "/dev/console", + "stdout_path": "/dev/console" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xpc.uscwoap\",\"name\":\"com.apple.xpc.uscwoap.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xpc.uscwoap.plist\",\"process_type\":\"Interactive\",\"program\":\"/bin/bash\",\"program_arguments\":\"bash -sh\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/console\",\"stdout_path\":\"/dev/console\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.xsan\",\"name\":\"com.apple.xsan.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xsan.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Filesystems/acfs.fs/Contents/bin/xsand\",\"program_arguments\":\"xsand\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.xsan.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "xsand", - "path": "/System/Library/LaunchDaemons/com.apple.xsan.plist", - "name": "com.apple.xsan.plist", "disabled": "1", + "keep_alive": "1", "label": "com.apple.xsan", + "name": "com.apple.xsan.plist", + "path": "/System/Library/LaunchDaemons/com.apple.xsan.plist", "program": "/System/Library/Filesystems/acfs.fs/Contents/bin/xsand", - "keep_alive": "1" + "program_arguments": "xsand" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.xsan\",\"name\":\"com.apple.xsan.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xsan.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Filesystems/acfs.fs/Contents/bin/xsand\",\"program_arguments\":\"xsand\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xsandaily\",\"name\":\"com.apple.xsandaily.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xsandaily.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Filesystems/acfs.fs/Contents/bin/xsandaily\",\"program_arguments\":\"xsandaily\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.xsandaily.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "xsandaily", - "name": "com.apple.xsandaily.plist", - "path": "/System/Library/LaunchDaemons/com.apple.xsandaily.plist", "disabled": "1", "label": "com.apple.xsandaily", - "program": "/System/Library/Filesystems/acfs.fs/Contents/bin/xsandaily" + "name": "com.apple.xsandaily.plist", + "path": "/System/Library/LaunchDaemons/com.apple.xsandaily.plist", + "program": "/System/Library/Filesystems/acfs.fs/Contents/bin/xsandaily", + "program_arguments": "xsandaily" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xsandaily\",\"name\":\"com.apple.xsandaily.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xsandaily.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Filesystems/acfs.fs/Contents/bin/xsandaily\",\"program_arguments\":\"xsandaily\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xscertadmin\",\"name\":\"com.apple.xscertadmin.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xscertadmin.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/xscertadmin update\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"3600\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.xscertadmin.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/xscertadmin update", - "name": "com.apple.xscertadmin.plist", - "path": "/System/Library/LaunchDaemons/com.apple.xscertadmin.plist", "disabled": "1", "label": "com.apple.xscertadmin", + "name": "com.apple.xscertadmin.plist", + "path": "/System/Library/LaunchDaemons/com.apple.xscertadmin.plist", + "program_arguments": "/usr/sbin/xscertadmin update", "start_interval": "3600" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xscertadmin\",\"name\":\"com.apple.xscertadmin.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xscertadmin.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/xscertadmin update\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"3600\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xscertd-helper\",\"name\":\"com.apple.xscertd-helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xscertd-helper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/xscertd-helper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.xscertd-helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/xscertd-helper", + "disabled": "1", + "label": "com.apple.xscertd-helper", "name": "com.apple.xscertd-helper.plist", "path": "/System/Library/LaunchDaemons/com.apple.xscertd-helper.plist", - "disabled": "1", - "label": "com.apple.xscertd-helper" + "program_arguments": "/usr/libexec/xscertd-helper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xscertd-helper\",\"name\":\"com.apple.xscertd-helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xscertd-helper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/xscertd-helper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xscertd\",\"name\":\"com.apple.xscertd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xscertd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/xscertd\",\"program_arguments\":\"/usr/libexec/xscertd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_ces\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.apple.xscertd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/xscertd", - "path": "/System/Library/LaunchDaemons/com.apple.xscertd.plist", - "name": "com.apple.xscertd.plist", "disabled": "1", "label": "com.apple.xscertd", + "name": "com.apple.xscertd.plist", + "path": "/System/Library/LaunchDaemons/com.apple.xscertd.plist", "program": "/usr/libexec/xscertd", + "program_arguments": "/usr/libexec/xscertd", "username": "_ces" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xscertd\",\"name\":\"com.apple.xscertd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.apple.xscertd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/xscertd\",\"program_arguments\":\"/usr/libexec/xscertd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_ces\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.vix.cron\",\"name\":\"com.vix.cron.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.vix.cron.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/cron\",\"queue_directories\":\"/usr/lib/cron/tabs\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/com.vix.cron.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/cron", + "label": "com.vix.cron", "name": "com.vix.cron.plist", "path": "/System/Library/LaunchDaemons/com.vix.cron.plist", - "label": "com.vix.cron", + "program_arguments": "/usr/sbin/cron", "queue_directories": "/usr/lib/cron/tabs" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.vix.cron\",\"name\":\"com.vix.cron.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/com.vix.cron.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/cron\",\"queue_directories\":\"/usr/lib/cron/tabs\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ntalkd\",\"name\":\"ntalk.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/ntalk.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/ntalkd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/ntalk.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/ntalkd", + "disabled": "1", + "label": "com.apple.ntalkd", "name": "ntalk.plist", "path": "/System/Library/LaunchDaemons/ntalk.plist", - "disabled": "1", - "label": "com.apple.ntalkd" + "program_arguments": "/usr/libexec/ntalkd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ntalkd\",\"name\":\"ntalk.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/ntalk.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/ntalkd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.apache.httpd\",\"name\":\"org.apache.httpd.plist\",\"on_demand\":\"0\",\"path\":\"/System/Library/LaunchDaemons/org.apache.httpd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/httpd-wrapper -D FOREGROUND\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/org.apache.httpd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/httpd-wrapper -D FOREGROUND", - "name": "org.apache.httpd.plist", - "path": "/System/Library/LaunchDaemons/org.apache.httpd.plist", "disabled": "1", "label": "org.apache.httpd", - "on_demand": "0" + "name": "org.apache.httpd.plist", + "on_demand": "0", + "path": "/System/Library/LaunchDaemons/org.apache.httpd.plist", + "program_arguments": "/usr/sbin/httpd-wrapper -D FOREGROUND" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.apache.httpd\",\"name\":\"org.apache.httpd.plist\",\"on_demand\":\"0\",\"path\":\"/System/Library/LaunchDaemons/org.apache.httpd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/httpd-wrapper -D FOREGROUND\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.cups.cups-lpd\",\"name\":\"org.cups.cups-lpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/org.cups.cups-lpd.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/cups/daemon/cups-lpd -o document-format=application/octet-stream\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_lp\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/org.cups.cups-lpd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/cups/daemon/cups-lpd -o document-format=application/octet-stream", - "path": "/System/Library/LaunchDaemons/org.cups.cups-lpd.plist", - "name": "org.cups.cups-lpd.plist", "disabled": "1", - "process_type": "Background", "label": "org.cups.cups-lpd", + "name": "org.cups.cups-lpd.plist", + "path": "/System/Library/LaunchDaemons/org.cups.cups-lpd.plist", + "process_type": "Background", + "program_arguments": "/usr/libexec/cups/daemon/cups-lpd -o document-format=application/octet-stream", "username": "_lp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.cups.cups-lpd\",\"name\":\"org.cups.cups-lpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/org.cups.cups-lpd.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/cups/daemon/cups-lpd -o document-format=application/octet-stream\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"_lp\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.cups.cupsd\",\"name\":\"org.cups.cupsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/org.cups.cupsd.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/cupsd -l\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/org.cups.cupsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/cupsd -l", + "label": "org.cups.cupsd", "name": "org.cups.cupsd.plist", "path": "/System/Library/LaunchDaemons/org.cups.cupsd.plist", "process_type": "Background", - "label": "org.cups.cupsd" + "program_arguments": "/usr/sbin/cupsd -l" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.cups.cupsd\",\"name\":\"org.cups.cupsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/org.cups.cupsd.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/cupsd -l\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"org.net-snmp.snmpd\",\"name\":\"org.net-snmp.snmpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/org.net-snmp.snmpd.plist\",\"process_type\":\"Background\",\"program\":\"/usr/sbin/snmpd\",\"program_arguments\":\"snmpd -f\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/org.net-snmp.snmpd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "snmpd -f", - "path": "/System/Library/LaunchDaemons/org.net-snmp.snmpd.plist", - "name": "org.net-snmp.snmpd.plist", "disabled": "1", - "process_type": "Background", + "keep_alive": "1", "label": "org.net-snmp.snmpd", + "name": "org.net-snmp.snmpd.plist", + "path": "/System/Library/LaunchDaemons/org.net-snmp.snmpd.plist", + "process_type": "Background", "program": "/usr/sbin/snmpd", - "keep_alive": "1" + "program_arguments": "snmpd -f" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"org.net-snmp.snmpd\",\"name\":\"org.net-snmp.snmpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/org.net-snmp.snmpd.plist\",\"process_type\":\"Background\",\"program\":\"/usr/sbin/snmpd\",\"program_arguments\":\"snmpd -f\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.ntp.ntpd-legacy\",\"name\":\"org.ntp.ntpd-legacy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/org.ntp.ntpd-legacy.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/ntpd-wrapper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/org.ntp.ntpd-legacy.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/ntpd-wrapper", + "disabled": "1", + "label": "org.ntp.ntpd-legacy", "name": "org.ntp.ntpd-legacy.plist", "path": "/System/Library/LaunchDaemons/org.ntp.ntpd-legacy.plist", - "disabled": "1", - "label": "org.ntp.ntpd-legacy" + "program_arguments": "/usr/libexec/ntpd-wrapper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.ntp.ntpd-legacy\",\"name\":\"org.ntp.ntpd-legacy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/org.ntp.ntpd-legacy.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/ntpd-wrapper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.openldap.slapd\",\"name\":\"org.openldap.slapd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/org.openldap.slapd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/slapd\",\"program_arguments\":\"/usr/libexec/slapd -d 0 -h ldap:/// ldapi://%2Fvar%2Frun%2Fldapi\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/org.openldap.slapd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/slapd -d 0 -h ldap:/// ldapi://%2Fvar%2Frun%2Fldapi", - "name": "org.openldap.slapd.plist", - "path": "/System/Library/LaunchDaemons/org.openldap.slapd.plist", "disabled": "1", "label": "org.openldap.slapd", - "program": "/usr/libexec/slapd" + "name": "org.openldap.slapd.plist", + "path": "/System/Library/LaunchDaemons/org.openldap.slapd.plist", + "program": "/usr/libexec/slapd", + "program_arguments": "/usr/libexec/slapd -d 0 -h ldap:/// ldapi://%2Fvar%2Frun%2Fldapi" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.openldap.slapd\",\"name\":\"org.openldap.slapd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/org.openldap.slapd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/slapd\",\"program_arguments\":\"/usr/libexec/slapd -d 0 -h ldap:/// ldapi://%2Fvar%2Frun%2Fldapi\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.openssh.sshd\",\"name\":\"ssh.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/ssh.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/sshd-keygen-wrapper\",\"program_arguments\":\"/usr/sbin/sshd -i\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/null\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/ssh.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/sshd -i", - "path": "/System/Library/LaunchDaemons/ssh.plist", - "stderr_path": "/dev/null", - "name": "ssh.plist", "disabled": "1", "label": "com.openssh.sshd", - "program": "/usr/libexec/sshd-keygen-wrapper" + "name": "ssh.plist", + "path": "/System/Library/LaunchDaemons/ssh.plist", + "program": "/usr/libexec/sshd-keygen-wrapper", + "program_arguments": "/usr/sbin/sshd -i", + "stderr_path": "/dev/null" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.openssh.sshd\",\"name\":\"ssh.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/ssh.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/sshd-keygen-wrapper\",\"program_arguments\":\"/usr/sbin/sshd -i\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/null\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tftpd\",\"name\":\"tftp.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/tftp.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/tftpd -i /private/tftpboot\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchDaemons/tftp.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/tftpd -i /private/tftpboot", + "disabled": "1", + "label": "com.apple.tftpd", "name": "tftp.plist", "path": "/System/Library/LaunchDaemons/tftp.plist", - "disabled": "1", - "label": "com.apple.tftpd" + "program_arguments": "/usr/libexec/tftpd -i /private/tftpboot" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tftpd\",\"name\":\"tftp.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchDaemons/tftp.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/tftpd -i /private/tftpboot\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installer.cleanupinstaller\",\"name\":\"com.apple.installer.cleanupinstaller.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/com.apple.installer.cleanupinstaller.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/macOS Install Data/Locked Files/cleanup_installer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchDaemons/com.apple.installer.cleanupinstaller.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/macOS Install Data/Locked Files/cleanup_installer", + "label": "com.apple.installer.cleanupinstaller", "name": "com.apple.installer.cleanupinstaller.plist", "path": "/Library/LaunchDaemons/com.apple.installer.cleanupinstaller.plist", - "label": "com.apple.installer.cleanupinstaller", + "program_arguments": "/macOS Install Data/Locked Files/cleanup_installer", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installer.cleanupinstaller\",\"name\":\"com.apple.installer.cleanupinstaller.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/com.apple.installer.cleanupinstaller.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/macOS Install Data/Locked Files/cleanup_installer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.docker.vmnetd\",\"name\":\"com.docker.vmnetd.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/com.docker.vmnetd.plist\",\"process_type\":\"\",\"program\":\"/Library/PrivilegedHelperTools/com.docker.vmnetd\",\"program_arguments\":\"/Library/PrivilegedHelperTools/com.docker.vmnetd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchDaemons/com.docker.vmnetd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Library/PrivilegedHelperTools/com.docker.vmnetd", + "label": "com.docker.vmnetd", "name": "com.docker.vmnetd.plist", "path": "/Library/LaunchDaemons/com.docker.vmnetd.plist", - "label": "com.docker.vmnetd", "program": "/Library/PrivilegedHelperTools/com.docker.vmnetd", + "program_arguments": "/Library/PrivilegedHelperTools/com.docker.vmnetd", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.docker.vmnetd\",\"name\":\"com.docker.vmnetd.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/com.docker.vmnetd.plist\",\"process_type\":\"\",\"program\":\"/Library/PrivilegedHelperTools/com.docker.vmnetd\",\"program_arguments\":\"/Library/PrivilegedHelperTools/com.docker.vmnetd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.oracle.java.Helper-Tool\",\"name\":\"com.oracle.java.Helper-Tool.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Java-Updater.plist\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool", - "watch_paths": "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Java-Updater.plist", + "label": "com.oracle.java.Helper-Tool", "name": "com.oracle.java.Helper-Tool.plist", "path": "/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist", - "label": "com.oracle.java.Helper-Tool" + "program_arguments": "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool", + "watch_paths": "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Java-Updater.plist" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.oracle.java.Helper-Tool\",\"name\":\"com.oracle.java.Helper-Tool.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Java-Updater.plist\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"keybase.Helper\",\"name\":\"keybase.Helper.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/keybase.Helper.plist\",\"process_type\":\"\",\"program\":\"/Library/PrivilegedHelperTools/keybase.Helper\",\"program_arguments\":\"/Library/PrivilegedHelperTools/keybase.Helper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchDaemons/keybase.Helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Library/PrivilegedHelperTools/keybase.Helper", + "label": "keybase.Helper", "name": "keybase.Helper.plist", "path": "/Library/LaunchDaemons/keybase.Helper.plist", - "label": "keybase.Helper", - "program": "/Library/PrivilegedHelperTools/keybase.Helper" + "program": "/Library/PrivilegedHelperTools/keybase.Helper", + "program_arguments": "/Library/PrivilegedHelperTools/keybase.Helper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"keybase.Helper\",\"name\":\"keybase.Helper.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/keybase.Helper.plist\",\"process_type\":\"\",\"program\":\"/Library/PrivilegedHelperTools/keybase.Helper\",\"program_arguments\":\"/Library/PrivilegedHelperTools/keybase.Helper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.eyebeam.SelfControl\",\"name\":\"org.eyebeam.SelfControl.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/org.eyebeam.SelfControl.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/PrivilegedHelperTools/org.eyebeam.SelfControl 501 --checkup\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"15\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchDaemons/org.eyebeam.SelfControl.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Library/PrivilegedHelperTools/org.eyebeam.SelfControl 501 --checkup", - "name": "org.eyebeam.SelfControl.plist", - "path": "/Library/LaunchDaemons/org.eyebeam.SelfControl.plist", "disabled": "1", "label": "org.eyebeam.SelfControl", + "name": "org.eyebeam.SelfControl.plist", + "path": "/Library/LaunchDaemons/org.eyebeam.SelfControl.plist", + "program_arguments": "/Library/PrivilegedHelperTools/org.eyebeam.SelfControl 501 --checkup", "start_interval": "15" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.eyebeam.SelfControl\",\"name\":\"org.eyebeam.SelfControl.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/org.eyebeam.SelfControl.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/PrivilegedHelperTools/org.eyebeam.SelfControl 501 --checkup\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"15\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.gpgmail.uuid-patcher\",\"name\":\"org.gpgtools.gpgmail.patch-uuid.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/org.gpgtools.gpgmail.patch-uuid.plist\",\"process_type\":\"\",\"program\":\"/Library/Application Support/GPGTools/uuid-patcher\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchDaemons/org.gpgtools.gpgmail.patch-uuid.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "0", + "label": "org.gpgtools.gpgmail.uuid-patcher", "name": "org.gpgtools.gpgmail.patch-uuid.plist", "path": "/Library/LaunchDaemons/org.gpgtools.gpgmail.patch-uuid.plist", - "label": "org.gpgtools.gpgmail.uuid-patcher", "program": "/Library/Application Support/GPGTools/uuid-patcher", - "keep_alive": "0", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.gpgmail.uuid-patcher\",\"name\":\"org.gpgtools.gpgmail.patch-uuid.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/org.gpgtools.gpgmail.patch-uuid.plist\",\"process_type\":\"\",\"program\":\"/Library/Application Support/GPGTools/uuid-patcher\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.virtualbox.startup\",\"name\":\"org.virtualbox.startup.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/org.virtualbox.startup.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Application Support/VirtualBox/LaunchDaemons/VirtualBoxStartup.sh restart\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchDaemons/org.virtualbox.startup.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Library/Application Support/VirtualBox/LaunchDaemons/VirtualBoxStartup.sh restart", - "path": "/Library/LaunchDaemons/org.virtualbox.startup.plist", - "run_at_load": "1", - "name": "org.virtualbox.startup.plist", "disabled": "0", + "keep_alive": "0", "label": "org.virtualbox.startup", - "keep_alive": "0" + "name": "org.virtualbox.startup.plist", + "path": "/Library/LaunchDaemons/org.virtualbox.startup.plist", + "program_arguments": "/Library/Application Support/VirtualBox/LaunchDaemons/VirtualBoxStartup.sh restart", + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.virtualbox.startup\",\"name\":\"org.virtualbox.startup.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchDaemons/org.virtualbox.startup.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Application Support/VirtualBox/LaunchDaemons/VirtualBoxStartup.sh restart\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AOSHeartbeat\",\"name\":\"com.apple.AOSHeartbeat.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AOSHeartbeat.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/AOSKit.framework/Helpers/AOSHeartbeat.app/Contents/MacOS/AOSHeartbeat\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AOSHeartbeat.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.AOSHeartbeat", "name": "com.apple.AOSHeartbeat.plist", "path": "/System/Library/LaunchAgents/com.apple.AOSHeartbeat.plist", - "label": "com.apple.AOSHeartbeat", "program": "/System/Library/PrivateFrameworks/AOSKit.framework/Helpers/AOSHeartbeat.app/Contents/MacOS/AOSHeartbeat" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AOSHeartbeat\",\"name\":\"com.apple.AOSHeartbeat.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AOSHeartbeat.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/AOSKit.framework/Helpers/AOSHeartbeat.app/Contents/MacOS/AOSHeartbeat\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AOSPushRelay\",\"name\":\"com.apple.AOSPushRelay.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AOSPushRelay.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/AOSKit.framework/Helpers/AOSPushRelay.app/Contents/MacOS/AOSPushRelay\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AOSPushRelay.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.AOSPushRelay", "name": "com.apple.AOSPushRelay.plist", "path": "/System/Library/LaunchAgents/com.apple.AOSPushRelay.plist", - "label": "com.apple.AOSPushRelay", "program": "/System/Library/PrivateFrameworks/AOSKit.framework/Helpers/AOSPushRelay.app/Contents/MacOS/AOSPushRelay" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AOSPushRelay\",\"name\":\"com.apple.AOSPushRelay.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AOSPushRelay.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/AOSKit.framework/Helpers/AOSPushRelay.app/Contents/MacOS/AOSPushRelay\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AccessibilityVisualsAgent\",\"name\":\"com.apple.AccessibilityVisualsAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AccessibilityVisualsAgent.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app/Contents/MacOS/AccessibilityVisualsAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AccessibilityVisualsAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app/Contents/MacOS/AccessibilityVisualsAgent", + "label": "com.apple.AccessibilityVisualsAgent", "name": "com.apple.AccessibilityVisualsAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.AccessibilityVisualsAgent.plist", "process_type": "Adaptive", - "label": "com.apple.AccessibilityVisualsAgent" + "program_arguments": "/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app/Contents/MacOS/AccessibilityVisualsAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AccessibilityVisualsAgent\",\"name\":\"com.apple.AccessibilityVisualsAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AccessibilityVisualsAgent.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app/Contents/MacOS/AccessibilityVisualsAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AddressBook.AssistantService\",\"name\":\"com.apple.AddressBook.AssistantService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AddressBook.AssistantService.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/ABAssistantService.app/Contents/MacOS/ABAssistantService\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AddressBook.AssistantService.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/ABAssistantService.app/Contents/MacOS/ABAssistantService", + "label": "com.apple.AddressBook.AssistantService", "name": "com.apple.AddressBook.AssistantService.plist", "path": "/System/Library/LaunchAgents/com.apple.AddressBook.AssistantService.plist", - "label": "com.apple.AddressBook.AssistantService" + "program_arguments": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/ABAssistantService.app/Contents/MacOS/ABAssistantService" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AddressBook.AssistantService\",\"name\":\"com.apple.AddressBook.AssistantService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AddressBook.AssistantService.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/ABAssistantService.app/Contents/MacOS/ABAssistantService\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AddressBook.ContactsAccountsService\",\"name\":\"com.apple.AddressBook.ContactsAccountsService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AddressBook.ContactsAccountsService.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AddressBook.ContactsAccountsService.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.AddressBook.ContactsAccountsService", "name": "com.apple.AddressBook.ContactsAccountsService.plist", "path": "/System/Library/LaunchAgents/com.apple.AddressBook.ContactsAccountsService.plist", - "label": "com.apple.AddressBook.ContactsAccountsService", "program": "/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AddressBook.ContactsAccountsService\",\"name\":\"com.apple.AddressBook.ContactsAccountsService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AddressBook.ContactsAccountsService.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AddressBook.SourceSync\",\"name\":\"com.apple.AddressBook.SourceSync.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AddressBook.SourceSync.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app/Contents/MacOS/AddressBookSourceSync\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AddressBook.SourceSync.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app/Contents/MacOS/AddressBookSourceSync", + "label": "com.apple.AddressBook.SourceSync", "name": "com.apple.AddressBook.SourceSync.plist", "path": "/System/Library/LaunchAgents/com.apple.AddressBook.SourceSync.plist", - "label": "com.apple.AddressBook.SourceSync" + "program_arguments": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app/Contents/MacOS/AddressBookSourceSync" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AddressBook.SourceSync\",\"name\":\"com.apple.AddressBook.SourceSync.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AddressBook.SourceSync.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app/Contents/MacOS/AddressBookSourceSync\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AddressBook.abd\",\"name\":\"com.apple.AddressBook.abd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AddressBook.abd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookManager.app/Contents/MacOS/AddressBookManager\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AddressBook.abd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookManager.app/Contents/MacOS/AddressBookManager", + "label": "com.apple.AddressBook.abd", "name": "com.apple.AddressBook.abd.plist", "path": "/System/Library/LaunchAgents/com.apple.AddressBook.abd.plist", - "label": "com.apple.AddressBook.abd" + "program_arguments": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookManager.app/Contents/MacOS/AddressBookManager" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AddressBook.abd\",\"name\":\"com.apple.AddressBook.abd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AddressBook.abd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookManager.app/Contents/MacOS/AddressBookManager\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.AirPlayUIAgent\",\"name\":\"com.apple.AirPlayUIAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AirPlayUIAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/AirPlayUIAgent.app/Contents/MacOS/AirPlayUIAgent --launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AirPlayUIAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/AirPlayUIAgent.app/Contents/MacOS/AirPlayUIAgent --launchd", + "keep_alive": "1", + "label": "com.apple.AirPlayUIAgent", "name": "com.apple.AirPlayUIAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.AirPlayUIAgent.plist", - "label": "com.apple.AirPlayUIAgent", - "keep_alive": "1", + "program_arguments": "/System/Library/CoreServices/AirPlayUIAgent.app/Contents/MacOS/AirPlayUIAgent --launchd", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.AirPlayUIAgent\",\"name\":\"com.apple.AirPlayUIAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AirPlayUIAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/AirPlayUIAgent.app/Contents/MacOS/AirPlayUIAgent --launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AirPortBaseStationAgent\",\"name\":\"com.apple.AirPortBaseStationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AirPortBaseStationAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agent --launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AirPortBaseStationAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agent --launchd", + "label": "com.apple.AirPortBaseStationAgent", "name": "com.apple.AirPortBaseStationAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.AirPortBaseStationAgent.plist", - "label": "com.apple.AirPortBaseStationAgent" + "program_arguments": "/System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agent --launchd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AirPortBaseStationAgent\",\"name\":\"com.apple.AirPortBaseStationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AirPortBaseStationAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agent --launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AppleGraphicsWarning\",\"name\":\"com.apple.AppleGraphicsWarning.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AppleGraphicsWarning.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/AppleGraphicsWarning.app/Contents/MacOS/AppleGraphicsWarning\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AppleGraphicsWarning.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/AppleGraphicsWarning.app/Contents/MacOS/AppleGraphicsWarning", + "label": "com.apple.AppleGraphicsWarning", "name": "com.apple.AppleGraphicsWarning.plist", "path": "/System/Library/LaunchAgents/com.apple.AppleGraphicsWarning.plist", - "label": "com.apple.AppleGraphicsWarning" + "program_arguments": "/System/Library/CoreServices/AppleGraphicsWarning.app/Contents/MacOS/AppleGraphicsWarning" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AppleGraphicsWarning\",\"name\":\"com.apple.AppleGraphicsWarning.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AppleGraphicsWarning.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/AppleGraphicsWarning.app/Contents/MacOS/AppleGraphicsWarning\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AskPermissionUI\",\"name\":\"com.apple.AskPermissionUI.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AskPermissionUI.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/AskPermissionUI.app/Contents/MacOS/AskPermissionUI\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AskPermissionUI.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.AskPermissionUI", "name": "com.apple.AskPermissionUI.plist", "path": "/System/Library/LaunchAgents/com.apple.AskPermissionUI.plist", - "label": "com.apple.AskPermissionUI", "program": "/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/AskPermissionUI.app/Contents/MacOS/AskPermissionUI" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AskPermissionUI\",\"name\":\"com.apple.AskPermissionUI.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AskPermissionUI.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/AskPermissionUI.app/Contents/MacOS/AskPermissionUI\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCache.agent\",\"name\":\"com.apple.AssetCache.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AssetCache.agent.plist\",\"process_type\":\"Background\",\"program\":\"/usr/libexec/AssetCacheAgent/AssetCacheAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AssetCache.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.AssetCache.agent", "name": "com.apple.AssetCache.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.AssetCache.agent.plist", "process_type": "Background", - "label": "com.apple.AssetCache.agent", "program": "/usr/libexec/AssetCacheAgent/AssetCacheAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCache.agent\",\"name\":\"com.apple.AssetCache.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AssetCache.agent.plist\",\"process_type\":\"Background\",\"program\":\"/usr/libexec/AssetCacheAgent/AssetCacheAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCacheLocatorService\",\"name\":\"com.apple.AssetCacheLocatorService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AssetCacheLocatorService.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService -a\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:51.000Z", "file": { "path": "/System/Library/LaunchAgents/com.apple.AssetCacheLocatorService.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService -a", + "label": "com.apple.AssetCacheLocatorService", "name": "com.apple.AssetCacheLocatorService.plist", "path": "/System/Library/LaunchAgents/com.apple.AssetCacheLocatorService.plist", "process_type": "Adaptive", - "label": "com.apple.AssetCacheLocatorService" + "program_arguments": "/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService -a" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssetCacheLocatorService\",\"name\":\"com.apple.AssetCacheLocatorService.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AssetCacheLocatorService.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService -a\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssistiveControl\",\"name\":\"com.apple.AssistiveControl.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AssistiveControl.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Input Methods/Assistive Control.app/Contents/MacOS/Assistive Control launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.AssistiveControl.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Input Methods/Assistive Control.app/Contents/MacOS/Assistive Control launchd -s", + "label": "com.apple.AssistiveControl", "name": "com.apple.AssistiveControl.plist", "path": "/System/Library/LaunchAgents/com.apple.AssistiveControl.plist", "process_type": "Interactive", - "label": "com.apple.AssistiveControl", + "program_arguments": "/System/Library/Input Methods/Assistive Control.app/Contents/MacOS/Assistive Control launchd -s", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.AssistiveControl\",\"name\":\"com.apple.AssistiveControl.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.AssistiveControl.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Input Methods/Assistive Control.app/Contents/MacOS/Assistive Control launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CalendarAgent\",\"name\":\"com.apple.CalendarAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CalendarAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CalendarAgent.framework/Executables/CalendarAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"900\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.CalendarAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.CalendarAgent", "name": "com.apple.CalendarAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.CalendarAgent.plist", - "label": "com.apple.CalendarAgent", "program": "/System/Library/PrivateFrameworks/CalendarAgent.framework/Executables/CalendarAgent", "run_at_load": "1", "start_interval": "900" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CalendarAgent\",\"name\":\"com.apple.CalendarAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CalendarAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CalendarAgent.framework/Executables/CalendarAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"900\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CallHistoryPluginHelper\",\"name\":\"com.apple.CallHistoryPluginHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CallHistoryPluginHelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistoryPluginHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.CallHistoryPluginHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistoryPluginHelper", + "label": "com.apple.CallHistoryPluginHelper", "name": "com.apple.CallHistoryPluginHelper.plist", "path": "/System/Library/LaunchAgents/com.apple.CallHistoryPluginHelper.plist", - "label": "com.apple.CallHistoryPluginHelper" + "program_arguments": "/System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistoryPluginHelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CallHistoryPluginHelper\",\"name\":\"com.apple.CallHistoryPluginHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CallHistoryPluginHelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistoryPluginHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CallHistorySyncHelper\",\"name\":\"com.apple.CallHistorySyncHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CallHistorySyncHelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistorySyncHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.CallHistorySyncHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistorySyncHelper", + "label": "com.apple.CallHistorySyncHelper", "name": "com.apple.CallHistorySyncHelper.plist", "path": "/System/Library/LaunchAgents/com.apple.CallHistorySyncHelper.plist", - "label": "com.apple.CallHistorySyncHelper" + "program_arguments": "/System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistorySyncHelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CallHistorySyncHelper\",\"name\":\"com.apple.CallHistorySyncHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CallHistorySyncHelper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistorySyncHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CommCenter\",\"name\":\"com.apple.CommCenter-osx.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CommCenter-osx.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter -L\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.CommCenter-osx.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter -L", + "label": "com.apple.CommCenter", "name": "com.apple.CommCenter-osx.plist", "path": "/System/Library/LaunchAgents/com.apple.CommCenter-osx.plist", - "label": "com.apple.CommCenter" + "program_arguments": "/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter -L" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CommCenter\",\"name\":\"com.apple.CommCenter-osx.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CommCenter-osx.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter -L\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ContactsAgent\",\"name\":\"com.apple.ContactsAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ContactsAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/ContactsAgent.framework/Executables/ContactsAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ContactsAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.ContactsAgent", "name": "com.apple.ContactsAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.ContactsAgent.plist", - "label": "com.apple.ContactsAgent", "program": "/System/Library/PrivateFrameworks/ContactsAgent.framework/Executables/ContactsAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ContactsAgent\",\"name\":\"com.apple.ContactsAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ContactsAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/ContactsAgent.framework/Executables/ContactsAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ContainerRepairAgent\",\"name\":\"com.apple.ContainerRepairAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ContainerRepairAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/AppSandbox/ContainerRepairAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ContainerRepairAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.ContainerRepairAgent", "name": "com.apple.ContainerRepairAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.ContainerRepairAgent.plist", - "label": "com.apple.ContainerRepairAgent", "program": "/usr/libexec/AppSandbox/ContainerRepairAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ContainerRepairAgent\",\"name\":\"com.apple.ContainerRepairAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ContainerRepairAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/AppSandbox/ContainerRepairAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CoreAuthentication.agent\",\"name\":\"com.apple.CoreAuthentication.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CoreAuthentication.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.CoreAuthentication.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd", + "label": "com.apple.CoreAuthentication.agent", "name": "com.apple.CoreAuthentication.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.CoreAuthentication.agent.plist", - "label": "com.apple.CoreAuthentication.agent" + "program_arguments": "/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CoreAuthentication.agent\",\"name\":\"com.apple.CoreAuthentication.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CoreAuthentication.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CoreLocationAgent\",\"name\":\"com.apple.CoreLocationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CoreLocationAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.CoreLocationAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent", + "label": "com.apple.CoreLocationAgent", "name": "com.apple.CoreLocationAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.CoreLocationAgent.plist", - "label": "com.apple.CoreLocationAgent" + "program_arguments": "/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CoreLocationAgent\",\"name\":\"com.apple.CoreLocationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CoreLocationAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CoreRAIDAgent\",\"name\":\"com.apple.CoreRAIDAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CoreRAIDAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CoreRAID.framework/Versions/A/Resources/CoreRAIDAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.CoreRAIDAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.CoreRAIDAgent", "name": "com.apple.CoreRAIDAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.CoreRAIDAgent.plist", - "label": "com.apple.CoreRAIDAgent", "program": "/System/Library/PrivateFrameworks/CoreRAID.framework/Versions/A/Resources/CoreRAIDAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CoreRAIDAgent\",\"name\":\"com.apple.CoreRAIDAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CoreRAIDAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CoreRAID.framework/Versions/A/Resources/CoreRAIDAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CryptoTokenKit.ahp.agent\",\"name\":\"com.apple.CryptoTokenKit.ahp.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CryptoTokenKit.ahp.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.CryptoTokenKit.ahp.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp", + "label": "com.apple.CryptoTokenKit.ahp.agent", "name": "com.apple.CryptoTokenKit.ahp.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.CryptoTokenKit.ahp.agent.plist", - "label": "com.apple.CryptoTokenKit.ahp.agent" + "program_arguments": "/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.CryptoTokenKit.ahp.agent\",\"name\":\"com.apple.CryptoTokenKit.ahp.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.CryptoTokenKit.ahp.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DataDetectorsLocalSources\",\"name\":\"com.apple.DataDetectorsLocalSources.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.DataDetectorsLocalSources.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/DataDetectorsLocalSources\",\"program_arguments\":\"/usr/libexec/DataDetectorsLocalSources\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.DataDetectorsLocalSources.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/DataDetectorsLocalSources", + "label": "com.apple.DataDetectorsLocalSources", "name": "com.apple.DataDetectorsLocalSources.plist", "path": "/System/Library/LaunchAgents/com.apple.DataDetectorsLocalSources.plist", - "label": "com.apple.DataDetectorsLocalSources", - "program": "/usr/libexec/DataDetectorsLocalSources" + "program": "/usr/libexec/DataDetectorsLocalSources", + "program_arguments": "/usr/libexec/DataDetectorsLocalSources" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DataDetectorsLocalSources\",\"name\":\"com.apple.DataDetectorsLocalSources.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.DataDetectorsLocalSources.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/DataDetectorsLocalSources\",\"program_arguments\":\"/usr/libexec/DataDetectorsLocalSources\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DiagnosticReportCleanup.plist\",\"name\":\"com.apple.DiagnosticReportCleanup.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.DiagnosticReportCleanup.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/SubmitDiagInfo cleanup\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.DiagnosticReportCleanup.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/SubmitDiagInfo cleanup", + "label": "com.apple.DiagnosticReportCleanup.plist", "name": "com.apple.DiagnosticReportCleanup.plist", "path": "/System/Library/LaunchAgents/com.apple.DiagnosticReportCleanup.plist", "process_type": "Background", - "label": "com.apple.DiagnosticReportCleanup.plist" + "program_arguments": "/System/Library/CoreServices/SubmitDiagInfo cleanup" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DiagnosticReportCleanup.plist\",\"name\":\"com.apple.DiagnosticReportCleanup.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.DiagnosticReportCleanup.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/SubmitDiagInfo cleanup\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DictationIM\",\"name\":\"com.apple.DictationIM.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.DictationIM.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Input Methods/DictationIM.app/Contents/MacOS/DictationIM\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.DictationIM.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Input Methods/DictationIM.app/Contents/MacOS/DictationIM", + "label": "com.apple.DictationIM", "name": "com.apple.DictationIM.plist", "path": "/System/Library/LaunchAgents/com.apple.DictationIM.plist", "process_type": "Interactive", - "label": "com.apple.DictationIM" + "program_arguments": "/System/Library/Input Methods/DictationIM.app/Contents/MacOS/DictationIM" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DictationIM\",\"name\":\"com.apple.DictationIM.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.DictationIM.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Input Methods/DictationIM.app/Contents/MacOS/DictationIM\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DiskArbitrationAgent\",\"name\":\"com.apple.DiskArbitrationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.DiskArbitrationAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/DiskArbitration.framework/Versions/A/Support/DiskArbitrationAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.DiskArbitrationAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.DiskArbitrationAgent", "name": "com.apple.DiskArbitrationAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.DiskArbitrationAgent.plist", - "label": "com.apple.DiskArbitrationAgent", "program": "/System/Library/Frameworks/DiskArbitration.framework/Versions/A/Support/DiskArbitrationAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DiskArbitrationAgent\",\"name\":\"com.apple.DiskArbitrationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.DiskArbitrationAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/DiskArbitration.framework/Versions/A/Support/DiskArbitrationAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Dock.agent\",\"name\":\"com.apple.Dock.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Dock.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Dock.app/Contents/MacOS/Dock\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.Dock.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.Dock.agent", "name": "com.apple.Dock.plist", "path": "/System/Library/LaunchAgents/com.apple.Dock.plist", - "label": "com.apple.Dock.agent", "program": "/System/Library/CoreServices/Dock.app/Contents/MacOS/Dock", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Dock.agent\",\"name\":\"com.apple.Dock.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Dock.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Dock.app/Contents/MacOS/Dock\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DwellControl\",\"name\":\"com.apple.DwellControl.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.DwellControl.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Dwell Control.app/Contents/MacOS/Dwell Control launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.DwellControl.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Dwell Control.app/Contents/MacOS/Dwell Control launchd -s", + "label": "com.apple.DwellControl", "name": "com.apple.DwellControl.plist", "path": "/System/Library/LaunchAgents/com.apple.DwellControl.plist", "process_type": "Interactive", - "label": "com.apple.DwellControl", + "program_arguments": "/System/Library/CoreServices/Dwell Control.app/Contents/MacOS/Dwell Control launchd -s", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.DwellControl\",\"name\":\"com.apple.DwellControl.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.DwellControl.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Dwell Control.app/Contents/MacOS/Dwell Control launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.EscrowSecurityAlert\",\"name\":\"com.apple.EscrowSecurityAlert.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.EscrowSecurityAlert.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/EscrowSecurityAlert.app/Contents/MacOS/EscrowSecurityAlert\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.EscrowSecurityAlert.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/EscrowSecurityAlert.app/Contents/MacOS/EscrowSecurityAlert", + "label": "com.apple.EscrowSecurityAlert", "name": "com.apple.EscrowSecurityAlert.plist", "path": "/System/Library/LaunchAgents/com.apple.EscrowSecurityAlert.plist", "process_type": "Background", - "label": "com.apple.EscrowSecurityAlert" + "program_arguments": "/System/Library/CoreServices/EscrowSecurityAlert.app/Contents/MacOS/EscrowSecurityAlert" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.EscrowSecurityAlert\",\"name\":\"com.apple.EscrowSecurityAlert.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.EscrowSecurityAlert.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/EscrowSecurityAlert.app/Contents/MacOS/EscrowSecurityAlert\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.fileprovider.fileproviderd\",\"name\":\"com.apple.FileProvider.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FileProvider.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FileProvider.framework/Support/fileproviderd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.FileProvider.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.fileprovider.fileproviderd", "name": "com.apple.FileProvider.plist", "path": "/System/Library/LaunchAgents/com.apple.FileProvider.plist", - "label": "com.apple.fileprovider.fileproviderd", "program": "/System/Library/PrivateFrameworks/FileProvider.framework/Support/fileproviderd", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.fileprovider.fileproviderd\",\"name\":\"com.apple.FileProvider.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FileProvider.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FileProvider.framework/Support/fileproviderd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FileStatsAgent\",\"name\":\"com.apple.FileStatsAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FileStatsAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/FileStatsAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.FileStatsAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/FileStatsAgent", + "label": "com.apple.FileStatsAgent", "name": "com.apple.FileStatsAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.FileStatsAgent.plist", - "label": "com.apple.FileStatsAgent" + "program_arguments": "/usr/sbin/FileStatsAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FileStatsAgent\",\"name\":\"com.apple.FileStatsAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FileStatsAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/FileStatsAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FilesystemUI\",\"name\":\"com.apple.FilesystemUI.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FilesystemUI.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/KernelEventAgent.bundle/Contents/Resources/FileSystemUIAgent.app/Contents/MacOS/FileSystemUIAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.FilesystemUI.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/KernelEventAgent.bundle/Contents/Resources/FileSystemUIAgent.app/Contents/MacOS/FileSystemUIAgent", + "label": "com.apple.FilesystemUI", "name": "com.apple.FilesystemUI.plist", "path": "/System/Library/LaunchAgents/com.apple.FilesystemUI.plist", - "label": "com.apple.FilesystemUI" + "program_arguments": "/System/Library/CoreServices/KernelEventAgent.bundle/Contents/Resources/FileSystemUIAgent.app/Contents/MacOS/FileSystemUIAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FilesystemUI\",\"name\":\"com.apple.FilesystemUI.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FilesystemUI.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/KernelEventAgent.bundle/Contents/Resources/FileSystemUIAgent.app/Contents/MacOS/FileSystemUIAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Finder\",\"name\":\"com.apple.Finder.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Finder.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.Finder.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.Finder", "name": "com.apple.Finder.plist", "path": "/System/Library/LaunchAgents/com.apple.Finder.plist", - "label": "com.apple.Finder", "program": "/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Finder\",\"name\":\"com.apple.Finder.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Finder.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.FolderActionsDispatcher\",\"name\":\"com.apple.FolderActionsDispatcher.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FolderActionsDispatcher.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.FolderActionsDispatcher.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher launchd", - "path": "/System/Library/LaunchAgents/com.apple.FolderActionsDispatcher.plist", - "run_at_load": "1", + "keep_alive": "1", + "label": "com.apple.FolderActionsDispatcher", "name": "com.apple.FolderActionsDispatcher.plist", + "path": "/System/Library/LaunchAgents/com.apple.FolderActionsDispatcher.plist", "process_type": "Interactive", - "label": "com.apple.FolderActionsDispatcher", - "keep_alive": "1" + "program_arguments": "/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher launchd", + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.FolderActionsDispatcher\",\"name\":\"com.apple.FolderActionsDispatcher.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FolderActionsDispatcher.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FollowUpUI\",\"name\":\"com.apple.FollowUpUI.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FollowUpUI.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Resources/FollowUpUI.app/Contents/MacOS/FollowUpUI\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.FollowUpUI.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.FollowUpUI", "name": "com.apple.FollowUpUI.plist", "path": "/System/Library/LaunchAgents/com.apple.FollowUpUI.plist", - "label": "com.apple.FollowUpUI", "program": "/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Resources/FollowUpUI.app/Contents/MacOS/FollowUpUI" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FollowUpUI\",\"name\":\"com.apple.FollowUpUI.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FollowUpUI.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Resources/FollowUpUI.app/Contents/MacOS/FollowUpUI\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FontRegistryUIAgent\",\"name\":\"com.apple.FontRegistryUIAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FontRegistryUIAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/FontRegistryUIAgent.app/Contents/MacOS/FontRegistryUIAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.FontRegistryUIAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.FontRegistryUIAgent", "name": "com.apple.FontRegistryUIAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.FontRegistryUIAgent.plist", - "label": "com.apple.FontRegistryUIAgent", "program": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/FontRegistryUIAgent.app/Contents/MacOS/FontRegistryUIAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FontRegistryUIAgent\",\"name\":\"com.apple.FontRegistryUIAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FontRegistryUIAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/FontRegistryUIAgent.app/Contents/MacOS/FontRegistryUIAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ATS.FontValidator\",\"name\":\"com.apple.FontValidator.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FontValidator.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontValidator\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.FontValidator.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.ATS.FontValidator", "name": "com.apple.FontValidator.plist", "path": "/System/Library/LaunchAgents/com.apple.FontValidator.plist", - "label": "com.apple.ATS.FontValidator", "program": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontValidator" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ATS.FontValidator\",\"name\":\"com.apple.FontValidator.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FontValidator.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontValidator\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ATS.FontValidatorConduit\",\"name\":\"com.apple.FontValidatorConduit.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FontValidatorConduit.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontValidatorConduit\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.FontValidatorConduit.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.ATS.FontValidatorConduit", "name": "com.apple.FontValidatorConduit.plist", "path": "/System/Library/LaunchAgents/com.apple.FontValidatorConduit.plist", - "label": "com.apple.ATS.FontValidatorConduit", "program": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontValidatorConduit" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ATS.FontValidatorConduit\",\"name\":\"com.apple.FontValidatorConduit.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FontValidatorConduit.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontValidatorConduit\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FontWorker\",\"name\":\"com.apple.FontWorker.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FontWorker.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/fontworker\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.FontWorker.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.FontWorker", "name": "com.apple.FontWorker.plist", "path": "/System/Library/LaunchAgents/com.apple.FontWorker.plist", - "label": "com.apple.FontWorker", "program": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/fontworker" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.FontWorker\",\"name\":\"com.apple.FontWorker.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.FontWorker.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/fontworker\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.IMLoggingAgent\",\"name\":\"com.apple.IMLoggingAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.IMLoggingAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IMFoundation.framework/IMLoggingAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.IMLoggingAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/IMFoundation.framework/IMLoggingAgent", + "label": "com.apple.IMLoggingAgent", "name": "com.apple.IMLoggingAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.IMLoggingAgent.plist", - "label": "com.apple.IMLoggingAgent" + "program_arguments": "/System/Library/PrivateFrameworks/IMFoundation.framework/IMLoggingAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.IMLoggingAgent\",\"name\":\"com.apple.IMLoggingAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.IMLoggingAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IMFoundation.framework/IMLoggingAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.LocalAuthentication.UIAgent\",\"name\":\"com.apple.LocalAuthentication.UIAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.LocalAuthentication.UIAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/LocalAuthentication.framework/Support/coreautha.bundle/Contents/MacOS/coreautha\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.LocalAuthentication.UIAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/LocalAuthentication.framework/Support/coreautha.bundle/Contents/MacOS/coreautha", + "label": "com.apple.LocalAuthentication.UIAgent", "name": "com.apple.LocalAuthentication.UIAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.LocalAuthentication.UIAgent.plist", - "label": "com.apple.LocalAuthentication.UIAgent", + "program_arguments": "/System/Library/Frameworks/LocalAuthentication.framework/Support/coreautha.bundle/Contents/MacOS/coreautha", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.LocalAuthentication.UIAgent\",\"name\":\"com.apple.LocalAuthentication.UIAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.LocalAuthentication.UIAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/LocalAuthentication.framework/Support/coreautha.bundle/Contents/MacOS/coreautha\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.MRTa\",\"name\":\"com.apple.MRTa.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.MRTa.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/MRT.app/Contents/MacOS/MRT -a\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.MRTa.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/MRT.app/Contents/MacOS/MRT -a", + "label": "com.apple.MRTa", "name": "com.apple.MRTa.plist", "path": "/System/Library/LaunchAgents/com.apple.MRTa.plist", "process_type": "Background", - "label": "com.apple.MRTa", + "program_arguments": "/System/Library/CoreServices/MRT.app/Contents/MacOS/MRT -a", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.MRTa\",\"name\":\"com.apple.MRTa.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.MRTa.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/MRT.app/Contents/MacOS/MRT -a\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClientAgent.agent\",\"name\":\"com.apple.ManagedClientAgent.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ManagedClientAgent.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ManagedClient.app/Contents/Resources/ManagedClientAgent -a\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ManagedClientAgent.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/ManagedClient.app/Contents/Resources/ManagedClientAgent -a", + "label": "com.apple.ManagedClientAgent.agent", "name": "com.apple.ManagedClientAgent.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.ManagedClientAgent.agent.plist", - "label": "com.apple.ManagedClientAgent.agent" + "program_arguments": "/System/Library/CoreServices/ManagedClient.app/Contents/Resources/ManagedClientAgent -a" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClientAgent.agent\",\"name\":\"com.apple.ManagedClientAgent.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ManagedClientAgent.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ManagedClient.app/Contents/Resources/ManagedClientAgent -a\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClientAgent.enrollagent\",\"name\":\"com.apple.ManagedClientAgent.enrollagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ManagedClient.app/Contents/Resources/ManagedClientAgent -j\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"7200\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/ManagedClient.app/Contents/Resources/ManagedClientAgent -j", + "label": "com.apple.ManagedClientAgent.enrollagent", "name": "com.apple.ManagedClientAgent.enrollagent.plist", "path": "/System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist", "process_type": "Background", - "label": "com.apple.ManagedClientAgent.enrollagent", + "program_arguments": "/System/Library/CoreServices/ManagedClient.app/Contents/Resources/ManagedClientAgent -j", "start_interval": "7200" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ManagedClientAgent.enrollagent\",\"name\":\"com.apple.ManagedClientAgent.enrollagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ManagedClient.app/Contents/Resources/ManagedClientAgent -j\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"7200\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Maps.mapspushd\",\"name\":\"com.apple.Maps.pushdaemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Maps.pushdaemon.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/mapspushd\",\"program_arguments\":\"/System/Library/CoreServices/mapspushd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.Maps.pushdaemon.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/mapspushd", + "label": "com.apple.Maps.mapspushd", "name": "com.apple.Maps.pushdaemon.plist", "path": "/System/Library/LaunchAgents/com.apple.Maps.pushdaemon.plist", - "label": "com.apple.Maps.mapspushd", "program": "/System/Library/CoreServices/mapspushd", + "program_arguments": "/System/Library/CoreServices/mapspushd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Maps.mapspushd\",\"name\":\"com.apple.Maps.pushdaemon.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Maps.pushdaemon.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/mapspushd\",\"program_arguments\":\"/System/Library/CoreServices/mapspushd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.NVMeAgent\",\"name\":\"com.apple.NVMeAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.NVMeAgent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/NVMeAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.NVMeAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.NVMeAgent", "name": "com.apple.NVMeAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.NVMeAgent.plist", "process_type": "Adaptive", - "label": "com.apple.NVMeAgent", "program": "/usr/libexec/NVMeAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, - "rule": { - "name": "pack_it-compliance_launchd" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.NVMeAgent\",\"name\":\"com.apple.NVMeAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.NVMeAgent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/NVMeAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "rule": { + "name": "pack_it-compliance_launchd" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nowplayingtouchui\",\"name\":\"com.apple.NowPlayingTouchUI.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.NowPlayingTouchUI.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/NowPlayingTouchUI.app/Contents/MacOS/NowPlayingTouchUI\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.NowPlayingTouchUI.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.nowplayingtouchui", "name": "com.apple.NowPlayingTouchUI.plist", "path": "/System/Library/LaunchAgents/com.apple.NowPlayingTouchUI.plist", "process_type": "App", - "label": "com.apple.nowplayingtouchui", "program": "/System/Library/CoreServices/NowPlayingTouchUI.app/Contents/MacOS/NowPlayingTouchUI" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nowplayingtouchui\",\"name\":\"com.apple.NowPlayingTouchUI.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.NowPlayingTouchUI.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/NowPlayingTouchUI.app/Contents/MacOS/NowPlayingTouchUI\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.OSDUIHelper\",\"name\":\"com.apple.OSDUIHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.OSDUIHelper.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/OSDUIHelper.app/Contents/MacOS/OSDUIHelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.OSDUIHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.OSDUIHelper", "name": "com.apple.OSDUIHelper.plist", "path": "/System/Library/LaunchAgents/com.apple.OSDUIHelper.plist", "process_type": "App", - "label": "com.apple.OSDUIHelper", "program": "/System/Library/CoreServices/OSDUIHelper.app/Contents/MacOS/OSDUIHelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.OSDUIHelper\",\"name\":\"com.apple.OSDUIHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.OSDUIHelper.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/OSDUIHelper.app/Contents/MacOS/OSDUIHelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PCIESlotCheck\",\"name\":\"com.apple.PCIESlotCheck.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.PCIESlotCheck.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Expansion Slot Utility.app/Contents/Resources/PCIESlotCheck\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.PCIESlotCheck.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Expansion Slot Utility.app/Contents/Resources/PCIESlotCheck", + "label": "com.apple.PCIESlotCheck", "name": "com.apple.PCIESlotCheck.plist", "path": "/System/Library/LaunchAgents/com.apple.PCIESlotCheck.plist", - "label": "com.apple.PCIESlotCheck", + "program_arguments": "/System/Library/CoreServices/Expansion Slot Utility.app/Contents/Resources/PCIESlotCheck", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PCIESlotCheck\",\"name\":\"com.apple.PCIESlotCheck.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.PCIESlotCheck.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Expansion Slot Utility.app/Contents/Resources/PCIESlotCheck\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PIPAgent\",\"name\":\"com.apple.PIPAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.PIPAgent.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/PIPAgent.app/Contents/MacOS/PIPAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.PIPAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.PIPAgent", "name": "com.apple.PIPAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.PIPAgent.plist", "process_type": "App", - "label": "com.apple.PIPAgent", "program": "/System/Library/CoreServices/PIPAgent.app/Contents/MacOS/PIPAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PIPAgent\",\"name\":\"com.apple.PIPAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.PIPAgent.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/PIPAgent.app/Contents/MacOS/PIPAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PackageKit.InstallStatus\",\"name\":\"com.apple.PackageKit.InstallStatus.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.PackageKit.InstallStatus.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.PackageKit.InstallStatus.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress", + "label": "com.apple.PackageKit.InstallStatus", "name": "com.apple.PackageKit.InstallStatus.plist", "path": "/System/Library/LaunchAgents/com.apple.PackageKit.InstallStatus.plist", "process_type": "Interactive", - "label": "com.apple.PackageKit.InstallStatus" + "program_arguments": "/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PackageKit.InstallStatus\",\"name\":\"com.apple.PackageKit.InstallStatus.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.PackageKit.InstallStatus.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PhotoLibraryMigrationUtility.XPC\",\"name\":\"com.apple.PhotoLibraryMigrationUtility.XPC.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.PhotoLibraryMigrationUtility.XPC.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Photo Library Migration Utility.app/Contents/MacOS/Photo Library Migration Utility -server\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.PhotoLibraryMigrationUtility.XPC.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Photo Library Migration Utility.app/Contents/MacOS/Photo Library Migration Utility -server", + "label": "com.apple.PhotoLibraryMigrationUtility.XPC", "name": "com.apple.PhotoLibraryMigrationUtility.XPC.plist", "path": "/System/Library/LaunchAgents/com.apple.PhotoLibraryMigrationUtility.XPC.plist", "process_type": "Adaptive", - "label": "com.apple.PhotoLibraryMigrationUtility.XPC" + "program_arguments": "/System/Library/CoreServices/Photo Library Migration Utility.app/Contents/MacOS/Photo Library Migration Utility -server" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.PhotoLibraryMigrationUtility.XPC\",\"name\":\"com.apple.PhotoLibraryMigrationUtility.XPC.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.PhotoLibraryMigrationUtility.XPC.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Photo Library Migration Utility.app/Contents/MacOS/Photo Library Migration Utility -server\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.PubSub.Agent\",\"name\":\"com.apple.PubSub.Agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.PubSub.Agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app/Contents/MacOS/PubSubAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"1800\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.PubSub.Agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app/Contents/MacOS/PubSubAgent", + "keep_alive": "0", + "label": "com.apple.PubSub.Agent", + "name": "com.apple.PubSub.Agent.plist", "path": "/System/Library/LaunchAgents/com.apple.PubSub.Agent.plist", + "program_arguments": "/System/Library/PrivateFrameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app/Contents/MacOS/PubSubAgent", "run_at_load": "0", - "start_interval": "1800", - "name": "com.apple.PubSub.Agent.plist", - "label": "com.apple.PubSub.Agent", - "keep_alive": "0" + "start_interval": "1800" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.PubSub.Agent\",\"name\":\"com.apple.PubSub.Agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.PubSub.Agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app/Contents/MacOS/PubSubAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"1800\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.RapportUIAgent\",\"name\":\"com.apple.RapportUIAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.RapportUIAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/RapportUIAgent.app/Contents/MacOS/RapportUIAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.RapportUIAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.RapportUIAgent", "name": "com.apple.RapportUIAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.RapportUIAgent.plist", - "label": "com.apple.RapportUIAgent", "program": "/System/Library/CoreServices/RapportUIAgent.app/Contents/MacOS/RapportUIAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.RapportUIAgent\",\"name\":\"com.apple.RapportUIAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.RapportUIAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/RapportUIAgent.app/Contents/MacOS/RapportUIAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.RemoteDesktop.agent\",\"name\":\"com.apple.RemoteDesktop.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.RemoteDesktop.plist\",\"process_type\":\"Standard\",\"program\":\"/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.RemoteDesktop.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.RemoteDesktop.agent", "name": "com.apple.RemoteDesktop.plist", "path": "/System/Library/LaunchAgents/com.apple.RemoteDesktop.plist", "process_type": "Standard", - "label": "com.apple.RemoteDesktop.agent", "program": "/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.RemoteDesktop.agent\",\"name\":\"com.apple.RemoteDesktop.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.RemoteDesktop.plist\",\"process_type\":\"Standard\",\"program\":\"/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportCrash.Self\",\"name\":\"com.apple.ReportCrash.Self.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ReportCrash.Self.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ReportCrash agent-safety\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ReportCrash.Self.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/ReportCrash agent-safety", + "label": "com.apple.ReportCrash.Self", "name": "com.apple.ReportCrash.Self.plist", "path": "/System/Library/LaunchAgents/com.apple.ReportCrash.Self.plist", "process_type": "Background", - "label": "com.apple.ReportCrash.Self" + "program_arguments": "/System/Library/CoreServices/ReportCrash agent-safety" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportCrash.Self\",\"name\":\"com.apple.ReportCrash.Self.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ReportCrash.Self.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ReportCrash agent-safety\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportCrash\",\"name\":\"com.apple.ReportCrash.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ReportCrash.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ReportCrash agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ReportCrash.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/ReportCrash agent", + "label": "com.apple.ReportCrash", "name": "com.apple.ReportCrash.plist", "path": "/System/Library/LaunchAgents/com.apple.ReportCrash.plist", "process_type": "Background", - "label": "com.apple.ReportCrash" + "program_arguments": "/System/Library/CoreServices/ReportCrash agent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportCrash\",\"name\":\"com.apple.ReportCrash.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ReportCrash.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/ReportCrash agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.ReportGPURestart\",\"name\":\"com.apple.ReportGPURestart.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ReportGPURestart.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/ReportGPURestart\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ReportGPURestart.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/ReportGPURestart", - "name": "com.apple.ReportGPURestart.plist", - "path": "/System/Library/LaunchAgents/com.apple.ReportGPURestart.plist", "disabled": "1", + "keep_alive": "0", "label": "com.apple.ReportGPURestart", - "keep_alive": "0" + "name": "com.apple.ReportGPURestart.plist", + "path": "/System/Library/LaunchAgents/com.apple.ReportGPURestart.plist", + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/ReportGPURestart" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.ReportGPURestart\",\"name\":\"com.apple.ReportGPURestart.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ReportGPURestart.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/ReportGPURestart\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportPanic\",\"name\":\"com.apple.ReportPanic.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ReportPanic.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/ReportPanic.app/Contents/MacOS/ReportPanic\",\"program_arguments\":\"\",\"queue_directories\":\"/var/db/PanicReporter/\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/null\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ReportPanic.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.ReportPanic", "name": "com.apple.ReportPanic.plist", "path": "/System/Library/LaunchAgents/com.apple.ReportPanic.plist", - "stderr_path": "/dev/null", - "label": "com.apple.ReportPanic", "program": "/System/Library/CoreServices/ReportPanic.app/Contents/MacOS/ReportPanic", - "queue_directories": "/var/db/PanicReporter/" + "queue_directories": "/var/db/PanicReporter/", + "stderr_path": "/dev/null" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ReportPanic\",\"name\":\"com.apple.ReportPanic.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ReportPanic.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/ReportPanic.app/Contents/MacOS/ReportPanic\",\"program_arguments\":\"\",\"queue_directories\":\"/var/db/PanicReporter/\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/null\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ssinvitationagent\",\"name\":\"com.apple.SSInvitationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SSInvitationAgent.plist\",\"process_type\":\"Standard\",\"program\":\"/System/Library/CoreServices/RemoteManagement/ScreensharingAgent.bundle/Contents/Support/SSInvitationAgent.app/Contents/MacOS/SSInvitationAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.SSInvitationAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.ssinvitationagent", "name": "com.apple.SSInvitationAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.SSInvitationAgent.plist", "process_type": "Standard", - "label": "com.apple.ssinvitationagent", "program": "/System/Library/CoreServices/RemoteManagement/ScreensharingAgent.bundle/Contents/Support/SSInvitationAgent.app/Contents/MacOS/SSInvitationAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ssinvitationagent\",\"name\":\"com.apple.SSInvitationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SSInvitationAgent.plist\",\"process_type\":\"Standard\",\"program\":\"/System/Library/CoreServices/RemoteManagement/ScreensharingAgent.bundle/Contents/Support/SSInvitationAgent.app/Contents/MacOS/SSInvitationAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Safari.SafeBrowsing.Service\",\"name\":\"com.apple.Safari.SafeBrowsing.Service.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Safari.SafeBrowsing.Service.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.Safari.SafeBrowsing.Service.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.Safari.SafeBrowsing.Service", "name": "com.apple.Safari.SafeBrowsing.Service.plist", "path": "/System/Library/LaunchAgents/com.apple.Safari.SafeBrowsing.Service.plist", "process_type": "Adaptive", - "label": "com.apple.Safari.SafeBrowsing.Service", "program": "/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Safari.SafeBrowsing.Service\",\"name\":\"com.apple.Safari.SafeBrowsing.Service.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Safari.SafeBrowsing.Service.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SafariBookmarksSyncAgent\",\"name\":\"com.apple.SafariBookmarksSyncAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariBookmarksSyncAgent.plist\",\"process_type\":\"Standard\",\"program\":\"/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariBookmarksSyncAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.SafariBookmarksSyncAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.SafariBookmarksSyncAgent", "name": "com.apple.SafariBookmarksSyncAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.SafariBookmarksSyncAgent.plist", "process_type": "Standard", - "label": "com.apple.SafariBookmarksSyncAgent", "program": "/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariBookmarksSyncAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SafariBookmarksSyncAgent\",\"name\":\"com.apple.SafariBookmarksSyncAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariBookmarksSyncAgent.plist\",\"process_type\":\"Standard\",\"program\":\"/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariBookmarksSyncAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SafariCloudHistoryPushAgent\",\"name\":\"com.apple.SafariCloudHistoryPushAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariCloudHistoryPushAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/SafariCloudHistoryPushAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.SafariCloudHistoryPushAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.SafariCloudHistoryPushAgent", "name": "com.apple.SafariCloudHistoryPushAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.SafariCloudHistoryPushAgent.plist", - "label": "com.apple.SafariCloudHistoryPushAgent", "program": "/usr/libexec/SafariCloudHistoryPushAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SafariCloudHistoryPushAgent\",\"name\":\"com.apple.SafariCloudHistoryPushAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariCloudHistoryPushAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/SafariCloudHistoryPushAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SafariHistoryServiceAgent\",\"name\":\"com.apple.SafariHistoryServiceAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariHistoryServiceAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/SafariHistoryServiceAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.SafariHistoryServiceAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.SafariHistoryServiceAgent", "name": "com.apple.SafariHistoryServiceAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.SafariHistoryServiceAgent.plist", - "label": "com.apple.SafariHistoryServiceAgent", "program": "/usr/libexec/SafariHistoryServiceAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SafariHistoryServiceAgent\",\"name\":\"com.apple.SafariHistoryServiceAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariHistoryServiceAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/SafariHistoryServiceAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.SafariLaunchAgent\",\"name\":\"com.apple.SafariLaunchAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariLaunchAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/SafariLaunchAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.SafariLaunchAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "0", + "label": "com.apple.SafariLaunchAgent", "name": "com.apple.SafariLaunchAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.SafariLaunchAgent.plist", - "label": "com.apple.SafariLaunchAgent", - "program": "/usr/libexec/SafariLaunchAgent", - "keep_alive": "0" + "program": "/usr/libexec/SafariLaunchAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.SafariLaunchAgent\",\"name\":\"com.apple.SafariLaunchAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariLaunchAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/SafariLaunchAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.SafariNotificationAgent\",\"name\":\"com.apple.SafariNotificationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariNotificationAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/SafariNotificationAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.SafariNotificationAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "0", + "label": "com.apple.SafariNotificationAgent", "name": "com.apple.SafariNotificationAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.SafariNotificationAgent.plist", - "label": "com.apple.SafariNotificationAgent", - "program": "/usr/libexec/SafariNotificationAgent", - "keep_alive": "0" + "program": "/usr/libexec/SafariNotificationAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.SafariNotificationAgent\",\"name\":\"com.apple.SafariNotificationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariNotificationAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/SafariNotificationAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SafariPlugInUpdateNotifier\",\"name\":\"com.apple.SafariPlugInUpdateNotifier.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariPlugInUpdateNotifier.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/SafariPlugInUpdateNotifier\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.SafariPlugInUpdateNotifier.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.SafariPlugInUpdateNotifier", "name": "com.apple.SafariPlugInUpdateNotifier.plist", "path": "/System/Library/LaunchAgents/com.apple.SafariPlugInUpdateNotifier.plist", - "label": "com.apple.SafariPlugInUpdateNotifier", "program": "/usr/libexec/SafariPlugInUpdateNotifier" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SafariPlugInUpdateNotifier\",\"name\":\"com.apple.SafariPlugInUpdateNotifier.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SafariPlugInUpdateNotifier.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/SafariPlugInUpdateNotifier\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ScreenReaderUIServer\",\"name\":\"com.apple.ScreenReaderUIServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ScreenReaderUIServer.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/PrivateFrameworks/ScreenReader.framework/Resources/ScreenReaderUIServer.app/Contents/MacOS/ScreenReaderUIServer\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ScreenReaderUIServer.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.ScreenReaderUIServer", "name": "com.apple.ScreenReaderUIServer.plist", "path": "/System/Library/LaunchAgents/com.apple.ScreenReaderUIServer.plist", "process_type": "Interactive", - "label": "com.apple.ScreenReaderUIServer", "program": "/System/Library/PrivateFrameworks/ScreenReader.framework/Resources/ScreenReaderUIServer.app/Contents/MacOS/ScreenReaderUIServer", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ScreenReaderUIServer\",\"name\":\"com.apple.ScreenReaderUIServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ScreenReaderUIServer.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/PrivateFrameworks/ScreenReader.framework/Resources/ScreenReaderUIServer.app/Contents/MacOS/ScreenReaderUIServer\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Siri.agent\",\"name\":\"com.apple.Siri.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Siri.agent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Siri.app/Contents/MacOS/Siri launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.Siri.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Siri.app/Contents/MacOS/Siri launchd", + "disabled": "0", + "label": "com.apple.Siri.agent", "name": "com.apple.Siri.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.Siri.agent.plist", - "disabled": "0", "process_type": "Interactive", - "label": "com.apple.Siri.agent" + "program_arguments": "/System/Library/CoreServices/Siri.app/Contents/MacOS/Siri launchd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Siri.agent\",\"name\":\"com.apple.Siri.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Siri.agent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Siri.app/Contents/MacOS/Siri launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.SocialPushAgent\",\"name\":\"com.apple.SocialPushAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SocialPushAgent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/CoreServices/SocialPushAgent.app/Contents/MacOS/SocialPushAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.SocialPushAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "path": "/System/Library/LaunchAgents/com.apple.SocialPushAgent.plist", - "run_at_load": "1", + "keep_alive": "0", + "label": "com.apple.SocialPushAgent", "name": "com.apple.SocialPushAgent.plist", + "path": "/System/Library/LaunchAgents/com.apple.SocialPushAgent.plist", "process_type": "Adaptive", - "label": "com.apple.SocialPushAgent", "program": "/System/Library/CoreServices/SocialPushAgent.app/Contents/MacOS/SocialPushAgent", - "keep_alive": "0" + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.SocialPushAgent\",\"name\":\"com.apple.SocialPushAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SocialPushAgent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/CoreServices/SocialPushAgent.app/Contents/MacOS/SocialPushAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Spotlight\",\"name\":\"com.apple.Spotlight.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Spotlight.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.Spotlight.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight", + "label": "com.apple.Spotlight", "name": "com.apple.Spotlight.plist", "path": "/System/Library/LaunchAgents/com.apple.Spotlight.plist", - "label": "com.apple.Spotlight", + "program_arguments": "/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.Spotlight\",\"name\":\"com.apple.Spotlight.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.Spotlight.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.STMUIHelper\",\"name\":\"com.apple.StorageManagementUIHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.StorageManagementUIHelper.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/PrivateFrameworks/StorageManagement.framework/Resources/STMUIHelper.app/Contents/MacOS/STMUIHelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.StorageManagementUIHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.STMUIHelper", "name": "com.apple.StorageManagementUIHelper.plist", "path": "/System/Library/LaunchAgents/com.apple.StorageManagementUIHelper.plist", "process_type": "Interactive", - "label": "com.apple.STMUIHelper", "program": "/System/Library/PrivateFrameworks/StorageManagement.framework/Resources/STMUIHelper.app/Contents/MacOS/STMUIHelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.STMUIHelper\",\"name\":\"com.apple.StorageManagementUIHelper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.StorageManagementUIHelper.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/PrivateFrameworks/StorageManagement.framework/Resources/STMUIHelper.app/Contents/MacOS/STMUIHelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SystemUIServer.agent\",\"name\":\"com.apple.SystemUIServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SystemUIServer.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.SystemUIServer.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.SystemUIServer.agent", "name": "com.apple.SystemUIServer.plist", "path": "/System/Library/LaunchAgents/com.apple.SystemUIServer.plist", - "label": "com.apple.SystemUIServer.agent", "program": "/System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.SystemUIServer.agent\",\"name\":\"com.apple.SystemUIServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.SystemUIServer.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.TMHelperAgent.SetupOffer\",\"name\":\"com.apple.TMHelperAgent.SetupOffer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.TMHelperAgent.SetupOffer.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent -offer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"1\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.TMHelperAgent.SetupOffer.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent -offer", + "label": "com.apple.TMHelperAgent.SetupOffer", "name": "com.apple.TMHelperAgent.SetupOffer.plist", "path": "/System/Library/LaunchAgents/com.apple.TMHelperAgent.SetupOffer.plist", - "start_on_mount": "1", "process_type": "Interactive", - "label": "com.apple.TMHelperAgent.SetupOffer" + "program_arguments": "/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent -offer", + "start_on_mount": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.TMHelperAgent.SetupOffer\",\"name\":\"com.apple.TMHelperAgent.SetupOffer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.TMHelperAgent.SetupOffer.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent -offer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"1\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.TMHelperAgent\",\"name\":\"com.apple.TMHelperAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.TMHelperAgent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.TMHelperAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent", - "path": "/System/Library/LaunchAgents/com.apple.TMHelperAgent.plist", - "run_at_load": "0", + "keep_alive": "0", + "label": "com.apple.TMHelperAgent", "name": "com.apple.TMHelperAgent.plist", + "path": "/System/Library/LaunchAgents/com.apple.TMHelperAgent.plist", "process_type": "Interactive", - "label": "com.apple.TMHelperAgent", - "keep_alive": "0" + "program_arguments": "/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent", + "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.TMHelperAgent\",\"name\":\"com.apple.TMHelperAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.TMHelperAgent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.TrustEvaluationAgent\",\"name\":\"com.apple.TrustEvaluationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.TrustEvaluationAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Resources/trustevaluationagent\",\"program_arguments\":\"trustevaluationagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.TrustEvaluationAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "trustevaluationagent", + "label": "com.apple.TrustEvaluationAgent", "name": "com.apple.TrustEvaluationAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.TrustEvaluationAgent.plist", - "label": "com.apple.TrustEvaluationAgent", - "program": "/System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Resources/trustevaluationagent" + "program": "/System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Resources/trustevaluationagent", + "program_arguments": "trustevaluationagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.TrustEvaluationAgent\",\"name\":\"com.apple.TrustEvaluationAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.TrustEvaluationAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Resources/trustevaluationagent\",\"program_arguments\":\"trustevaluationagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.USBAgent\",\"name\":\"com.apple.USBAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.USBAgent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/USBAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.USBAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.USBAgent", "name": "com.apple.USBAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.USBAgent.plist", "process_type": "Adaptive", - "label": "com.apple.USBAgent", "program": "/usr/libexec/USBAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.USBAgent\",\"name\":\"com.apple.USBAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.USBAgent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/USBAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.UserEventAgent-Aqua\",\"name\":\"com.apple.UserEventAgent-Aqua.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.UserEventAgent-Aqua.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/UserEventAgent (Aqua)\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.UserEventAgent-Aqua.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/UserEventAgent (Aqua)", + "keep_alive": "1", + "label": "com.apple.UserEventAgent-Aqua", "name": "com.apple.UserEventAgent-Aqua.plist", "path": "/System/Library/LaunchAgents/com.apple.UserEventAgent-Aqua.plist", - "label": "com.apple.UserEventAgent-Aqua", - "keep_alive": "1" + "program_arguments": "/usr/libexec/UserEventAgent (Aqua)" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.UserEventAgent-Aqua\",\"name\":\"com.apple.UserEventAgent-Aqua.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.UserEventAgent-Aqua.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/UserEventAgent (Aqua)\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.UserEventAgent-LoginWindow\",\"name\":\"com.apple.UserEventAgent-LoginWindow.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.UserEventAgent-LoginWindow.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/UserEventAgent (LoginWindow)\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.UserEventAgent-LoginWindow.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/UserEventAgent (LoginWindow)", + "keep_alive": "1", + "label": "com.apple.UserEventAgent-LoginWindow", "name": "com.apple.UserEventAgent-LoginWindow.plist", "path": "/System/Library/LaunchAgents/com.apple.UserEventAgent-LoginWindow.plist", - "label": "com.apple.UserEventAgent-LoginWindow", - "keep_alive": "1" + "program_arguments": "/usr/libexec/UserEventAgent (LoginWindow)" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.UserEventAgent-LoginWindow\",\"name\":\"com.apple.UserEventAgent-LoginWindow.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.UserEventAgent-LoginWindow.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/UserEventAgent (LoginWindow)\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.UserNotificationCenterAgent-LoginWindow\",\"name\":\"com.apple.UserNotificationCenterAgent-LoginWindow.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent-LoginWindow.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter -loginwindow\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent-LoginWindow.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter -loginwindow", + "label": "com.apple.UserNotificationCenterAgent-LoginWindow", "name": "com.apple.UserNotificationCenterAgent-LoginWindow.plist", "path": "/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent-LoginWindow.plist", - "label": "com.apple.UserNotificationCenterAgent-LoginWindow" + "program_arguments": "/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter -loginwindow" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.UserNotificationCenterAgent-LoginWindow\",\"name\":\"com.apple.UserNotificationCenterAgent-LoginWindow.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent-LoginWindow.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter -loginwindow\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.UserNotificationCenterAgent\",\"name\":\"com.apple.UserNotificationCenterAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter", + "label": "com.apple.UserNotificationCenterAgent", "name": "com.apple.UserNotificationCenterAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent.plist", - "label": "com.apple.UserNotificationCenterAgent" + "program_arguments": "/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.UserNotificationCenterAgent\",\"name\":\"com.apple.UserNotificationCenterAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.VoiceOver\",\"name\":\"com.apple.VoiceOver.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.VoiceOver.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/VoiceOver.app/Contents/MacOS/VoiceOver launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:51.000Z", "file": { "path": "/System/Library/LaunchAgents/com.apple.VoiceOver.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/VoiceOver.app/Contents/MacOS/VoiceOver launchd -s", + "label": "com.apple.VoiceOver", "name": "com.apple.VoiceOver.plist", "path": "/System/Library/LaunchAgents/com.apple.VoiceOver.plist", "process_type": "Interactive", - "label": "com.apple.VoiceOver", + "program_arguments": "/System/Library/CoreServices/VoiceOver.app/Contents/MacOS/VoiceOver launchd -s", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.VoiceOver\",\"name\":\"com.apple.VoiceOver.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.VoiceOver.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/VoiceOver.app/Contents/MacOS/VoiceOver launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.WebKit.PluginAgent\",\"name\":\"com.apple.WebKit.PluginAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.WebKit.PluginAgent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/WebKit.framework/Frameworks/WebKitLegacy.framework/WebKitPluginAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.WebKit.PluginAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/WebKit.framework/Frameworks/WebKitLegacy.framework/WebKitPluginAgent", + "label": "com.apple.WebKit.PluginAgent", "name": "com.apple.WebKit.PluginAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.WebKit.PluginAgent.plist", "process_type": "Interactive", - "label": "com.apple.WebKit.PluginAgent" + "program_arguments": "/System/Library/Frameworks/WebKit.framework/Frameworks/WebKitLegacy.framework/WebKitPluginAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.WebKit.PluginAgent\",\"name\":\"com.apple.WebKit.PluginAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.WebKit.PluginAgent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/WebKit.framework/Frameworks/WebKitLegacy.framework/WebKitPluginAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.WiFiVelocityAgent\",\"name\":\"com.apple.WiFiVelocityAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.WiFiVelocityAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/WiFiVelocityAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.WiFiVelocityAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.WiFiVelocityAgent", "name": "com.apple.WiFiVelocityAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.WiFiVelocityAgent.plist", - "label": "com.apple.WiFiVelocityAgent", "program": "/usr/libexec/WiFiVelocityAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.WiFiVelocityAgent\",\"name\":\"com.apple.WiFiVelocityAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.WiFiVelocityAgent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/WiFiVelocityAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.accessibility.dfrhud\",\"name\":\"com.apple.accessibility.dfrhud.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.accessibility.dfrhud.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/DFRHUD.app/Contents/MacOS/DFRHUD launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.accessibility.dfrhud.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/DFRHUD.app/Contents/MacOS/DFRHUD launchd", + "keep_alive": "0", + "label": "com.apple.accessibility.dfrhud", "name": "com.apple.accessibility.dfrhud.plist", "path": "/System/Library/LaunchAgents/com.apple.accessibility.dfrhud.plist", - "label": "com.apple.accessibility.dfrhud", - "keep_alive": "0", + "program_arguments": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/DFRHUD.app/Contents/MacOS/DFRHUD launchd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.accessibility.dfrhud\",\"name\":\"com.apple.accessibility.dfrhud.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.accessibility.dfrhud.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/DFRHUD.app/Contents/MacOS/DFRHUD launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.accountsd\",\"name\":\"com.apple.accountsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.accountsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.accountsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd", + "label": "com.apple.accountsd", "name": "com.apple.accountsd.plist", "path": "/System/Library/LaunchAgents/com.apple.accountsd.plist", - "label": "com.apple.accountsd" + "program_arguments": "/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.accountsd\",\"name\":\"com.apple.accountsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.accountsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.akd\",\"name\":\"com.apple.akd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.akd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.akd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd", + "label": "com.apple.akd", "name": "com.apple.akd.plist", "path": "/System/Library/LaunchAgents/com.apple.akd.plist", - "label": "com.apple.akd" + "program_arguments": "/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.akd\",\"name\":\"com.apple.akd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.akd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.alf.useragent\",\"name\":\"com.apple.alf.useragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.alf.useragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/ApplicationFirewall/Firewall\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.alf.useragent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/ApplicationFirewall/Firewall", + "label": "com.apple.alf.useragent", "name": "com.apple.alf.useragent.plist", "path": "/System/Library/LaunchAgents/com.apple.alf.useragent.plist", - "label": "com.apple.alf.useragent" + "program_arguments": "/usr/libexec/ApplicationFirewall/Firewall" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.alf.useragent\",\"name\":\"com.apple.alf.useragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.alf.useragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/ApplicationFirewall/Firewall\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.apfsuseragent\",\"name\":\"com.apple.apfsuseragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.apfsuseragent.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/APFSUserAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.apfsuseragent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/APFSUserAgent", + "label": "com.apple.apfsuseragent", "name": "com.apple.apfsuseragent.plist", "path": "/System/Library/LaunchAgents/com.apple.apfsuseragent.plist", "process_type": "Adaptive", - "label": "com.apple.apfsuseragent" + "program_arguments": "/System/Library/CoreServices/APFSUserAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.apfsuseragent\",\"name\":\"com.apple.apfsuseragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.apfsuseragent.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/APFSUserAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.appleseed.seedusaged\",\"name\":\"com.apple.appleseed.seedusaged.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.appleseed.seedusaged.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.appleseed.seedusaged.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.appleseed.seedusaged", "name": "com.apple.appleseed.seedusaged.plist", "path": "/System/Library/LaunchAgents/com.apple.appleseed.seedusaged.plist", - "label": "com.apple.appleseed.seedusaged", "program": "/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.appleseed.seedusaged\",\"name\":\"com.apple.appleseed.seedusaged.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.appleseed.seedusaged.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.appleseed.seedusaged.postinstall\",\"name\":\"com.apple.appleseed.seedusaged.postinstall.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.appleseed.seedusaged.postinstall.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged\",\"program_arguments\":\"oneShot\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.appleseed.seedusaged.postinstall.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "oneShot", + "label": "com.apple.appleseed.seedusaged.postinstall", "name": "com.apple.appleseed.seedusaged.postinstall.plist", "path": "/System/Library/LaunchAgents/com.apple.appleseed.seedusaged.postinstall.plist", - "label": "com.apple.appleseed.seedusaged.postinstall", "program": "/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged", + "program_arguments": "oneShot", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.appleseed.seedusaged.postinstall\",\"name\":\"com.apple.appleseed.seedusaged.postinstall.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.appleseed.seedusaged.postinstall.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged\",\"program_arguments\":\"oneShot\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.applespell\",\"name\":\"com.apple.applespell.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.applespell.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.applespell.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell", + "label": "com.apple.applespell", "name": "com.apple.applespell.plist", "path": "/System/Library/LaunchAgents/com.apple.applespell.plist", "process_type": "Interactive", - "label": "com.apple.applespell" + "program_arguments": "/System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.applespell\",\"name\":\"com.apple.applespell.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.applespell.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.appsleep\",\"name\":\"com.apple.appsleepd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.appsleepd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/appsleepd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.appsleepd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/appsleepd", + "label": "com.apple.appsleep", "name": "com.apple.appsleepd.plist", "path": "/System/Library/LaunchAgents/com.apple.appsleepd.plist", - "label": "com.apple.appsleep" + "program_arguments": "/usr/sbin/appsleepd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.appsleep\",\"name\":\"com.apple.appsleepd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.appsleepd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/appsleepd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.appstoreupdateagent\",\"name\":\"com.apple.appstoreupdateagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.appstoreupdateagent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/appstoreupdateagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:51.000Z", "file": { "path": "/System/Library/LaunchAgents/com.apple.appstoreupdateagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.appstoreupdateagent", "name": "com.apple.appstoreupdateagent.plist", "path": "/System/Library/LaunchAgents/com.apple.appstoreupdateagent.plist", - "label": "com.apple.appstoreupdateagent", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/appstoreupdateagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.appstoreupdateagent\",\"name\":\"com.apple.appstoreupdateagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.appstoreupdateagent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/appstoreupdateagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.askpermissiond\",\"name\":\"com.apple.askpermissiond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.askpermissiond.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/askpermissiond\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.askpermissiond.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.askpermissiond", "name": "com.apple.askpermissiond.plist", "path": "/System/Library/LaunchAgents/com.apple.askpermissiond.plist", - "label": "com.apple.askpermissiond", "program": "/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/askpermissiond" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.askpermissiond\",\"name\":\"com.apple.askpermissiond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.askpermissiond.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/askpermissiond\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.assistant_service\",\"name\":\"com.apple.assistant_service.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.assistant_service.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssistantServices.framework/assistant_service\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.assistant_service.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/AssistantServices.framework/assistant_service", + "label": "com.apple.assistant_service", "name": "com.apple.assistant_service.plist", "path": "/System/Library/LaunchAgents/com.apple.assistant_service.plist", - "label": "com.apple.assistant_service" + "program_arguments": "/System/Library/PrivateFrameworks/AssistantServices.framework/assistant_service" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.assistant_service\",\"name\":\"com.apple.assistant_service.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.assistant_service.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssistantServices.framework/assistant_service\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.assistantd\",\"name\":\"com.apple.assistantd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.assistantd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssistantServices.framework/assistantd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.assistantd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/AssistantServices.framework/assistantd", + "label": "com.apple.assistantd", "name": "com.apple.assistantd.plist", "path": "/System/Library/LaunchAgents/com.apple.assistantd.plist", "process_type": "Adaptive", - "label": "com.apple.assistantd", + "program_arguments": "/System/Library/PrivateFrameworks/AssistantServices.framework/assistantd", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.assistantd\",\"name\":\"com.apple.assistantd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.assistantd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/AssistantServices.framework/assistantd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.audio.AudioComponentRegistrar\",\"name\":\"com.apple.audio.AudioComponentRegistrar.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.audio.AudioComponentRegistrar.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.audio.AudioComponentRegistrar.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar", + "label": "com.apple.audio.AudioComponentRegistrar", "name": "com.apple.audio.AudioComponentRegistrar.plist", "path": "/System/Library/LaunchAgents/com.apple.audio.AudioComponentRegistrar.plist", "process_type": "Adaptive", - "label": "com.apple.audio.AudioComponentRegistrar" + "program_arguments": "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.audio.AudioComponentRegistrar\",\"name\":\"com.apple.audio.AudioComponentRegistrar.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.audio.AudioComponentRegistrar.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.videoconference.camera\",\"name\":\"com.apple.avconferenced.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.avconferenced.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/avconferenced\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.avconferenced.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/avconferenced", + "keep_alive": "0", + "label": "com.apple.videoconference.camera", "name": "com.apple.avconferenced.plist", "path": "/System/Library/LaunchAgents/com.apple.avconferenced.plist", - "label": "com.apple.videoconference.camera", - "keep_alive": "0" + "program_arguments": "/usr/libexec/avconferenced" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.videoconference.camera\",\"name\":\"com.apple.avconferenced.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.avconferenced.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/avconferenced\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.backgroundtaskmanagementagent\",\"name\":\"com.apple.backgroundtaskmanagementuiagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.backgroundtaskmanagementuiagent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/backgroundtaskmanagementagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.backgroundtaskmanagementuiagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.backgroundtaskmanagementagent", "name": "com.apple.backgroundtaskmanagementuiagent.plist", "path": "/System/Library/LaunchAgents/com.apple.backgroundtaskmanagementuiagent.plist", - "label": "com.apple.backgroundtaskmanagementagent", "program": "/System/Library/CoreServices/backgroundtaskmanagementagent", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.backgroundtaskmanagementagent\",\"name\":\"com.apple.backgroundtaskmanagementuiagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.backgroundtaskmanagementuiagent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/backgroundtaskmanagementagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bird\",\"name\":\"com.apple.bird.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.bird.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.bird.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird", + "disabled": "0", + "label": "com.apple.bird", "name": "com.apple.bird.plist", "path": "/System/Library/LaunchAgents/com.apple.bird.plist", - "disabled": "0", - "label": "com.apple.bird" + "program_arguments": "/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bird\",\"name\":\"com.apple.bird.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.bird.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bluetooth.PacketLogger\",\"name\":\"com.apple.bluetooth.PacketLogger.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.bluetooth.PacketLogger.plist\",\"process_type\":\"Standard\",\"program\":\"/AppleInternal/DevTools/Hardware/PacketLogger.app/Contents/MacOS/PacketLogger\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.bluetooth.PacketLogger.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.bluetooth.PacketLogger", "name": "com.apple.bluetooth.PacketLogger.plist", "path": "/System/Library/LaunchAgents/com.apple.bluetooth.PacketLogger.plist", "process_type": "Standard", - "label": "com.apple.bluetooth.PacketLogger", "program": "/AppleInternal/DevTools/Hardware/PacketLogger.app/Contents/MacOS/PacketLogger" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bluetooth.PacketLogger\",\"name\":\"com.apple.bluetooth.PacketLogger.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.bluetooth.PacketLogger.plist\",\"process_type\":\"Standard\",\"program\":\"/AppleInternal/DevTools/Hardware/PacketLogger.app/Contents/MacOS/PacketLogger\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bluetoothUIServer\",\"name\":\"com.apple.bluetoothUIServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.bluetoothUIServer.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/BluetoothUIServer.app/Contents/MacOS/BluetoothUIServer\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.bluetoothUIServer.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.bluetoothUIServer", "name": "com.apple.bluetoothUIServer.plist", "path": "/System/Library/LaunchAgents/com.apple.bluetoothUIServer.plist", - "label": "com.apple.bluetoothUIServer", "program": "/System/Library/CoreServices/BluetoothUIServer.app/Contents/MacOS/BluetoothUIServer" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.bluetoothUIServer\",\"name\":\"com.apple.bluetoothUIServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.bluetoothUIServer.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/BluetoothUIServer.app/Contents/MacOS/BluetoothUIServer\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.btsa\",\"name\":\"com.apple.btsa.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.btsa.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Bluetooth Setup Assistant.app/Contents/MacOS/Bluetooth Setup Assistant -autoConfigure\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.btsa.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Bluetooth Setup Assistant.app/Contents/MacOS/Bluetooth Setup Assistant -autoConfigure", + "label": "com.apple.btsa", "name": "com.apple.btsa.plist", "path": "/System/Library/LaunchAgents/com.apple.btsa.plist", - "label": "com.apple.btsa" + "program_arguments": "/System/Library/CoreServices/Bluetooth Setup Assistant.app/Contents/MacOS/Bluetooth Setup Assistant -autoConfigure" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.btsa\",\"name\":\"com.apple.btsa.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.btsa.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Bluetooth Setup Assistant.app/Contents/MacOS/Bluetooth Setup Assistant -autoConfigure\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cache_delete\",\"name\":\"com.apple.cache_delete.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cache_delete.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CacheDelete.framework/deleted\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cache_delete.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CacheDelete.framework/deleted", + "label": "com.apple.cache_delete", "name": "com.apple.cache_delete.plist", "path": "/System/Library/LaunchAgents/com.apple.cache_delete.plist", "process_type": "Adaptive", - "label": "com.apple.cache_delete" + "program_arguments": "/System/Library/PrivateFrameworks/CacheDelete.framework/deleted" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cache_delete\",\"name\":\"com.apple.cache_delete.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cache_delete.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CacheDelete.framework/deleted\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cdpd\",\"name\":\"com.apple.cdpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cdpd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreCDP.framework/Versions/A/Resources/cdpd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cdpd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CoreCDP.framework/Versions/A/Resources/cdpd", + "label": "com.apple.cdpd", "name": "com.apple.cdpd.plist", "path": "/System/Library/LaunchAgents/com.apple.cdpd.plist", - "label": "com.apple.cdpd" + "program_arguments": "/System/Library/PrivateFrameworks/CoreCDP.framework/Versions/A/Resources/cdpd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cdpd\",\"name\":\"com.apple.cdpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cdpd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreCDP.framework/Versions/A/Resources/cdpd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cfnetwork.AuthBrokerAgent\",\"name\":\"com.apple.cfnetwork.AuthBrokerAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cfnetwork.AuthBrokerAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CFNetwork.framework/Versions/A/Support/AuthBrokerAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cfnetwork.AuthBrokerAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CFNetwork.framework/Versions/A/Support/AuthBrokerAgent", + "label": "com.apple.cfnetwork.AuthBrokerAgent", "name": "com.apple.cfnetwork.AuthBrokerAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.cfnetwork.AuthBrokerAgent.plist", - "label": "com.apple.cfnetwork.AuthBrokerAgent" + "program_arguments": "/System/Library/Frameworks/CFNetwork.framework/Versions/A/Support/AuthBrokerAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cfnetwork.AuthBrokerAgent\",\"name\":\"com.apple.cfnetwork.AuthBrokerAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cfnetwork.AuthBrokerAgent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CFNetwork.framework/Versions/A/Support/AuthBrokerAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cfnetwork.cfnetworkagent\",\"name\":\"com.apple.cfnetwork.cfnetworkagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cfnetwork.cfnetworkagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CFNetwork.framework/Versions/A/Support/CFNetworkAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cfnetwork.cfnetworkagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CFNetwork.framework/Versions/A/Support/CFNetworkAgent", + "label": "com.apple.cfnetwork.cfnetworkagent", "name": "com.apple.cfnetwork.cfnetworkagent.plist", "path": "/System/Library/LaunchAgents/com.apple.cfnetwork.cfnetworkagent.plist", - "label": "com.apple.cfnetwork.cfnetworkagent" + "program_arguments": "/System/Library/Frameworks/CFNetwork.framework/Versions/A/Support/CFNetworkAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cfnetwork.cfnetworkagent\",\"name\":\"com.apple.cfnetwork.cfnetworkagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cfnetwork.cfnetworkagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CFNetwork.framework/Versions/A/Support/CFNetworkAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cfprefsd.xpc.agent\",\"name\":\"com.apple.cfprefsd.xpc.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cfprefsd.xpc.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/cfprefsd agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cfprefsd.xpc.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/cfprefsd agent", + "label": "com.apple.cfprefsd.xpc.agent", "name": "com.apple.cfprefsd.xpc.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.cfprefsd.xpc.agent.plist", - "label": "com.apple.cfprefsd.xpc.agent" + "program_arguments": "/usr/sbin/cfprefsd agent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cfprefsd.xpc.agent\",\"name\":\"com.apple.cfprefsd.xpc.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cfprefsd.xpc.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/cfprefsd agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cloudd\",\"name\":\"com.apple.cloudd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cloudd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cloudd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd", + "label": "com.apple.cloudd", "name": "com.apple.cloudd.plist", "path": "/System/Library/LaunchAgents/com.apple.cloudd.plist", - "label": "com.apple.cloudd" + "program_arguments": "/System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cloudd\",\"name\":\"com.apple.cloudd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cloudd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cloudpaird\",\"name\":\"com.apple.cloudpaird.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cloudpaird.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/cloudpaird\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cloudpaird.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.cloudpaird", "name": "com.apple.cloudpaird.plist", "path": "/System/Library/LaunchAgents/com.apple.cloudpaird.plist", - "label": "com.apple.cloudpaird", "program": "/System/Library/CoreServices/cloudpaird" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cloudpaird\",\"name\":\"com.apple.cloudpaird.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cloudpaird.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/cloudpaird\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cloudphotosd\",\"name\":\"com.apple.cloudphotosd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cloudphotosd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/CoreServices/cloudphotosd.app/Contents/MacOS/cloudphotosd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cloudphotosd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.cloudphotosd", "name": "com.apple.cloudphotosd.plist", "path": "/System/Library/LaunchAgents/com.apple.cloudphotosd.plist", "process_type": "Adaptive", - "label": "com.apple.cloudphotosd", "program": "/System/Library/CoreServices/cloudphotosd.app/Contents/MacOS/cloudphotosd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cloudphotosd\",\"name\":\"com.apple.cloudphotosd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cloudphotosd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/CoreServices/cloudphotosd.app/Contents/MacOS/cloudphotosd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmfsyncagent\",\"name\":\"com.apple.cmfsyncagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cmfsyncagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app/Contents/MacOS/CMFSyncAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cmfsyncagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app/Contents/MacOS/CMFSyncAgent", + "label": "com.apple.cmfsyncagent", "name": "com.apple.cmfsyncagent.plist", "path": "/System/Library/LaunchAgents/com.apple.cmfsyncagent.plist", - "label": "com.apple.cmfsyncagent" + "program_arguments": "/System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app/Contents/MacOS/CMFSyncAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cmfsyncagent\",\"name\":\"com.apple.cmfsyncagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cmfsyncagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app/Contents/MacOS/CMFSyncAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.colorsync.useragent\",\"name\":\"com.apple.colorsync.useragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.colorsync.useragent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.colorsync.useragent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent", - "path": "/System/Library/LaunchAgents/com.apple.colorsync.useragent.plist", - "run_at_load": "0", - "name": "com.apple.colorsync.useragent.plist", "disabled": "0", - "process_type": "Interactive", + "keep_alive": "0", "label": "com.apple.colorsync.useragent", - "keep_alive": "0" + "name": "com.apple.colorsync.useragent.plist", + "path": "/System/Library/LaunchAgents/com.apple.colorsync.useragent.plist", + "process_type": "Interactive", + "program_arguments": "/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent", + "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.colorsync.useragent\",\"name\":\"com.apple.colorsync.useragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.colorsync.useragent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.commerce\",\"name\":\"com.apple.commerce.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.commerce.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.commerce.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.commerce", "name": "com.apple.commerce.plist", "path": "/System/Library/LaunchAgents/com.apple.commerce.plist", - "label": "com.apple.commerce", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.commerce\",\"name\":\"com.apple.commerce.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.commerce.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.contacts.donation-agent\",\"name\":\"com.apple.contacts.donation-agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.contacts.donation-agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.contacts.donation-agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent", + "label": "com.apple.contacts.donation-agent", "name": "com.apple.contacts.donation-agent.plist", "path": "/System/Library/LaunchAgents/com.apple.contacts.donation-agent.plist", - "label": "com.apple.contacts.donation-agent" + "program_arguments": "/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.contacts.donation-agent\",\"name\":\"com.apple.contacts.donation-agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.contacts.donation-agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.controlstrip\",\"name\":\"com.apple.controlstrip.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.controlstrip.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/ControlStrip.app/Contents/MacOS/ControlStrip\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.controlstrip.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.controlstrip", "name": "com.apple.controlstrip.plist", "path": "/System/Library/LaunchAgents/com.apple.controlstrip.plist", "process_type": "App", - "label": "com.apple.controlstrip", "program": "/System/Library/CoreServices/ControlStrip.app/Contents/MacOS/ControlStrip" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.controlstrip\",\"name\":\"com.apple.controlstrip.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.controlstrip.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/ControlStrip.app/Contents/MacOS/ControlStrip\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreparsec.silhouette\",\"name\":\"com.apple.coreparsec.silhouette.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreparsec.silhouette.plist\",\"process_type\":\"Background\",\"program\":\"/usr/libexec/silhouette\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:51.000Z", "file": { "path": "/System/Library/LaunchAgents/com.apple.coreparsec.silhouette.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.coreparsec.silhouette", "name": "com.apple.coreparsec.silhouette.plist", "path": "/System/Library/LaunchAgents/com.apple.coreparsec.silhouette.plist", "process_type": "Background", - "label": "com.apple.coreparsec.silhouette", "program": "/usr/libexec/silhouette" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreparsec.silhouette\",\"name\":\"com.apple.coreparsec.silhouette.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreparsec.silhouette.plist\",\"process_type\":\"Background\",\"program\":\"/usr/libexec/silhouette\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.UASharedPasteboardProgressUI\",\"name\":\"com.apple.coreservices.UASharedPasteboardProgressUI.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreservices.UASharedPasteboardProgressUI.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/UserActivity.framework/Agents/UASharedPasteboardProgressUI.app/Contents/MacOS/UASharedPasteboardProgressUI\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.coreservices.UASharedPasteboardProgressUI.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/UserActivity.framework/Agents/UASharedPasteboardProgressUI.app/Contents/MacOS/UASharedPasteboardProgressUI", + "label": "com.apple.coreservices.UASharedPasteboardProgressUI", "name": "com.apple.coreservices.UASharedPasteboardProgressUI.plist", "path": "/System/Library/LaunchAgents/com.apple.coreservices.UASharedPasteboardProgressUI.plist", - "label": "com.apple.coreservices.UASharedPasteboardProgressUI", + "program_arguments": "/System/Library/PrivateFrameworks/UserActivity.framework/Agents/UASharedPasteboardProgressUI.app/Contents/MacOS/UASharedPasteboardProgressUI", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.UASharedPasteboardProgressUI\",\"name\":\"com.apple.coreservices.UASharedPasteboardProgressUI.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreservices.UASharedPasteboardProgressUI.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/UserActivity.framework/Agents/UASharedPasteboardProgressUI.app/Contents/MacOS/UASharedPasteboardProgressUI\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.appleid.authentication\",\"name\":\"com.apple.coreservices.appleid.authentication.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreservices.appleid.authentication.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/AppleIDAuthAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.coreservices.appleid.authentication.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.coreservices.appleid.authentication", "name": "com.apple.coreservices.appleid.authentication.plist", "path": "/System/Library/LaunchAgents/com.apple.coreservices.appleid.authentication.plist", - "label": "com.apple.coreservices.appleid.authentication", "program": "/System/Library/CoreServices/AppleIDAuthAgent", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.appleid.authentication\",\"name\":\"com.apple.coreservices.appleid.authentication.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreservices.appleid.authentication.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/AppleIDAuthAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.useractivityd\",\"name\":\"com.apple.coreservices.lsactivity.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreservices.lsactivity.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/UserActivity.framework/Agents/useractivityd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.coreservices.lsactivity.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/UserActivity.framework/Agents/useractivityd", + "label": "com.apple.coreservices.useractivityd", "name": "com.apple.coreservices.lsactivity.plist", "path": "/System/Library/LaunchAgents/com.apple.coreservices.lsactivity.plist", - "label": "com.apple.coreservices.useractivityd", + "program_arguments": "/System/Library/PrivateFrameworks/UserActivity.framework/Agents/useractivityd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.useractivityd\",\"name\":\"com.apple.coreservices.lsactivity.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreservices.lsactivity.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/UserActivity.framework/Agents/useractivityd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.sharedfilelistd\",\"name\":\"com.apple.coreservices.sharedfilelistd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreservices.sharedfilelistd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/sharedfilelistd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.coreservices.sharedfilelistd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/sharedfilelistd", + "label": "com.apple.coreservices.sharedfilelistd", "name": "com.apple.coreservices.sharedfilelistd.plist", "path": "/System/Library/LaunchAgents/com.apple.coreservices.sharedfilelistd.plist", - "label": "com.apple.coreservices.sharedfilelistd", + "program_arguments": "/System/Library/CoreServices/sharedfilelistd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.sharedfilelistd\",\"name\":\"com.apple.coreservices.sharedfilelistd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreservices.sharedfilelistd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/sharedfilelistd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.uiagent\",\"name\":\"com.apple.coreservices.uiagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreservices.uiagent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/CoreServicesUIAgent.app/Contents/MacOS/CoreServicesUIAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.coreservices.uiagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.coreservices.uiagent", "name": "com.apple.coreservices.uiagent.plist", "path": "/System/Library/LaunchAgents/com.apple.coreservices.uiagent.plist", - "label": "com.apple.coreservices.uiagent", "program": "/System/Library/CoreServices/CoreServicesUIAgent.app/Contents/MacOS/CoreServicesUIAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.coreservices.uiagent\",\"name\":\"com.apple.coreservices.uiagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.coreservices.uiagent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/CoreServicesUIAgent.app/Contents/MacOS/CoreServicesUIAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.corespotlightd\",\"name\":\"com.apple.corespotlightd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.corespotlightd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/corespotlightd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.corespotlightd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/corespotlightd", + "label": "com.apple.corespotlightd", "name": "com.apple.corespotlightd.plist", "path": "/System/Library/LaunchAgents/com.apple.corespotlightd.plist", - "label": "com.apple.corespotlightd" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/corespotlightd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.corespotlightd\",\"name\":\"com.apple.corespotlightd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.corespotlightd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/corespotlightd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.csuseragent\",\"name\":\"com.apple.csuseragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.csuseragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/CSUserAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.csuseragent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/CSUserAgent", + "label": "com.apple.csuseragent", "name": "com.apple.csuseragent.plist", "path": "/System/Library/LaunchAgents/com.apple.csuseragent.plist", - "label": "com.apple.csuseragent" + "program_arguments": "/System/Library/CoreServices/CSUserAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.csuseragent\",\"name\":\"com.apple.csuseragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.csuseragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/CSUserAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ctkbind\",\"name\":\"com.apple.ctkbind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ctkbind.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CryptoTokenKit.framework/ctkbind.bundle/Contents/MacOS/ctkbind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ctkbind.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CryptoTokenKit.framework/ctkbind.bundle/Contents/MacOS/ctkbind", + "label": "com.apple.ctkbind", "name": "com.apple.ctkbind.plist", "path": "/System/Library/LaunchAgents/com.apple.ctkbind.plist", - "label": "com.apple.ctkbind", + "program_arguments": "/System/Library/Frameworks/CryptoTokenKit.framework/ctkbind.bundle/Contents/MacOS/ctkbind", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ctkbind\",\"name\":\"com.apple.ctkbind.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ctkbind.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CryptoTokenKit.framework/ctkbind.bundle/Contents/MacOS/ctkbind\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ctkd\",\"name\":\"com.apple.ctkd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ctkd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -tw\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.ctkd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -tw", + "label": "com.apple.ctkd", "name": "com.apple.ctkd.plist", "path": "/System/Library/LaunchAgents/com.apple.ctkd.plist", - "label": "com.apple.ctkd", + "program_arguments": "/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -tw", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.ctkd\",\"name\":\"com.apple.ctkd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.ctkd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -tw\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3425AMD_i386\",\"name\":\"com.apple.cvmsCompAgent3425AMD_i386.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_i386.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 6\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_i386.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 6", + "label": "com.apple.cvmsCompAgent3425AMD_i386", "name": "com.apple.cvmsCompAgent3425AMD_i386.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_i386.plist", - "label": "com.apple.cvmsCompAgent3425AMD_i386" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 6" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3425AMD_i386\",\"name\":\"com.apple.cvmsCompAgent3425AMD_i386.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_i386.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 6\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3425AMD_i386_1\",\"name\":\"com.apple.cvmsCompAgent3425AMD_i386_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_i386_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 7\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_i386_1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 7", + "label": "com.apple.cvmsCompAgent3425AMD_i386_1", "name": "com.apple.cvmsCompAgent3425AMD_i386_1.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_i386_1.plist", - "label": "com.apple.cvmsCompAgent3425AMD_i386_1" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 7" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3425AMD_i386_1\",\"name\":\"com.apple.cvmsCompAgent3425AMD_i386_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_i386_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 7\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3425AMD_x86_64\",\"name\":\"com.apple.cvmsCompAgent3425AMD_x86_64.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_x86_64.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 6\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_x86_64.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 6", + "label": "com.apple.cvmsCompAgent3425AMD_x86_64", "name": "com.apple.cvmsCompAgent3425AMD_x86_64.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_x86_64.plist", - "label": "com.apple.cvmsCompAgent3425AMD_x86_64" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 6" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3425AMD_x86_64\",\"name\":\"com.apple.cvmsCompAgent3425AMD_x86_64.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_x86_64.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 6\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3425AMD_x86_64_1\",\"name\":\"com.apple.cvmsCompAgent3425AMD_x86_64_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_x86_64_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 7\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_x86_64_1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 7", + "label": "com.apple.cvmsCompAgent3425AMD_x86_64_1", "name": "com.apple.cvmsCompAgent3425AMD_x86_64_1.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_x86_64_1.plist", - "label": "com.apple.cvmsCompAgent3425AMD_x86_64_1" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 7" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3425AMD_x86_64_1\",\"name\":\"com.apple.cvmsCompAgent3425AMD_x86_64_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3425AMD_x86_64_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3425AMD/CVMCompiler 7\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3600_i386\",\"name\":\"com.apple.cvmsCompAgent3600_i386.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_i386.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 4\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_i386.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 4", + "label": "com.apple.cvmsCompAgent3600_i386", "name": "com.apple.cvmsCompAgent3600_i386.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_i386.plist", - "label": "com.apple.cvmsCompAgent3600_i386" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 4" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3600_i386\",\"name\":\"com.apple.cvmsCompAgent3600_i386.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_i386.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 4\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3600_i386_1\",\"name\":\"com.apple.cvmsCompAgent3600_i386_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_i386_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 5\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_i386_1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 5", + "label": "com.apple.cvmsCompAgent3600_i386_1", "name": "com.apple.cvmsCompAgent3600_i386_1.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_i386_1.plist", - "label": "com.apple.cvmsCompAgent3600_i386_1" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 5" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3600_i386_1\",\"name\":\"com.apple.cvmsCompAgent3600_i386_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_i386_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 5\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3600_x86_64\",\"name\":\"com.apple.cvmsCompAgent3600_x86_64.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_x86_64.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 4\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_x86_64.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 4", + "label": "com.apple.cvmsCompAgent3600_x86_64", "name": "com.apple.cvmsCompAgent3600_x86_64.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_x86_64.plist", - "label": "com.apple.cvmsCompAgent3600_x86_64" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 4" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3600_x86_64\",\"name\":\"com.apple.cvmsCompAgent3600_x86_64.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_x86_64.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 4\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3600_x86_64_1\",\"name\":\"com.apple.cvmsCompAgent3600_x86_64_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_x86_64_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 5\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_x86_64_1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 5", + "label": "com.apple.cvmsCompAgent3600_x86_64_1", "name": "com.apple.cvmsCompAgent3600_x86_64_1.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_x86_64_1.plist", - "label": "com.apple.cvmsCompAgent3600_x86_64_1" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 5" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent3600_x86_64_1\",\"name\":\"com.apple.cvmsCompAgent3600_x86_64_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent3600_x86_64_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/3600/CVMCompiler 5\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgentLegacy_i386\",\"name\":\"com.apple.cvmsCompAgentLegacy_i386.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_i386.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_i386.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler", + "label": "com.apple.cvmsCompAgentLegacy_i386", "name": "com.apple.cvmsCompAgentLegacy_i386.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_i386.plist", - "label": "com.apple.cvmsCompAgentLegacy_i386" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgentLegacy_i386\",\"name\":\"com.apple.cvmsCompAgentLegacy_i386.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_i386.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgentLegacy_i386_1\",\"name\":\"com.apple.cvmsCompAgentLegacy_i386_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_i386_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler 1\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_i386_1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler 1", + "label": "com.apple.cvmsCompAgentLegacy_i386_1", "name": "com.apple.cvmsCompAgentLegacy_i386_1.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_i386_1.plist", - "label": "com.apple.cvmsCompAgentLegacy_i386_1" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler 1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgentLegacy_i386_1\",\"name\":\"com.apple.cvmsCompAgentLegacy_i386_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_i386_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler 1\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgentLegacy_x86_64\",\"name\":\"com.apple.cvmsCompAgentLegacy_x86_64.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_x86_64.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_x86_64.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler", + "label": "com.apple.cvmsCompAgentLegacy_x86_64", "name": "com.apple.cvmsCompAgentLegacy_x86_64.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_x86_64.plist", - "label": "com.apple.cvmsCompAgentLegacy_x86_64" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgentLegacy_x86_64\",\"name\":\"com.apple.cvmsCompAgentLegacy_x86_64.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_x86_64.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgentLegacy_x86_64_1\",\"name\":\"com.apple.cvmsCompAgentLegacy_x86_64_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_x86_64_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler 1\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_x86_64_1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler 1", + "label": "com.apple.cvmsCompAgentLegacy_x86_64_1", "name": "com.apple.cvmsCompAgentLegacy_x86_64_1.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_x86_64_1.plist", - "label": "com.apple.cvmsCompAgentLegacy_x86_64_1" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler 1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgentLegacy_x86_64_1\",\"name\":\"com.apple.cvmsCompAgentLegacy_x86_64_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgentLegacy_x86_64_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Legacy/CVMCompiler 1\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent_i386\",\"name\":\"com.apple.cvmsCompAgent_i386.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent_i386.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 2\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent_i386.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 2", + "label": "com.apple.cvmsCompAgent_i386", "name": "com.apple.cvmsCompAgent_i386.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent_i386.plist", - "label": "com.apple.cvmsCompAgent_i386" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 2" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent_i386\",\"name\":\"com.apple.cvmsCompAgent_i386.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent_i386.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 2\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent_i386_1\",\"name\":\"com.apple.cvmsCompAgent_i386_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent_i386_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 3\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent_i386_1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 3", + "label": "com.apple.cvmsCompAgent_i386_1", "name": "com.apple.cvmsCompAgent_i386_1.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent_i386_1.plist", - "label": "com.apple.cvmsCompAgent_i386_1" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 3" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent_i386_1\",\"name\":\"com.apple.cvmsCompAgent_i386_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent_i386_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 3\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent_x86_64\",\"name\":\"com.apple.cvmsCompAgent_x86_64.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent_x86_64.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 2\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent_x86_64.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 2", + "label": "com.apple.cvmsCompAgent_x86_64", "name": "com.apple.cvmsCompAgent_x86_64.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent_x86_64.plist", - "label": "com.apple.cvmsCompAgent_x86_64" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 2" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent_x86_64\",\"name\":\"com.apple.cvmsCompAgent_x86_64.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent_x86_64.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 2\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent_x86_64_1\",\"name\":\"com.apple.cvmsCompAgent_x86_64_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent_x86_64_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 3\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent_x86_64_1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 3", + "label": "com.apple.cvmsCompAgent_x86_64_1", "name": "com.apple.cvmsCompAgent_x86_64_1.plist", "path": "/System/Library/LaunchAgents/com.apple.cvmsCompAgent_x86_64_1.plist", - "label": "com.apple.cvmsCompAgent_x86_64_1" + "program_arguments": "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 3" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.cvmsCompAgent_x86_64_1\",\"name\":\"com.apple.cvmsCompAgent_x86_64_1.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.cvmsCompAgent_x86_64_1.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 3\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.diagnostics_agent\",\"name\":\"com.apple.diagnostics_agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.diagnostics_agent.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/diagnostics_agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.diagnostics_agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/diagnostics_agent", - "path": "/System/Library/LaunchAgents/com.apple.diagnostics_agent.plist", - "run_at_load": "1", + "keep_alive": "1", + "label": "com.apple.diagnostics_agent", "name": "com.apple.diagnostics_agent.plist", + "path": "/System/Library/LaunchAgents/com.apple.diagnostics_agent.plist", "process_type": "Background", - "label": "com.apple.diagnostics_agent", - "keep_alive": "1" + "program_arguments": "/System/Library/CoreServices/diagnostics_agent", + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.diagnostics_agent\",\"name\":\"com.apple.diagnostics_agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.diagnostics_agent.plist\",\"process_type\":\"Background\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/diagnostics_agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diskspaced\",\"name\":\"com.apple.diskspaced.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.diskspaced.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/StorageManagement.framework/Resources/diskspaced\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.diskspaced.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.diskspaced", "name": "com.apple.diskspaced.plist", "path": "/System/Library/LaunchAgents/com.apple.diskspaced.plist", - "label": "com.apple.diskspaced", "program": "/System/Library/PrivateFrameworks/StorageManagement.framework/Resources/diskspaced" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.diskspaced\",\"name\":\"com.apple.diskspaced.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.diskspaced.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/StorageManagement.framework/Resources/diskspaced\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.distnoted.xpc.agent\",\"name\":\"com.apple.distnoted.xpc.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.distnoted.xpc.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/distnoted agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.distnoted.xpc.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/distnoted agent", + "label": "com.apple.distnoted.xpc.agent", "name": "com.apple.distnoted.xpc.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.distnoted.xpc.agent.plist", - "label": "com.apple.distnoted.xpc.agent" + "program_arguments": "/usr/sbin/distnoted agent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.distnoted.xpc.agent\",\"name\":\"com.apple.distnoted.xpc.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.distnoted.xpc.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/distnoted agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dmd\",\"name\":\"com.apple.dmd.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.dmd.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/dmd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.dmd.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/dmd", + "label": "com.apple.dmd", "name": "com.apple.dmd.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.dmd.agent.plist", - "label": "com.apple.dmd", + "program_arguments": "/usr/libexec/dmd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dmd\",\"name\":\"com.apple.dmd.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.dmd.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/dmd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dt.CommandLineTools.installondemand\",\"name\":\"com.apple.dt.CommandLineTools.installondemand.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.dt.CommandLineTools.installondemand.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/CoreServices/Install Command Line Developer Tools.app/Contents/MacOS/Install Command Line Developer Tools\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.dt.CommandLineTools.installondemand.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.dt.CommandLineTools.installondemand", "name": "com.apple.dt.CommandLineTools.installondemand.plist", "path": "/System/Library/LaunchAgents/com.apple.dt.CommandLineTools.installondemand.plist", "process_type": "Interactive", - "label": "com.apple.dt.CommandLineTools.installondemand", "program": "/System/Library/CoreServices/Install Command Line Developer Tools.app/Contents/MacOS/Install Command Line Developer Tools" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.dt.CommandLineTools.installondemand\",\"name\":\"com.apple.dt.CommandLineTools.installondemand.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.dt.CommandLineTools.installondemand.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/CoreServices/Install Command Line Developer Tools.app/Contents/MacOS/Install Command Line Developer Tools\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.eospreflightagent\",\"name\":\"com.apple.eospreflightagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.eospreflightagent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/EmbeddedOSInstall.framework/Versions/A/Resources/eospreflightagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.eospreflightagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.eospreflightagent", "name": "com.apple.eospreflightagent.plist", "path": "/System/Library/LaunchAgents/com.apple.eospreflightagent.plist", "process_type": "Adaptive", - "label": "com.apple.eospreflightagent", "program": "/System/Library/PrivateFrameworks/EmbeddedOSInstall.framework/Versions/A/Resources/eospreflightagent", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.eospreflightagent\",\"name\":\"com.apple.eospreflightagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.eospreflightagent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/EmbeddedOSInstall.framework/Versions/A/Resources/eospreflightagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.familycircled\",\"name\":\"com.apple.familycircled.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.familycircled.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FamilyCircle.framework/Versions/A/Resources/familycircled\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.familycircled.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.familycircled", "name": "com.apple.familycircled.plist", "path": "/System/Library/LaunchAgents/com.apple.familycircled.plist", - "label": "com.apple.familycircled", "program": "/System/Library/PrivateFrameworks/FamilyCircle.framework/Versions/A/Resources/familycircled" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.familycircled\",\"name\":\"com.apple.familycircled.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.familycircled.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FamilyCircle.framework/Versions/A/Resources/familycircled\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.familycontrols.useragent\",\"name\":\"com.apple.familycontrols.useragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.familycontrols.useragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/ParentalControls.app/Contents/MacOS/ParentalControls\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.familycontrols.useragent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/ParentalControls.app/Contents/MacOS/ParentalControls", + "label": "com.apple.familycontrols.useragent", "name": "com.apple.familycontrols.useragent.plist", "path": "/System/Library/LaunchAgents/com.apple.familycontrols.useragent.plist", - "label": "com.apple.familycontrols.useragent" + "program_arguments": "/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/ParentalControls.app/Contents/MacOS/ParentalControls" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.familycontrols.useragent\",\"name\":\"com.apple.familycontrols.useragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.familycontrols.useragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/ParentalControls.app/Contents/MacOS/ParentalControls\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.familynotificationd\",\"name\":\"com.apple.familynotificationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.familynotificationd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FamilyNotification.framework/Versions/A/Resources/Family.app/Contents/MacOS/Family\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.familynotificationd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.familynotificationd", "name": "com.apple.familynotificationd.plist", "path": "/System/Library/LaunchAgents/com.apple.familynotificationd.plist", - "label": "com.apple.familynotificationd", "program": "/System/Library/PrivateFrameworks/FamilyNotification.framework/Versions/A/Resources/Family.app/Contents/MacOS/Family" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.familynotificationd\",\"name\":\"com.apple.familynotificationd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.familynotificationd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FamilyNotification.framework/Versions/A/Resources/Family.app/Contents/MacOS/Family\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.findmymacmessenger\",\"name\":\"com.apple.findmymacmessenger.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.findmymacmessenger.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FindMyMac.framework/Resources/FindMyMacMessenger.app/Contents/MacOS/FindMyMacMessenger\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.findmymacmessenger.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.findmymacmessenger", "name": "com.apple.findmymacmessenger.plist", "path": "/System/Library/LaunchAgents/com.apple.findmymacmessenger.plist", - "label": "com.apple.findmymacmessenger", "program": "/System/Library/PrivateFrameworks/FindMyMac.framework/Resources/FindMyMacMessenger.app/Contents/MacOS/FindMyMacMessenger" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.findmymacmessenger\",\"name\":\"com.apple.findmymacmessenger.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.findmymacmessenger.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FindMyMac.framework/Resources/FindMyMacMessenger.app/Contents/MacOS/FindMyMacMessenger\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.followupd\",\"name\":\"com.apple.followupd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.followupd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Support/followupd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.followupd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Support/followupd", + "label": "com.apple.followupd", "name": "com.apple.followupd.plist", "path": "/System/Library/LaunchAgents/com.apple.followupd.plist", - "label": "com.apple.followupd" + "program_arguments": "/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Support/followupd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.followupd\",\"name\":\"com.apple.followupd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.followupd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Support/followupd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.fontd\",\"name\":\"com.apple.fontd.useragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.fontd.useragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/fontd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.fontd.useragent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/fontd", + "label": "com.apple.fontd", "name": "com.apple.fontd.useragent.plist", "path": "/System/Library/LaunchAgents/com.apple.fontd.useragent.plist", - "label": "com.apple.fontd" + "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/fontd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.fontd\",\"name\":\"com.apple.fontd.useragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.fontd.useragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/fontd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.gamed\",\"name\":\"com.apple.gamed.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.gamed.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/GameCenterFoundation.framework/Versions/A/gamed\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.gamed.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/GameCenterFoundation.framework/Versions/A/gamed", + "label": "com.apple.gamed", "name": "com.apple.gamed.plist", "path": "/System/Library/LaunchAgents/com.apple.gamed.plist", - "label": "com.apple.gamed" + "program_arguments": "/System/Library/PrivateFrameworks/GameCenterFoundation.framework/Versions/A/gamed" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.gamed\",\"name\":\"com.apple.gamed.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.gamed.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/GameCenterFoundation.framework/Versions/A/gamed\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.helpd\",\"name\":\"com.apple.helpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.helpd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/Applications/ /Applications/Utilities/\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.helpd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "watch_paths": "/Applications/ /Applications/Utilities/", + "label": "com.apple.helpd", "name": "com.apple.helpd.plist", "path": "/System/Library/LaunchAgents/com.apple.helpd.plist", - "label": "com.apple.helpd", - "program": "/System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd" + "program": "/System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd", + "watch_paths": "/Applications/ /Applications/Utilities/" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.helpd\",\"name\":\"com.apple.helpd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.helpd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/Applications/ /Applications/Utilities/\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.iCloudUserNotificationsd\",\"name\":\"com.apple.iCloudUserNotifications.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.iCloudUserNotifications.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/AOSAccounts.framework/Versions/A/Resources/iCloudUserNotificationsd.app/Contents/MacOS/iCloudUserNotificationsd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.iCloudUserNotifications.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.iCloudUserNotificationsd", "name": "com.apple.iCloudUserNotifications.plist", "path": "/System/Library/LaunchAgents/com.apple.iCloudUserNotifications.plist", - "label": "com.apple.iCloudUserNotificationsd", "program": "/System/Library/PrivateFrameworks/AOSAccounts.framework/Versions/A/Resources/iCloudUserNotificationsd.app/Contents/MacOS/iCloudUserNotificationsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.iCloudUserNotificationsd\",\"name\":\"com.apple.iCloudUserNotifications.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.iCloudUserNotifications.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/AOSAccounts.framework/Versions/A/Resources/iCloudUserNotificationsd.app/Contents/MacOS/iCloudUserNotificationsd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.icdd\",\"name\":\"com.apple.icdd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.icdd.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Image Capture/Support/icdd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.icdd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Image Capture/Support/icdd", - "path": "/System/Library/LaunchAgents/com.apple.icdd.plist", - "run_at_load": "1", - "name": "com.apple.icdd.plist", "disabled": "0", - "process_type": "Interactive", + "keep_alive": "1", "label": "com.apple.icdd", - "keep_alive": "1" + "name": "com.apple.icdd.plist", + "path": "/System/Library/LaunchAgents/com.apple.icdd.plist", + "process_type": "Interactive", + "program_arguments": "/System/Library/Image Capture/Support/icdd", + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.icdd\",\"name\":\"com.apple.icdd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.icdd.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Image Capture/Support/icdd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.icloud.findmydeviced.findmydevice-user-agent\",\"name\":\"com.apple.icloud.findmydeviced.findmydevice-user-agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.icloud.findmydeviced.findmydevice-user-agent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/findmydevice-user-agent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.icloud.findmydeviced.findmydevice-user-agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.icloud.findmydeviced.findmydevice-user-agent", "name": "com.apple.icloud.findmydeviced.findmydevice-user-agent.plist", "path": "/System/Library/LaunchAgents/com.apple.icloud.findmydeviced.findmydevice-user-agent.plist", - "label": "com.apple.icloud.findmydeviced.findmydevice-user-agent", "program": "/usr/libexec/findmydevice-user-agent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.icloud.findmydeviced.findmydevice-user-agent\",\"name\":\"com.apple.icloud.findmydeviced.findmydevice-user-agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.icloud.findmydeviced.findmydevice-user-agent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/findmydevice-user-agent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.icloud.fmfd\",\"name\":\"com.apple.icloud.fmfd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.icloud.fmfd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/fmfd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.icloud.fmfd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.icloud.fmfd", "name": "com.apple.icloud.fmfd.plist", "path": "/System/Library/LaunchAgents/com.apple.icloud.fmfd.plist", - "label": "com.apple.icloud.fmfd", "program": "/usr/libexec/fmfd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.icloud.fmfd\",\"name\":\"com.apple.icloud.fmfd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.icloud.fmfd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/fmfd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.iconservices.iconservicesagent\",\"name\":\"com.apple.iconservices.iconservicesagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.iconservices.iconservicesagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/iconservicesagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.iconservices.iconservicesagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/iconservicesagent", + "label": "com.apple.iconservices.iconservicesagent", "name": "com.apple.iconservices.iconservicesagent.plist", "path": "/System/Library/LaunchAgents/com.apple.iconservices.iconservicesagent.plist", - "label": "com.apple.iconservices.iconservicesagent", + "program_arguments": "/System/Library/CoreServices/iconservicesagent", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.iconservices.iconservicesagent\",\"name\":\"com.apple.iconservices.iconservicesagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.iconservices.iconservicesagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/iconservicesagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.identityservicesd\",\"name\":\"com.apple.identityservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.identityservicesd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.identityservicesd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd", + "label": "com.apple.identityservicesd", "name": "com.apple.identityservicesd.plist", "path": "/System/Library/LaunchAgents/com.apple.identityservicesd.plist", - "label": "com.apple.identityservicesd" + "program_arguments": "/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.identityservicesd\",\"name\":\"com.apple.identityservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.identityservicesd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.idsfoundation.IDSRemoteURLConnectionAgent\",\"name\":\"com.apple.idsremoteurlconnectionagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.idsremoteurlconnectionagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app/Contents/MacOS/IDSRemoteURLConnectionAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.idsremoteurlconnectionagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app/Contents/MacOS/IDSRemoteURLConnectionAgent", + "label": "com.apple.idsfoundation.IDSRemoteURLConnectionAgent", "name": "com.apple.idsremoteurlconnectionagent.plist", "path": "/System/Library/LaunchAgents/com.apple.idsremoteurlconnectionagent.plist", - "label": "com.apple.idsfoundation.IDSRemoteURLConnectionAgent" + "program_arguments": "/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app/Contents/MacOS/IDSRemoteURLConnectionAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.idsfoundation.IDSRemoteURLConnectionAgent\",\"name\":\"com.apple.idsremoteurlconnectionagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.idsremoteurlconnectionagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app/Contents/MacOS/IDSRemoteURLConnectionAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.imagent\",\"name\":\"com.apple.imagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.imagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/imagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.imagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/imagent", + "label": "com.apple.imagent", "name": "com.apple.imagent.plist", "path": "/System/Library/LaunchAgents/com.apple.imagent.plist", - "label": "com.apple.imagent" + "program_arguments": "/System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/imagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.imagent\",\"name\":\"com.apple.imagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.imagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/imagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.imautomatichistorydeletionagent\",\"name\":\"com.apple.imautomatichistorydeletionagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.imautomatichistorydeletionagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IMDPersistence.framework/IMAutomaticHistoryDeletionAgent.app/Contents/MacOS/IMAutomaticHistoryDeletionAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.imautomatichistorydeletionagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/IMDPersistence.framework/IMAutomaticHistoryDeletionAgent.app/Contents/MacOS/IMAutomaticHistoryDeletionAgent", + "label": "com.apple.imautomatichistorydeletionagent", "name": "com.apple.imautomatichistorydeletionagent.plist", "path": "/System/Library/LaunchAgents/com.apple.imautomatichistorydeletionagent.plist", - "label": "com.apple.imautomatichistorydeletionagent" + "program_arguments": "/System/Library/PrivateFrameworks/IMDPersistence.framework/IMAutomaticHistoryDeletionAgent.app/Contents/MacOS/IMAutomaticHistoryDeletionAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.imautomatichistorydeletionagent\",\"name\":\"com.apple.imautomatichistorydeletionagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.imautomatichistorydeletionagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IMDPersistence.framework/IMAutomaticHistoryDeletionAgent.app/Contents/MacOS/IMAutomaticHistoryDeletionAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.imavagent\",\"name\":\"com.apple.imavagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.imavagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IMAVCore.framework/imavagent.app/Contents/MacOS/imavagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.imavagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/IMAVCore.framework/imavagent.app/Contents/MacOS/imavagent", + "label": "com.apple.imavagent", "name": "com.apple.imavagent.plist", "path": "/System/Library/LaunchAgents/com.apple.imavagent.plist", - "label": "com.apple.imavagent" + "program_arguments": "/System/Library/PrivateFrameworks/IMAVCore.framework/imavagent.app/Contents/MacOS/imavagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.imavagent\",\"name\":\"com.apple.imavagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.imavagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IMAVCore.framework/imavagent.app/Contents/MacOS/imavagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.imklaunchagent\",\"name\":\"com.apple.imklaunchagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.imklaunchagent.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.imklaunchagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.apple.imklaunchagent", "name": "com.apple.imklaunchagent.plist", "path": "/System/Library/LaunchAgents/com.apple.imklaunchagent.plist", "process_type": "Interactive", - "label": "com.apple.imklaunchagent", - "program": "/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent", - "keep_alive": "1" + "program": "/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.imklaunchagent\",\"name\":\"com.apple.imklaunchagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.imklaunchagent.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.imcore.imtransferagent\",\"name\":\"com.apple.imtransferagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.imtransferagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app/Contents/MacOS/IMTransferAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.imtransferagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app/Contents/MacOS/IMTransferAgent", + "label": "com.apple.imcore.imtransferagent", "name": "com.apple.imtransferagent.plist", "path": "/System/Library/LaunchAgents/com.apple.imtransferagent.plist", - "label": "com.apple.imcore.imtransferagent" + "program_arguments": "/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app/Contents/MacOS/IMTransferAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.imcore.imtransferagent\",\"name\":\"com.apple.imtransferagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.imtransferagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app/Contents/MacOS/IMTransferAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installandsetup.migrationhelper.user\",\"name\":\"com.apple.installandsetup.migrationhelper.user.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.installandsetup.migrationhelper.user.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/migrationhelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.installandsetup.migrationhelper.user.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/migrationhelper", + "label": "com.apple.installandsetup.migrationhelper.user", "name": "com.apple.installandsetup.migrationhelper.user.plist", "path": "/System/Library/LaunchAgents/com.apple.installandsetup.migrationhelper.user.plist", - "label": "com.apple.installandsetup.migrationhelper.user" + "program_arguments": "/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/migrationhelper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installandsetup.migrationhelper.user\",\"name\":\"com.apple.installandsetup.migrationhelper.user.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.installandsetup.migrationhelper.user.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/migrationhelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installd.user\",\"name\":\"com.apple.installd.user.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.installd.user.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.installd.user.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd", + "label": "com.apple.installd.user", "name": "com.apple.installd.user.plist", "path": "/System/Library/LaunchAgents/com.apple.installd.user.plist", - "label": "com.apple.installd.user" + "program_arguments": "/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installd.user\",\"name\":\"com.apple.installd.user.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.installd.user.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installerauthagent\",\"name\":\"com.apple.installerauthagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.installerauthagent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/IASUtilities.framework/Versions/A/Resources/installerauthagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.installerauthagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.installerauthagent", "name": "com.apple.installerauthagent.plist", "path": "/System/Library/LaunchAgents/com.apple.installerauthagent.plist", "process_type": "Adaptive", - "label": "com.apple.installerauthagent", "program": "/System/Library/PrivateFrameworks/IASUtilities.framework/Versions/A/Resources/installerauthagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.installerauthagent\",\"name\":\"com.apple.installerauthagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.installerauthagent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/IASUtilities.framework/Versions/A/Resources/installerauthagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.isst\",\"name\":\"com.apple.isst.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.isst.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Menu Extras/TextInput.menu/Contents/SharedSupport/isst\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.isst.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.isst", "name": "com.apple.isst.plist", "path": "/System/Library/LaunchAgents/com.apple.isst.plist", - "label": "com.apple.isst", "program": "/System/Library/CoreServices/Menu Extras/TextInput.menu/Contents/SharedSupport/isst", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.isst\",\"name\":\"com.apple.isst.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.isst.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/Menu Extras/TextInput.menu/Contents/SharedSupport/isst\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.java.InstallOnDemand\",\"name\":\"com.apple.java.InstallOnDemand.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.java.InstallOnDemand.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Java/Support/CoreDeploy.bundle/Contents/Download Java Components.app/Contents/MacOS/Download Java Components\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.java.InstallOnDemand.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.java.InstallOnDemand", "name": "com.apple.java.InstallOnDemand.plist", "path": "/System/Library/LaunchAgents/com.apple.java.InstallOnDemand.plist", - "label": "com.apple.java.InstallOnDemand", "program": "/System/Library/Java/Support/CoreDeploy.bundle/Contents/Download Java Components.app/Contents/MacOS/Download Java Components", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.java.InstallOnDemand\",\"name\":\"com.apple.java.InstallOnDemand.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.java.InstallOnDemand.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Java/Support/CoreDeploy.bundle/Contents/Download Java Components.app/Contents/MacOS/Download Java Components\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.keyboardservicesd\",\"name\":\"com.apple.keyboardservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.keyboardservicesd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/keyboardservicesd\",\"program_arguments\":\"/usr/libexec/keyboardservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.keyboardservicesd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/keyboardservicesd", + "label": "com.apple.keyboardservicesd", "name": "com.apple.keyboardservicesd.plist", "path": "/System/Library/LaunchAgents/com.apple.keyboardservicesd.plist", - "label": "com.apple.keyboardservicesd", - "program": "/usr/libexec/keyboardservicesd" + "program": "/usr/libexec/keyboardservicesd", + "program_arguments": "/usr/libexec/keyboardservicesd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.keyboardservicesd\",\"name\":\"com.apple.keyboardservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.keyboardservicesd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/keyboardservicesd\",\"program_arguments\":\"/usr/libexec/keyboardservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.knowledge-agent\",\"name\":\"com.apple.knowledge-agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.knowledge-agent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/knowledge-agent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.knowledge-agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "path": "/System/Library/LaunchAgents/com.apple.knowledge-agent.plist", - "run_at_load": "1", + "keep_alive": "0", + "label": "com.apple.knowledge-agent", "name": "com.apple.knowledge-agent.plist", + "path": "/System/Library/LaunchAgents/com.apple.knowledge-agent.plist", "process_type": "Adaptive", - "label": "com.apple.knowledge-agent", "program": "/usr/libexec/knowledge-agent", - "keep_alive": "0" + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.knowledge-agent\",\"name\":\"com.apple.knowledge-agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.knowledge-agent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/knowledge-agent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.languageassetd\",\"name\":\"com.apple.languageassetd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.languageassetd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/languageassetd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.languageassetd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/languageassetd", + "label": "com.apple.languageassetd", "name": "com.apple.languageassetd.plist", "path": "/System/Library/LaunchAgents/com.apple.languageassetd.plist", - "label": "com.apple.languageassetd", + "program_arguments": "/usr/libexec/languageassetd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.languageassetd\",\"name\":\"com.apple.languageassetd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.languageassetd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/languageassetd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.lateragent\",\"name\":\"com.apple.lateragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.lateragent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Resources/LaterAgent.app/Contents/MacOS/LaterAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.lateragent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.lateragent", "name": "com.apple.lateragent.plist", "path": "/System/Library/LaunchAgents/com.apple.lateragent.plist", - "label": "com.apple.lateragent", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Resources/LaterAgent.app/Contents/MacOS/LaterAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.lateragent\",\"name\":\"com.apple.lateragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.lateragent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Resources/LaterAgent.app/Contents/MacOS/LaterAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.locationmenu\",\"name\":\"com.apple.locationmenu.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.locationmenu.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/LocationMenu.app/Contents/MacOS/LocationMenu\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.locationmenu.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.locationmenu", "name": "com.apple.locationmenu.plist", "path": "/System/Library/LaunchAgents/com.apple.locationmenu.plist", "process_type": "App", - "label": "com.apple.locationmenu", "program": "/System/Library/CoreServices/LocationMenu.app/Contents/MacOS/LocationMenu", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.locationmenu\",\"name\":\"com.apple.locationmenu.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.locationmenu.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/LocationMenu.app/Contents/MacOS/LocationMenu\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.loginwindow.LWWeeklyMessageTracer\",\"name\":\"com.apple.loginwindow.LWWeeklyMessageTracer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.loginwindow.LWWeeklyMessageTracer.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.loginwindow.LWWeeklyMessageTracer.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer", + "label": "com.apple.loginwindow.LWWeeklyMessageTracer", "name": "com.apple.loginwindow.LWWeeklyMessageTracer.plist", "path": "/System/Library/LaunchAgents/com.apple.loginwindow.LWWeeklyMessageTracer.plist", - "label": "com.apple.loginwindow.LWWeeklyMessageTracer" + "program_arguments": "/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.loginwindow.LWWeeklyMessageTracer\",\"name\":\"com.apple.loginwindow.LWWeeklyMessageTracer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.loginwindow.LWWeeklyMessageTracer.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.lsd\",\"name\":\"com.apple.lsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.lsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/lsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.lsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/lsd", + "label": "com.apple.lsd", "name": "com.apple.lsd.plist", "path": "/System/Library/LaunchAgents/com.apple.lsd.plist", - "label": "com.apple.lsd" + "program_arguments": "/usr/libexec/lsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.lsd\",\"name\":\"com.apple.lsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.lsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/lsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mbbackgrounduseragent\",\"name\":\"com.apple.mbbackgrounduseragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mbbackgrounduseragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbbackgrounduseragent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mbbackgrounduseragent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbbackgrounduseragent", + "label": "com.apple.mbbackgrounduseragent", "name": "com.apple.mbbackgrounduseragent.plist", "path": "/System/Library/LaunchAgents/com.apple.mbbackgrounduseragent.plist", - "label": "com.apple.mbbackgrounduseragent" + "program_arguments": "/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbbackgrounduseragent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mbbackgrounduseragent\",\"name\":\"com.apple.mbbackgrounduseragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mbbackgrounduseragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbbackgrounduseragent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mbfloagent\",\"name\":\"com.apple.mbfloagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mbfloagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbfloagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mbfloagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbfloagent", + "label": "com.apple.mbfloagent", "name": "com.apple.mbfloagent.plist", "path": "/System/Library/LaunchAgents/com.apple.mbfloagent.plist", - "label": "com.apple.mbfloagent" + "program_arguments": "/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbfloagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mbfloagent\",\"name\":\"com.apple.mbfloagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mbfloagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbfloagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mbuseragent\",\"name\":\"com.apple.mbuseragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mbuseragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbuseragent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mbuseragent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbuseragent", + "label": "com.apple.mbuseragent", "name": "com.apple.mbuseragent.plist", "path": "/System/Library/LaunchAgents/com.apple.mbuseragent.plist", - "label": "com.apple.mbuseragent" + "program_arguments": "/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbuseragent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mbuseragent\",\"name\":\"com.apple.mbuseragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mbuseragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/mbuseragent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdmclient.agent\",\"name\":\"com.apple.mdmclient.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdmclient.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/mdmclient agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mdmclient.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/mdmclient agent", + "label": "com.apple.mdmclient.agent", "name": "com.apple.mdmclient.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.mdmclient.agent.plist", - "label": "com.apple.mdmclient.agent", + "program_arguments": "/usr/libexec/mdmclient agent", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdmclient.agent\",\"name\":\"com.apple.mdmclient.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdmclient.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/mdmclient agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.32bit\",\"name\":\"com.apple.mdworker.32bit.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.32bit.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker32 -s mdworker-lsb -c MDSImporterWorker -m com.apple.mdworker.32bit\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mdworker.32bit.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker32 -s mdworker-lsb -c MDSImporterWorker -m com.apple.mdworker.32bit", + "label": "com.apple.mdworker.32bit", "name": "com.apple.mdworker.32bit.plist", "path": "/System/Library/LaunchAgents/com.apple.mdworker.32bit.plist", - "label": "com.apple.mdworker.32bit" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker32 -s mdworker-lsb -c MDSImporterWorker -m com.apple.mdworker.32bit" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.32bit\",\"name\":\"com.apple.mdworker.32bit.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.32bit.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker32 -s mdworker-lsb -c MDSImporterWorker -m com.apple.mdworker.32bit\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.bundles\",\"name\":\"com.apple.mdworker.bundles.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.bundles.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-bundle -c MDSImporterBundleFinder -m com.apple.mdworker.bundles\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mdworker.bundles.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-bundle -c MDSImporterBundleFinder -m com.apple.mdworker.bundles", + "label": "com.apple.mdworker.bundles", "name": "com.apple.mdworker.bundles.plist", "path": "/System/Library/LaunchAgents/com.apple.mdworker.bundles.plist", - "label": "com.apple.mdworker.bundles" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-bundle -c MDSImporterBundleFinder -m com.apple.mdworker.bundles" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.bundles\",\"name\":\"com.apple.mdworker.bundles.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.bundles.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-bundle -c MDSImporterBundleFinder -m com.apple.mdworker.bundles\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.isolation\",\"name\":\"com.apple.mdworker.isolation.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.isolation.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.isolation\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mdworker.isolation.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.isolation", + "label": "com.apple.mdworker.isolation", "name": "com.apple.mdworker.isolation.plist", "path": "/System/Library/LaunchAgents/com.apple.mdworker.isolation.plist", - "label": "com.apple.mdworker.isolation" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.isolation" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.isolation\",\"name\":\"com.apple.mdworker.isolation.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.isolation.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.isolation\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.lsb\",\"name\":\"com.apple.mdworker.lsb.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.lsb.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-lsb -c MDSImporterWorker -m com.apple.mdworker.lsb\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mdworker.lsb.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-lsb -c MDSImporterWorker -m com.apple.mdworker.lsb", + "label": "com.apple.mdworker.lsb", "name": "com.apple.mdworker.lsb.plist", "path": "/System/Library/LaunchAgents/com.apple.mdworker.lsb.plist", - "label": "com.apple.mdworker.lsb" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-lsb -c MDSImporterWorker -m com.apple.mdworker.lsb" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.lsb\",\"name\":\"com.apple.mdworker.lsb.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.lsb.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-lsb -c MDSImporterWorker -m com.apple.mdworker.lsb\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.mail\",\"name\":\"com.apple.mdworker.mail.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.mail.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-mail -c MDSImporterWorker -m com.apple.mdworker.mail\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mdworker.mail.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-mail -c MDSImporterWorker -m com.apple.mdworker.mail", + "label": "com.apple.mdworker.mail", "name": "com.apple.mdworker.mail.plist", "path": "/System/Library/LaunchAgents/com.apple.mdworker.mail.plist", - "label": "com.apple.mdworker.mail" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-mail -c MDSImporterWorker -m com.apple.mdworker.mail" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.mail\",\"name\":\"com.apple.mdworker.mail.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.mail.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-mail -c MDSImporterWorker -m com.apple.mdworker.mail\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.shared\",\"name\":\"com.apple.mdworker.shared.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.shared.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mdworker.shared.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared", + "label": "com.apple.mdworker.shared", "name": "com.apple.mdworker.shared.plist", "path": "/System/Library/LaunchAgents/com.apple.mdworker.shared.plist", - "label": "com.apple.mdworker.shared" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.shared\",\"name\":\"com.apple.mdworker.shared.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.shared.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.single\",\"name\":\"com.apple.mdworker.single.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.single.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mdworker.single.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single", + "label": "com.apple.mdworker.single", "name": "com.apple.mdworker.single.plist", "path": "/System/Library/LaunchAgents/com.apple.mdworker.single.plist", - "label": "com.apple.mdworker.single" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.single\",\"name\":\"com.apple.mdworker.single.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.single.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.sizing\",\"name\":\"com.apple.mdworker.sizing.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.sizing.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-sizing -c MDSSizingWorker -m com.apple.mdworker.sizing\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mdworker.sizing.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-sizing -c MDSSizingWorker -m com.apple.mdworker.sizing", + "label": "com.apple.mdworker.sizing", "name": "com.apple.mdworker.sizing.plist", "path": "/System/Library/LaunchAgents/com.apple.mdworker.sizing.plist", - "label": "com.apple.mdworker.sizing" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-sizing -c MDSSizingWorker -m com.apple.mdworker.sizing" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mdworker.sizing\",\"name\":\"com.apple.mdworker.sizing.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mdworker.sizing.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker-sizing -c MDSSizingWorker -m com.apple.mdworker.sizing\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mediaanalysisd\",\"name\":\"com.apple.mediaanalysisd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mediaanalysisd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/VideoProcessing.framework/Versions/A/mediaanalysisd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mediaanalysisd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/VideoProcessing.framework/Versions/A/mediaanalysisd", + "label": "com.apple.mediaanalysisd", "name": "com.apple.mediaanalysisd.plist", "path": "/System/Library/LaunchAgents/com.apple.mediaanalysisd.plist", "process_type": "Adaptive", - "label": "com.apple.mediaanalysisd", + "program_arguments": "/System/Library/PrivateFrameworks/VideoProcessing.framework/Versions/A/mediaanalysisd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mediaanalysisd\",\"name\":\"com.apple.mediaanalysisd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mediaanalysisd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/VideoProcessing.framework/Versions/A/mediaanalysisd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mediaremoteagent\",\"name\":\"com.apple.mediaremoteagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mediaremoteagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.mediaremoteagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent", + "label": "com.apple.mediaremoteagent", "name": "com.apple.mediaremoteagent.plist", "path": "/System/Library/LaunchAgents/com.apple.mediaremoteagent.plist", - "label": "com.apple.mediaremoteagent" + "program_arguments": "/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.mediaremoteagent\",\"name\":\"com.apple.mediaremoteagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.mediaremoteagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mdbulkimport\",\"name\":\"com.apple.metadata.mdbulkimport.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.metadata.mdbulkimport.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdbulkimport -s mdbulkimport\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.metadata.mdbulkimport.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdbulkimport -s mdbulkimport", + "label": "com.apple.metadata.mdbulkimport", "name": "com.apple.metadata.mdbulkimport.plist", "path": "/System/Library/LaunchAgents/com.apple.metadata.mdbulkimport.plist", - "label": "com.apple.metadata.mdbulkimport" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdbulkimport -s mdbulkimport" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mdbulkimport\",\"name\":\"com.apple.metadata.mdbulkimport.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.metadata.mdbulkimport.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdbulkimport -s mdbulkimport\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mdflagwriter\",\"name\":\"com.apple.metadata.mdflagwriter.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.metadata.mdflagwriter.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdflagwriter\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.metadata.mdflagwriter.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdflagwriter", + "label": "com.apple.metadata.mdflagwriter", "name": "com.apple.metadata.mdflagwriter.plist", "path": "/System/Library/LaunchAgents/com.apple.metadata.mdflagwriter.plist", - "label": "com.apple.metadata.mdflagwriter" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdflagwriter" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mdflagwriter\",\"name\":\"com.apple.metadata.mdflagwriter.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.metadata.mdflagwriter.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdflagwriter\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mdwrite\",\"name\":\"com.apple.metadata.mdwrite.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.metadata.mdwrite.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdwrite\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.metadata.mdwrite.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdwrite", + "label": "com.apple.metadata.mdwrite", "name": "com.apple.metadata.mdwrite.plist", "path": "/System/Library/LaunchAgents/com.apple.metadata.mdwrite.plist", - "label": "com.apple.metadata.mdwrite" + "program_arguments": "/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdwrite" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.metadata.mdwrite\",\"name\":\"com.apple.metadata.mdwrite.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.metadata.mdwrite.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdwrite\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.midiserver\",\"name\":\"com.apple.midiserver.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.midiserver.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreMIDI.framework/MIDIServer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.midiserver.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/CoreMIDI.framework/MIDIServer", + "label": "com.apple.midiserver", "name": "com.apple.midiserver.plist", "path": "/System/Library/LaunchAgents/com.apple.midiserver.plist", "process_type": "Interactive", - "label": "com.apple.midiserver" + "program_arguments": "/System/Library/Frameworks/CoreMIDI.framework/MIDIServer" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.midiserver\",\"name\":\"com.apple.midiserver.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.midiserver.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/CoreMIDI.framework/MIDIServer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.navd\",\"name\":\"com.apple.navd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.navd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/navd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.navd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/navd", + "label": "com.apple.navd", "name": "com.apple.navd.plist", "path": "/System/Library/LaunchAgents/com.apple.navd.plist", - "label": "com.apple.navd" + "program_arguments": "/System/Library/CoreServices/navd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.navd\",\"name\":\"com.apple.navd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.navd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/navd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.neagent\",\"name\":\"com.apple.neagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.neagent.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/libexec/neagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.neagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.neagent", "name": "com.apple.neagent.plist", "path": "/System/Library/LaunchAgents/com.apple.neagent.plist", "process_type": "Interactive", - "label": "com.apple.neagent", "program": "/usr/libexec/neagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.neagent\",\"name\":\"com.apple.neagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.neagent.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/libexec/neagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.netauth.user.auth\",\"name\":\"com.apple.netauth.user.auth.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.netauth.user.auth.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.netauth.user.auth.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent", + "label": "com.apple.netauth.user.auth", "name": "com.apple.netauth.user.auth.plist", "path": "/System/Library/LaunchAgents/com.apple.netauth.user.auth.plist", - "label": "com.apple.netauth.user.auth" + "program_arguments": "/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.netauth.user.auth\",\"name\":\"com.apple.netauth.user.auth.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.netauth.user.auth.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.netauth.user.gui\",\"name\":\"com.apple.netauth.user.gui.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.netauth.user.gui.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.netauth.user.gui.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent", + "label": "com.apple.netauth.user.gui", "name": "com.apple.netauth.user.gui.plist", "path": "/System/Library/LaunchAgents/com.apple.netauth.user.gui.plist", - "label": "com.apple.netauth.user.gui" + "program_arguments": "/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.netauth.user.gui\",\"name\":\"com.apple.netauth.user.gui.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.netauth.user.gui.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.networkserviceproxy\",\"name\":\"com.apple.networkserviceproxy-osx.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.networkserviceproxy-osx.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/libexec/networkserviceproxy\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.networkserviceproxy-osx.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.networkserviceproxy", "name": "com.apple.networkserviceproxy-osx.plist", "path": "/System/Library/LaunchAgents/com.apple.networkserviceproxy-osx.plist", "process_type": "Interactive", - "label": "com.apple.networkserviceproxy", "program": "/usr/libexec/networkserviceproxy" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.networkserviceproxy\",\"name\":\"com.apple.networkserviceproxy-osx.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.networkserviceproxy-osx.plist\",\"process_type\":\"Interactive\",\"program\":\"/usr/libexec/networkserviceproxy\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.noticeboard.agent\",\"name\":\"com.apple.noticeboard.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.noticeboard.agent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app/Contents/MacOS/nbagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.noticeboard.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.apple.noticeboard.agent", "name": "com.apple.noticeboard.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.noticeboard.agent.plist", - "label": "com.apple.noticeboard.agent", - "program": "/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app/Contents/MacOS/nbagent", - "keep_alive": "1" + "program": "/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app/Contents/MacOS/nbagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.noticeboard.agent\",\"name\":\"com.apple.noticeboard.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.noticeboard.agent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app/Contents/MacOS/nbagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.notificationcenterui.agent\",\"name\":\"com.apple.notificationcenterui.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.notificationcenterui.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.notificationcenterui.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.apple.notificationcenterui.agent", "name": "com.apple.notificationcenterui.plist", "path": "/System/Library/LaunchAgents/com.apple.notificationcenterui.plist", - "label": "com.apple.notificationcenterui.agent", - "program": "/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter", - "keep_alive": "1" + "program": "/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.notificationcenterui.agent\",\"name\":\"com.apple.notificationcenterui.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.notificationcenterui.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nsurlsessiond\",\"name\":\"com.apple.nsurlsessiond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.nsurlsessiond.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/nsurlsessiond\",\"program_arguments\":\"\",\"queue_directories\":\"~/Library/com.apple.nsurlsessiond\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.nsurlsessiond.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.nsurlsessiond", "name": "com.apple.nsurlsessiond.plist", "path": "/System/Library/LaunchAgents/com.apple.nsurlsessiond.plist", - "label": "com.apple.nsurlsessiond", "program": "/usr/libexec/nsurlsessiond", "queue_directories": "~/Library/com.apple.nsurlsessiond" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nsurlsessiond\",\"name\":\"com.apple.nsurlsessiond.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.nsurlsessiond.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/nsurlsessiond\",\"program_arguments\":\"\",\"queue_directories\":\"~/Library/com.apple.nsurlsessiond\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nsurlstoraged\",\"name\":\"com.apple.nsurlstoraged.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.nsurlstoraged.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/nsurlstoraged\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.nsurlstoraged.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.nsurlstoraged", "name": "com.apple.nsurlstoraged.plist", "path": "/System/Library/LaunchAgents/com.apple.nsurlstoraged.plist", - "label": "com.apple.nsurlstoraged", "program": "/usr/libexec/nsurlstoraged" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.nsurlstoraged\",\"name\":\"com.apple.nsurlstoraged.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.nsurlstoraged.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/nsurlstoraged\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.parentalcontrols.check\",\"name\":\"com.apple.parentalcontrols.check.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.parentalcontrols.check.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/pcdCheck\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.parentalcontrols.check.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.parentalcontrols.check", "name": "com.apple.parentalcontrols.check.plist", "path": "/System/Library/LaunchAgents/com.apple.parentalcontrols.check.plist", - "label": "com.apple.parentalcontrols.check", "program": "/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/pcdCheck", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.parentalcontrols.check\",\"name\":\"com.apple.parentalcontrols.check.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.parentalcontrols.check.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/FamilyControls.framework/Resources/pcdCheck\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.parsecd\",\"name\":\"com.apple.parsecd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.parsecd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CoreParsec.framework/parsecd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.parsecd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.parsecd", "name": "com.apple.parsecd.plist", "path": "/System/Library/LaunchAgents/com.apple.parsecd.plist", - "label": "com.apple.parsecd", "program": "/System/Library/PrivateFrameworks/CoreParsec.framework/parsecd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.parsecd\",\"name\":\"com.apple.parsecd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.parsecd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CoreParsec.framework/parsecd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.passd\",\"name\":\"com.apple.passd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.passd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PassKitCore.framework/passd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.passd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/PassKitCore.framework/passd", + "label": "com.apple.passd", "name": "com.apple.passd.plist", "path": "/System/Library/LaunchAgents/com.apple.passd.plist", - "label": "com.apple.passd" + "program_arguments": "/System/Library/PrivateFrameworks/PassKitCore.framework/passd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.passd\",\"name\":\"com.apple.passd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.passd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PassKitCore.framework/passd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pboard\",\"name\":\"com.apple.pboard.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.pboard.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/pboard\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.pboard.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/pboard", + "label": "com.apple.pboard", "name": "com.apple.pboard.plist", "path": "/System/Library/LaunchAgents/com.apple.pboard.plist", - "label": "com.apple.pboard" + "program_arguments": "/usr/libexec/pboard" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pboard\",\"name\":\"com.apple.pboard.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.pboard.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/pboard\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pbs\",\"name\":\"com.apple.pbs.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.pbs.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/pbs\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.pbs.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.pbs", "name": "com.apple.pbs.plist", "path": "/System/Library/LaunchAgents/com.apple.pbs.plist", - "label": "com.apple.pbs", "program": "/System/Library/CoreServices/pbs" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pbs\",\"name\":\"com.apple.pbs.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.pbs.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/pbs\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.personad\",\"name\":\"com.apple.personad.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.personad.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PersonaKit.framework/Versions/A/Support/personad\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.personad.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/PersonaKit.framework/Versions/A/Support/personad", + "label": "com.apple.personad", "name": "com.apple.personad.plist", "path": "/System/Library/LaunchAgents/com.apple.personad.plist", - "label": "com.apple.personad" + "program_arguments": "/System/Library/PrivateFrameworks/PersonaKit.framework/Versions/A/Support/personad" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.personad\",\"name\":\"com.apple.personad.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.personad.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PersonaKit.framework/Versions/A/Support/personad\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.photoanalysisd\",\"name\":\"com.apple.photoanalysisd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.photoanalysisd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/PhotoAnalysis.framework/Versions/A/Support/photoanalysisd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.photoanalysisd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.photoanalysisd", "name": "com.apple.photoanalysisd.plist", "path": "/System/Library/LaunchAgents/com.apple.photoanalysisd.plist", "process_type": "Adaptive", - "label": "com.apple.photoanalysisd", "program": "/System/Library/PrivateFrameworks/PhotoAnalysis.framework/Versions/A/Support/photoanalysisd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.photoanalysisd\",\"name\":\"com.apple.photoanalysisd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.photoanalysisd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/PhotoAnalysis.framework/Versions/A/Support/photoanalysisd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.photolibraryd\",\"name\":\"com.apple.photolibraryd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.photolibraryd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/PhotoLibraryPrivate.framework/Versions/A/Support/photolibraryd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.photolibraryd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.photolibraryd", "name": "com.apple.photolibraryd.plist", "path": "/System/Library/LaunchAgents/com.apple.photolibraryd.plist", "process_type": "Adaptive", - "label": "com.apple.photolibraryd", "program": "/System/Library/PrivateFrameworks/PhotoLibraryPrivate.framework/Versions/A/Support/photolibraryd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.photolibraryd\",\"name\":\"com.apple.photolibraryd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.photolibraryd.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/PhotoLibraryPrivate.framework/Versions/A/Support/photolibraryd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pictd\",\"name\":\"com.apple.pictd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.pictd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/pictd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.pictd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/pictd", + "label": "com.apple.pictd", "name": "com.apple.pictd.plist", "path": "/System/Library/LaunchAgents/com.apple.pictd.plist", - "label": "com.apple.pictd" + "program_arguments": "/usr/sbin/pictd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pictd\",\"name\":\"com.apple.pictd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.pictd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/pictd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pluginkit.pkd\",\"name\":\"com.apple.pluginkit.pkd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.pluginkit.pkd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/pkd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.pluginkit.pkd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.pluginkit.pkd", "name": "com.apple.pluginkit.pkd.plist", "path": "/System/Library/LaunchAgents/com.apple.pluginkit.pkd.plist", - "label": "com.apple.pluginkit.pkd", "program": "/usr/libexec/pkd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pluginkit.pkd\",\"name\":\"com.apple.pluginkit.pkd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.pluginkit.pkd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/pkd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pluginkit.pkreporter\",\"name\":\"com.apple.pluginkit.pkreporter.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.pluginkit.pkreporter.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/pkreporter\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.pluginkit.pkreporter.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/pkreporter", + "label": "com.apple.pluginkit.pkreporter", "name": "com.apple.pluginkit.pkreporter.plist", "path": "/System/Library/LaunchAgents/com.apple.pluginkit.pkreporter.plist", - "label": "com.apple.pluginkit.pkreporter" + "program_arguments": "/usr/libexec/pkreporter" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.pluginkit.pkreporter\",\"name\":\"com.apple.pluginkit.pkreporter.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.pluginkit.pkreporter.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/pkreporter\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.powerchime\",\"name\":\"com.apple.powerchime.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.powerchime.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/CoreServices/PowerChime.app/Contents/MacOS/PowerChime\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.powerchime.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.powerchime", "name": "com.apple.powerchime.plist", "path": "/System/Library/LaunchAgents/com.apple.powerchime.plist", "process_type": "Interactive", - "label": "com.apple.powerchime", "program": "/System/Library/CoreServices/PowerChime.app/Contents/MacOS/PowerChime" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.powerchime\",\"name\":\"com.apple.powerchime.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.powerchime.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/CoreServices/PowerChime.app/Contents/MacOS/PowerChime\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.preference.displays.MirrorDisplays\",\"name\":\"com.apple.preference.displays.MirrorDisplays.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.preference.displays.MirrorDisplays.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/PreferencePanes/Displays.prefPane/Contents/Resources/MirrorDisplays.app/Contents/MacOS/MirrorDisplays\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.preference.displays.MirrorDisplays.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.preference.displays.MirrorDisplays", "name": "com.apple.preference.displays.MirrorDisplays.plist", "path": "/System/Library/LaunchAgents/com.apple.preference.displays.MirrorDisplays.plist", "process_type": "Interactive", - "label": "com.apple.preference.displays.MirrorDisplays", "program": "/System/Library/PreferencePanes/Displays.prefPane/Contents/Resources/MirrorDisplays.app/Contents/MacOS/MirrorDisplays" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.preference.displays.MirrorDisplays\",\"name\":\"com.apple.preference.displays.MirrorDisplays.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.preference.displays.MirrorDisplays.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/PreferencePanes/Displays.prefPane/Contents/Resources/MirrorDisplays.app/Contents/MacOS/MirrorDisplays\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.printtool.agent\",\"name\":\"com.apple.printtool.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.printtool.agent.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.printtool.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool agent", + "disabled": "0", + "label": "com.apple.printtool.agent", "name": "com.apple.printtool.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.printtool.agent.plist", - "disabled": "0", "process_type": "Adaptive", - "label": "com.apple.printtool.agent" + "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool agent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.printtool.agent\",\"name\":\"com.apple.printtool.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.printtool.agent.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.printuitool.agent\",\"name\":\"com.apple.printuitool.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.printuitool.agent.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PrintingPrivate.framework/Versions/A/PrintUITool\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.printuitool.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/PrintingPrivate.framework/Versions/A/PrintUITool", + "disabled": "0", + "label": "com.apple.printuitool.agent", "name": "com.apple.printuitool.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.printuitool.agent.plist", - "disabled": "0", "process_type": "Adaptive", - "label": "com.apple.printuitool.agent" + "program_arguments": "/System/Library/PrivateFrameworks/PrintingPrivate.framework/Versions/A/PrintUITool" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.printuitool.agent\",\"name\":\"com.apple.printuitool.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.printuitool.agent.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/PrintingPrivate.framework/Versions/A/PrintUITool\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.protectedcloudstorage.protectedcloudkeysyncing\",\"name\":\"com.apple.protectedcloudstorage.protectedcloudkeysyncing.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.protectedcloudstorage.protectedcloudkeysyncing.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/ProtectedCloudStorage.framework/Helpers/ProtectedCloudKeySyncing\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.protectedcloudstorage.protectedcloudkeysyncing.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.protectedcloudstorage.protectedcloudkeysyncing", "name": "com.apple.protectedcloudstorage.protectedcloudkeysyncing.plist", "path": "/System/Library/LaunchAgents/com.apple.protectedcloudstorage.protectedcloudkeysyncing.plist", "process_type": "Adaptive", - "label": "com.apple.protectedcloudstorage.protectedcloudkeysyncing", "program": "/System/Library/PrivateFrameworks/ProtectedCloudStorage.framework/Helpers/ProtectedCloudKeySyncing" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.protectedcloudstorage.protectedcloudkeysyncing\",\"name\":\"com.apple.protectedcloudstorage.protectedcloudkeysyncing.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.protectedcloudstorage.protectedcloudkeysyncing.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/PrivateFrameworks/ProtectedCloudStorage.framework/Helpers/ProtectedCloudKeySyncing\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.quicklook.32bit\",\"name\":\"com.apple.quicklook.32bit.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.quicklook.32bit.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/QuickLook.framework/Resources/quicklookd32.app/Contents/MacOS/quicklookd32\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.quicklook.32bit.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/QuickLook.framework/Resources/quicklookd32.app/Contents/MacOS/quicklookd32", + "label": "com.apple.quicklook.32bit", "name": "com.apple.quicklook.32bit.plist", "path": "/System/Library/LaunchAgents/com.apple.quicklook.32bit.plist", - "working_directory": "/tmp", - "label": "com.apple.quicklook.32bit" + "program_arguments": "/System/Library/Frameworks/QuickLook.framework/Resources/quicklookd32.app/Contents/MacOS/quicklookd32", + "working_directory": "/tmp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.quicklook.32bit\",\"name\":\"com.apple.quicklook.32bit.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.quicklook.32bit.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/QuickLook.framework/Resources/quicklookd32.app/Contents/MacOS/quicklookd32\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.quicklook.ThumbnailsAgent\",\"name\":\"com.apple.quicklook.ThumbnailsAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.quicklook.ThumbnailsAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/QuickLookThumbnailing.framework/Support/com.apple.quicklook.ThumbnailsAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.quicklook.ThumbnailsAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.quicklook.ThumbnailsAgent", "name": "com.apple.quicklook.ThumbnailsAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.quicklook.ThumbnailsAgent.plist", - "label": "com.apple.quicklook.ThumbnailsAgent", "program": "/System/Library/PrivateFrameworks/QuickLookThumbnailing.framework/Support/com.apple.quicklook.ThumbnailsAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.quicklook.ThumbnailsAgent\",\"name\":\"com.apple.quicklook.ThumbnailsAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.quicklook.ThumbnailsAgent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/QuickLookThumbnailing.framework/Support/com.apple.quicklook.ThumbnailsAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.quicklook\",\"name\":\"com.apple.quicklook.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.quicklook.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/QuickLook.framework/Resources/quicklookd.app/Contents/MacOS/quicklookd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.quicklook.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/QuickLook.framework/Resources/quicklookd.app/Contents/MacOS/quicklookd", + "label": "com.apple.quicklook", "name": "com.apple.quicklook.plist", "path": "/System/Library/LaunchAgents/com.apple.quicklook.plist", - "working_directory": "/tmp", - "label": "com.apple.quicklook" + "program_arguments": "/System/Library/Frameworks/QuickLook.framework/Resources/quicklookd.app/Contents/MacOS/quicklookd", + "working_directory": "/tmp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.quicklook\",\"name\":\"com.apple.quicklook.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.quicklook.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/QuickLook.framework/Resources/quicklookd.app/Contents/MacOS/quicklookd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.quicklook.ui.helper\",\"name\":\"com.apple.quicklook.ui.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.quicklook.ui.helper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.quicklook.ui.helper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper", + "label": "com.apple.quicklook.ui.helper", "name": "com.apple.quicklook.ui.helper.plist", "path": "/System/Library/LaunchAgents/com.apple.quicklook.ui.helper.plist", - "working_directory": "/tmp", - "label": "com.apple.quicklook.ui.helper" + "program_arguments": "/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper", + "working_directory": "/tmp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.quicklook.ui.helper\",\"name\":\"com.apple.quicklook.ui.helper.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.quicklook.ui.helper.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.rcd\",\"name\":\"com.apple.rcd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.rcd.plist\",\"process_type\":\"Standard\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/rcd.app/Contents/MacOS/rcd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.rcd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/rcd.app/Contents/MacOS/rcd", + "label": "com.apple.rcd", "name": "com.apple.rcd.plist", "path": "/System/Library/LaunchAgents/com.apple.rcd.plist", "process_type": "Standard", - "label": "com.apple.rcd" + "program_arguments": "/System/Library/CoreServices/rcd.app/Contents/MacOS/rcd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.rcd\",\"name\":\"com.apple.rcd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.rcd.plist\",\"process_type\":\"Standard\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/rcd.app/Contents/MacOS/rcd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.recentsd\",\"name\":\"com.apple.recentsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.recentsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreRecents.framework/Versions/A/Support/recentsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.recentsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CoreRecents.framework/Versions/A/Support/recentsd", + "label": "com.apple.recentsd", "name": "com.apple.recentsd.plist", "path": "/System/Library/LaunchAgents/com.apple.recentsd.plist", - "label": "com.apple.recentsd" + "program_arguments": "/System/Library/PrivateFrameworks/CoreRecents.framework/Versions/A/Support/recentsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.recentsd\",\"name\":\"com.apple.recentsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.recentsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreRecents.framework/Versions/A/Support/recentsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.reversetemplated\",\"name\":\"com.apple.reversetemplated.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.reversetemplated.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/reversetemplated\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.reversetemplated.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/reversetemplated", + "label": "com.apple.reversetemplated", "name": "com.apple.reversetemplated.plist", "path": "/System/Library/LaunchAgents/com.apple.reversetemplated.plist", - "label": "com.apple.reversetemplated" + "program_arguments": "/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/reversetemplated" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.reversetemplated\",\"name\":\"com.apple.reversetemplated.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.reversetemplated.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/reversetemplated\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.routined\",\"name\":\"com.apple.routined.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.routined.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/routined LAUNCHED_BY_LAUNCHD\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.routined.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/routined LAUNCHED_BY_LAUNCHD", + "keep_alive": "1", + "label": "com.apple.routined", "name": "com.apple.routined.plist", "path": "/System/Library/LaunchAgents/com.apple.routined.plist", - "label": "com.apple.routined", - "keep_alive": "1", + "program_arguments": "/usr/libexec/routined LAUNCHED_BY_LAUNCHD", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.routined\",\"name\":\"com.apple.routined.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.routined.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/routined LAUNCHED_BY_LAUNCHD\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.safaridavclient\",\"name\":\"com.apple.safaridavclient.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.safaridavclient.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/BookmarkDAV.framework/Helpers/SafariDAVClient\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"82800\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.safaridavclient.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/BookmarkDAV.framework/Helpers/SafariDAVClient", + "label": "com.apple.safaridavclient", "name": "com.apple.safaridavclient.plist", "path": "/System/Library/LaunchAgents/com.apple.safaridavclient.plist", - "label": "com.apple.safaridavclient", + "program_arguments": "/System/Library/PrivateFrameworks/BookmarkDAV.framework/Helpers/SafariDAVClient", "start_interval": "82800" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.safaridavclient\",\"name\":\"com.apple.safaridavclient.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.safaridavclient.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/BookmarkDAV.framework/Helpers/SafariDAVClient\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"82800\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.scopedbookmarksagent.xpc\",\"name\":\"com.apple.scopedbookmarkagent.xpc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.scopedbookmarkagent.xpc.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/ScopedBookmarkAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.scopedbookmarkagent.xpc.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.scopedbookmarksagent.xpc", "name": "com.apple.scopedbookmarkagent.xpc.plist", "path": "/System/Library/LaunchAgents/com.apple.scopedbookmarkagent.xpc.plist", - "label": "com.apple.scopedbookmarksagent.xpc", "program": "/System/Library/CoreServices/ScopedBookmarkAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.scopedbookmarksagent.xpc\",\"name\":\"com.apple.scopedbookmarkagent.xpc.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.scopedbookmarkagent.xpc.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/ScopedBookmarkAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.screencapturetb.agent\",\"name\":\"com.apple.screencapturetb.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.screencapturetb.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/screencapturetb.app/Contents/MacOS/screencapturetb\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.screencapturetb.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.screencapturetb.agent", "name": "com.apple.screencapturetb.plist", "path": "/System/Library/LaunchAgents/com.apple.screencapturetb.plist", - "label": "com.apple.screencapturetb.agent", "program": "/System/Library/CoreServices/screencapturetb.app/Contents/MacOS/screencapturetb", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.screencapturetb.agent\",\"name\":\"com.apple.screencapturetb.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.screencapturetb.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/screencapturetb.app/Contents/MacOS/screencapturetb\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.screensharing.MessagesAgent\",\"name\":\"com.apple.screensharing.MessagesAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.screensharing.MessagesAgent.plist\",\"process_type\":\"Standard\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.screensharing.MessagesAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer", + "label": "com.apple.screensharing.MessagesAgent", "name": "com.apple.screensharing.MessagesAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.screensharing.MessagesAgent.plist", "process_type": "Standard", - "label": "com.apple.screensharing.MessagesAgent", + "program_arguments": "/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.screensharing.MessagesAgent\",\"name\":\"com.apple.screensharing.MessagesAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.screensharing.MessagesAgent.plist\",\"process_type\":\"Standard\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.screensharing.agent\",\"name\":\"com.apple.screensharing.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.screensharing.agent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/RemoteManagement/ScreensharingAgent.bundle/Contents/MacOS/ScreensharingAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/private/etc/com.apple.screensharing.agent.launchd\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.screensharing.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/RemoteManagement/ScreensharingAgent.bundle/Contents/MacOS/ScreensharingAgent", - "path": "/System/Library/LaunchAgents/com.apple.screensharing.agent.plist", - "run_at_load": "0", - "watch_paths": "/private/etc/com.apple.screensharing.agent.launchd", + "label": "com.apple.screensharing.agent", "name": "com.apple.screensharing.agent.plist", + "path": "/System/Library/LaunchAgents/com.apple.screensharing.agent.plist", "process_type": "Interactive", - "label": "com.apple.screensharing.agent" + "program_arguments": "/System/Library/CoreServices/RemoteManagement/ScreensharingAgent.bundle/Contents/MacOS/ScreensharingAgent", + "run_at_load": "0", + "watch_paths": "/private/etc/com.apple.screensharing.agent.launchd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.screensharing.agent\",\"name\":\"com.apple.screensharing.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.screensharing.agent.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/RemoteManagement/ScreensharingAgent.bundle/Contents/MacOS/ScreensharingAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"/private/etc/com.apple.screensharing.agent.launchd\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.scrod\",\"name\":\"com.apple.scrod.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.scrod.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/ScreenReader.framework/Frameworks/ScreenReaderOutput.framework/Resources/scrod\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.scrod.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/ScreenReader.framework/Frameworks/ScreenReaderOutput.framework/Resources/scrod", + "label": "com.apple.scrod", "name": "com.apple.scrod.plist", "path": "/System/Library/LaunchAgents/com.apple.scrod.plist", "process_type": "Interactive", - "label": "com.apple.scrod" + "program_arguments": "/System/Library/PrivateFrameworks/ScreenReader.framework/Frameworks/ScreenReaderOutput.framework/Resources/scrod" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.scrod\",\"name\":\"com.apple.scrod.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.scrod.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/ScreenReader.framework/Frameworks/ScreenReaderOutput.framework/Resources/scrod\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.secd\",\"name\":\"com.apple.secd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.secd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/secd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.secd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/secd", + "label": "com.apple.secd", "name": "com.apple.secd.plist", "path": "/System/Library/LaunchAgents/com.apple.secd.plist", - "label": "com.apple.secd" + "program_arguments": "/usr/libexec/secd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.secd\",\"name\":\"com.apple.secd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.secd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/secd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.secinitd\",\"name\":\"com.apple.secinitd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.secinitd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/secinitd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.secinitd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.secinitd", "name": "com.apple.secinitd.plist", "path": "/System/Library/LaunchAgents/com.apple.secinitd.plist", - "label": "com.apple.secinitd", "program": "/usr/libexec/secinitd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.secinitd\",\"name\":\"com.apple.secinitd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.secinitd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/secinitd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.DiskUnmountWatcher\",\"name\":\"com.apple.security.DiskUnmountWatcher.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.security.DiskUnmountWatcher.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/KerberosHelper/Helpers/DiskUnmountWatcher\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.security.DiskUnmountWatcher.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/KerberosHelper/Helpers/DiskUnmountWatcher", + "label": "com.apple.security.DiskUnmountWatcher", "name": "com.apple.security.DiskUnmountWatcher.plist", "path": "/System/Library/LaunchAgents/com.apple.security.DiskUnmountWatcher.plist", - "label": "com.apple.security.DiskUnmountWatcher" + "program_arguments": "/System/Library/PrivateFrameworks/KerberosHelper/Helpers/DiskUnmountWatcher" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.DiskUnmountWatcher\",\"name\":\"com.apple.security.DiskUnmountWatcher.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.security.DiskUnmountWatcher.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/KerberosHelper/Helpers/DiskUnmountWatcher\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.agent\",\"name\":\"com.apple.security.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.security.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.security.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent", + "label": "com.apple.security.agent", "name": "com.apple.security.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.security.agent.plist", - "label": "com.apple.security.agent" + "program_arguments": "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.agent\",\"name\":\"com.apple.security.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.security.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.security.cloudkeychainproxy3\",\"name\":\"com.apple.security.cloudkeychainproxy3.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.security.cloudkeychainproxy3.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy\",\"program_arguments\":\"/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.security.cloudkeychainproxy3.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy", - "path": "/System/Library/LaunchAgents/com.apple.security.cloudkeychainproxy3.plist", - "run_at_load": "0", + "keep_alive": "0", + "label": "com.apple.security.cloudkeychainproxy3", "name": "com.apple.security.cloudkeychainproxy3.plist", + "path": "/System/Library/LaunchAgents/com.apple.security.cloudkeychainproxy3.plist", "process_type": "Adaptive", - "label": "com.apple.security.cloudkeychainproxy3", "program": "/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy", - "keep_alive": "0" + "program_arguments": "/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy", + "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.security.cloudkeychainproxy3\",\"name\":\"com.apple.security.cloudkeychainproxy3.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.security.cloudkeychainproxy3.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy\",\"program_arguments\":\"/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.keychain-circle-notification\",\"name\":\"com.apple.security.keychain-circle-notification.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.security.keychain-circle-notification.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/Keychain Circle Notification\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.security.keychain-circle-notification.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/Keychain Circle Notification", + "label": "com.apple.security.keychain-circle-notification", "name": "com.apple.security.keychain-circle-notification.plist", "path": "/System/Library/LaunchAgents/com.apple.security.keychain-circle-notification.plist", - "label": "com.apple.security.keychain-circle-notification" + "program_arguments": "/System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/Keychain Circle Notification" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.keychain-circle-notification\",\"name\":\"com.apple.security.keychain-circle-notification.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.security.keychain-circle-notification.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/Keychain Circle Notification\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.keychainsyncingoveridsproxy\",\"name\":\"com.apple.security.keychainsyncingoveridsproxy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.security.keychainsyncingoveridsproxy.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/Frameworks/Security.framework/Versions/A/Resources/KeychainSyncingOverIDSProxy.bundle/Contents/MacOS/KeychainSyncingOverIDSProxy\",\"program_arguments\":\"/System/Library/Frameworks/Security.framework/Versions/A/Resources/KeychainSyncingOverIDSProxy.bundle/Contents/MacOS/KeychainSyncingOverIDSProxy\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.security.keychainsyncingoveridsproxy.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/Security.framework/Versions/A/Resources/KeychainSyncingOverIDSProxy.bundle/Contents/MacOS/KeychainSyncingOverIDSProxy", + "label": "com.apple.security.keychainsyncingoveridsproxy", "name": "com.apple.security.keychainsyncingoveridsproxy.plist", "path": "/System/Library/LaunchAgents/com.apple.security.keychainsyncingoveridsproxy.plist", "process_type": "Adaptive", - "label": "com.apple.security.keychainsyncingoveridsproxy", - "program": "/System/Library/Frameworks/Security.framework/Versions/A/Resources/KeychainSyncingOverIDSProxy.bundle/Contents/MacOS/KeychainSyncingOverIDSProxy" + "program": "/System/Library/Frameworks/Security.framework/Versions/A/Resources/KeychainSyncingOverIDSProxy.bundle/Contents/MacOS/KeychainSyncingOverIDSProxy", + "program_arguments": "/System/Library/Frameworks/Security.framework/Versions/A/Resources/KeychainSyncingOverIDSProxy.bundle/Contents/MacOS/KeychainSyncingOverIDSProxy" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.security.keychainsyncingoveridsproxy\",\"name\":\"com.apple.security.keychainsyncingoveridsproxy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.security.keychainsyncingoveridsproxy.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/Frameworks/Security.framework/Versions/A/Resources/KeychainSyncingOverIDSProxy.bundle/Contents/MacOS/KeychainSyncingOverIDSProxy\",\"program_arguments\":\"/System/Library/Frameworks/Security.framework/Versions/A/Resources/KeychainSyncingOverIDSProxy.bundle/Contents/MacOS/KeychainSyncingOverIDSProxy\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.sharingd\",\"name\":\"com.apple.sharingd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.sharingd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/sharingd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.sharingd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.apple.sharingd", "name": "com.apple.sharingd.plist", "path": "/System/Library/LaunchAgents/com.apple.sharingd.plist", - "label": "com.apple.sharingd", "program": "/usr/libexec/sharingd", - "keep_alive": "1", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.sharingd\",\"name\":\"com.apple.sharingd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.sharingd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/sharingd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.siriknowledged\",\"name\":\"com.apple.siriknowledged.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.siriknowledged.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/siriknowledged\",\"program_arguments\":\"/usr/libexec/siriknowledged\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.siriknowledged.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/siriknowledged", - "path": "/System/Library/LaunchAgents/com.apple.siriknowledged.plist", - "run_at_load": "0", + "label": "com.apple.siriknowledged", "name": "com.apple.siriknowledged.plist", + "path": "/System/Library/LaunchAgents/com.apple.siriknowledged.plist", "process_type": "Adaptive", - "label": "com.apple.siriknowledged", - "program": "/usr/libexec/siriknowledged" + "program": "/usr/libexec/siriknowledged", + "program_arguments": "/usr/libexec/siriknowledged", + "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.siriknowledged\",\"name\":\"com.apple.siriknowledged.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.siriknowledged.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/siriknowledged\",\"program_arguments\":\"/usr/libexec/siriknowledged\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.soagent\",\"name\":\"com.apple.soagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.soagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/Contents/MacOS/soagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.soagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/Contents/MacOS/soagent", + "label": "com.apple.soagent", "name": "com.apple.soagent.plist", "path": "/System/Library/LaunchAgents/com.apple.soagent.plist", - "label": "com.apple.soagent", + "program_arguments": "/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/Contents/MacOS/soagent", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.soagent\",\"name\":\"com.apple.soagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.soagent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/Contents/MacOS/soagent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.softwareupdate_notify_agent\",\"name\":\"com.apple.softwareupdate_notify_agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.softwareupdate_notify_agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_notify_agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.softwareupdate_notify_agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_notify_agent", + "label": "com.apple.softwareupdate_notify_agent", "name": "com.apple.softwareupdate_notify_agent.plist", "path": "/System/Library/LaunchAgents/com.apple.softwareupdate_notify_agent.plist", - "label": "com.apple.softwareupdate_notify_agent" + "program_arguments": "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_notify_agent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.softwareupdate_notify_agent\",\"name\":\"com.apple.softwareupdate_notify_agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.softwareupdate_notify_agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_notify_agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.speech.speechdatainstallerd\",\"name\":\"com.apple.speech.speechdatainstallerd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.speech.speechdatainstallerd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.speech.speechdatainstallerd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.speech.speechdatainstallerd", "name": "com.apple.speech.speechdatainstallerd.plist", "path": "/System/Library/LaunchAgents/com.apple.speech.speechdatainstallerd.plist", - "label": "com.apple.speech.speechdatainstallerd", "program": "/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.speech.speechdatainstallerd\",\"name\":\"com.apple.speech.speechdatainstallerd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.speech.speechdatainstallerd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.speech.speechsynthesisd\",\"name\":\"com.apple.speech.speechsynthesisd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.speech.speechsynthesisd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.speech.speechsynthesisd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "0", + "label": "com.apple.speech.speechsynthesisd", "name": "com.apple.speech.speechsynthesisd.plist", "path": "/System/Library/LaunchAgents/com.apple.speech.speechsynthesisd.plist", - "label": "com.apple.speech.speechsynthesisd", - "program": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd", - "keep_alive": "0" + "program": "/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.apple.speech.speechsynthesisd\",\"name\":\"com.apple.speech.speechsynthesisd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.speech.speechsynthesisd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.speech.synthesisserver\",\"name\":\"com.apple.speech.synthesisserver.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.speech.synthesisserver.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app/Contents/MacOS/SpeechSynthesisServer launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.speech.synthesisserver.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app/Contents/MacOS/SpeechSynthesisServer launchd", + "label": "com.apple.speech.synthesisserver", "name": "com.apple.speech.synthesisserver.plist", "path": "/System/Library/LaunchAgents/com.apple.speech.synthesisserver.plist", - "label": "com.apple.speech.synthesisserver", + "program_arguments": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app/Contents/MacOS/SpeechSynthesisServer launchd", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.speech.synthesisserver\",\"name\":\"com.apple.speech.synthesisserver.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.speech.synthesisserver.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app/Contents/MacOS/SpeechSynthesisServer launchd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.spindump_agent\",\"name\":\"com.apple.spindump_agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.spindump_agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/spindump_agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.spindump_agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/spindump_agent", + "label": "com.apple.spindump_agent", "name": "com.apple.spindump_agent.plist", "path": "/System/Library/LaunchAgents/com.apple.spindump_agent.plist", - "label": "com.apple.spindump_agent" + "program_arguments": "/usr/libexec/spindump_agent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.spindump_agent\",\"name\":\"com.apple.spindump_agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.spindump_agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/spindump_agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeaccountd\",\"name\":\"com.apple.storeaccountd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storeaccountd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeaccountd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.storeaccountd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.storeaccountd", "name": "com.apple.storeaccountd.plist", "path": "/System/Library/LaunchAgents/com.apple.storeaccountd.plist", - "label": "com.apple.storeaccountd", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeaccountd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeaccountd\",\"name\":\"com.apple.storeaccountd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storeaccountd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeaccountd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeassetd\",\"name\":\"com.apple.storeassetd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storeassetd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeassetd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.storeassetd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.storeassetd", "name": "com.apple.storeassetd.plist", "path": "/System/Library/LaunchAgents/com.apple.storeassetd.plist", - "label": "com.apple.storeassetd", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeassetd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeassetd\",\"name\":\"com.apple.storeassetd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storeassetd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeassetd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storedownloadd\",\"name\":\"com.apple.storedownloadd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storedownloadd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.storedownloadd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.storedownloadd", "name": "com.apple.storedownloadd.plist", "path": "/System/Library/LaunchAgents/com.apple.storedownloadd.plist", - "label": "com.apple.storedownloadd", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storedownloadd\",\"name\":\"com.apple.storedownloadd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storedownloadd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeinstallagent\",\"name\":\"com.apple.storeinstallagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storeinstallagent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeinstallagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.storeinstallagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.storeinstallagent", "name": "com.apple.storeinstallagent.plist", "path": "/System/Library/LaunchAgents/com.apple.storeinstallagent.plist", - "label": "com.apple.storeinstallagent", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeinstallagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeinstallagent\",\"name\":\"com.apple.storeinstallagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storeinstallagent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeinstallagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storelegacy\",\"name\":\"com.apple.storelegacy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storelegacy.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storelegacy\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.storelegacy.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.storelegacy", "name": "com.apple.storelegacy.plist", "path": "/System/Library/LaunchAgents/com.apple.storelegacy.plist", - "label": "com.apple.storelegacy", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storelegacy" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storelegacy\",\"name\":\"com.apple.storelegacy.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storelegacy.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storelegacy\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeuid\",\"name\":\"com.apple.storeuid.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storeuid.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.storeuid.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.storeuid", "name": "com.apple.storeuid.plist", "path": "/System/Library/LaunchAgents/com.apple.storeuid.plist", - "label": "com.apple.storeuid", "program": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.storeuid\",\"name\":\"com.apple.storeuid.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.storeuid.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.suggestd\",\"name\":\"com.apple.suggestd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.suggestd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.suggestd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd", + "label": "com.apple.suggestd", "name": "com.apple.suggestd.plist", "path": "/System/Library/LaunchAgents/com.apple.suggestd.plist", - "label": "com.apple.suggestd" + "program_arguments": "/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.suggestd\",\"name\":\"com.apple.suggestd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.suggestd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.swcd\",\"name\":\"com.apple.swcd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.swcd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/swcd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.swcd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/swcd", + "label": "com.apple.swcd", "name": "com.apple.swcd.plist", "path": "/System/Library/LaunchAgents/com.apple.swcd.plist", - "label": "com.apple.swcd" + "program_arguments": "/usr/libexec/swcd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.swcd\",\"name\":\"com.apple.swcd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.swcd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/swcd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.syncdefaultsd\",\"name\":\"com.apple.syncdefaultsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.syncdefaultsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.syncdefaultsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd", + "label": "com.apple.syncdefaultsd", "name": "com.apple.syncdefaultsd.plist", "path": "/System/Library/LaunchAgents/com.apple.syncdefaultsd.plist", - "label": "com.apple.syncdefaultsd" + "program_arguments": "/System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.syncdefaultsd\",\"name\":\"com.apple.syncdefaultsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.syncdefaultsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.syncservices.SyncServer\",\"name\":\"com.apple.syncservices.SyncServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.syncservices.SyncServer.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/SyncServices.framework/Versions/Current/Resources/SyncServer.app/Contents/MacOS/SyncServer\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.syncservices.SyncServer.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.syncservices.SyncServer", "name": "com.apple.syncservices.SyncServer.plist", "path": "/System/Library/LaunchAgents/com.apple.syncservices.SyncServer.plist", - "label": "com.apple.syncservices.SyncServer", "program": "/System/Library/Frameworks/SyncServices.framework/Versions/Current/Resources/SyncServer.app/Contents/MacOS/SyncServer" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.syncservices.SyncServer\",\"name\":\"com.apple.syncservices.SyncServer.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.syncservices.SyncServer.plist\",\"process_type\":\"\",\"program\":\"/System/Library/Frameworks/SyncServices.framework/Versions/Current/Resources/SyncServer.app/Contents/MacOS/SyncServer\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.syncservices.uihandler\",\"name\":\"com.apple.syncservices.uihandler.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.syncservices.uihandler.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/Current/Resources/syncuid.app/Contents/MacOS/syncuid\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.syncservices.uihandler.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.syncservices.uihandler", "name": "com.apple.syncservices.uihandler.plist", "path": "/System/Library/LaunchAgents/com.apple.syncservices.uihandler.plist", - "working_directory": "/tmp", - "label": "com.apple.syncservices.uihandler", - "program": "/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/Current/Resources/syncuid.app/Contents/MacOS/syncuid" + "program": "/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/Current/Resources/syncuid.app/Contents/MacOS/syncuid", + "working_directory": "/tmp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.syncservices.uihandler\",\"name\":\"com.apple.syncservices.uihandler.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.syncservices.uihandler.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/Current/Resources/syncuid.app/Contents/MacOS/syncuid\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sysdiagnose_agent\",\"name\":\"com.apple.sysdiagnose_agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.sysdiagnose_agent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/sysdiagnose_helper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.sysdiagnose_agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.sysdiagnose_agent", "name": "com.apple.sysdiagnose_agent.plist", "path": "/System/Library/LaunchAgents/com.apple.sysdiagnose_agent.plist", - "label": "com.apple.sysdiagnose_agent", "program": "/usr/libexec/sysdiagnose_helper" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.sysdiagnose_agent\",\"name\":\"com.apple.sysdiagnose_agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.sysdiagnose_agent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/sysdiagnose_helper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.systemprofiler\",\"name\":\"com.apple.systemprofiler.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.systemprofiler.plist\",\"process_type\":\"Interactive\",\"program\":\"/Applications/Utilities/System Information.app/Contents/MacOS/System Information\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.systemprofiler.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.systemprofiler", "name": "com.apple.systemprofiler.plist", "path": "/System/Library/LaunchAgents/com.apple.systemprofiler.plist", "process_type": "Interactive", - "label": "com.apple.systemprofiler", "program": "/Applications/Utilities/System Information.app/Contents/MacOS/System Information" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.systemprofiler\",\"name\":\"com.apple.systemprofiler.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.systemprofiler.plist\",\"process_type\":\"Interactive\",\"program\":\"/Applications/Utilities/System Information.app/Contents/MacOS/System Information\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.talagent\",\"name\":\"com.apple.talagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.talagent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/talagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.talagent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.talagent", "name": "com.apple.talagent.plist", "path": "/System/Library/LaunchAgents/com.apple.talagent.plist", - "label": "com.apple.talagent", "program": "/System/Library/CoreServices/talagent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.talagent\",\"name\":\"com.apple.talagent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.talagent.plist\",\"process_type\":\"\",\"program\":\"/System/Library/CoreServices/talagent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tccd\",\"name\":\"com.apple.tccd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.tccd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.tccd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.tccd", "name": "com.apple.tccd.plist", "path": "/System/Library/LaunchAgents/com.apple.tccd.plist", - "label": "com.apple.tccd", "program": "/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tccd\",\"name\":\"com.apple.tccd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.tccd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.telephonyutilities.callservicesd\",\"name\":\"com.apple.telephonyutilities.callservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.telephonyutilities.callservicesd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.telephonyutilities.callservicesd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd", + "label": "com.apple.telephonyutilities.callservicesd", "name": "com.apple.telephonyutilities.callservicesd.plist", "path": "/System/Library/LaunchAgents/com.apple.telephonyutilities.callservicesd.plist", "process_type": "Adaptive", - "label": "com.apple.telephonyutilities.callservicesd" + "program_arguments": "/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.telephonyutilities.callservicesd\",\"name\":\"com.apple.telephonyutilities.callservicesd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.telephonyutilities.callservicesd.plist\",\"process_type\":\"Adaptive\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.thermaltrap\",\"name\":\"com.apple.thermaltrap.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.thermaltrap.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/ThermalTrap.app/Contents/MacOS/ThermalTrap\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.thermaltrap.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.thermaltrap", "name": "com.apple.thermaltrap.plist", "path": "/System/Library/LaunchAgents/com.apple.thermaltrap.plist", "process_type": "App", - "label": "com.apple.thermaltrap", "program": "/System/Library/CoreServices/ThermalTrap.app/Contents/MacOS/ThermalTrap" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.thermaltrap\",\"name\":\"com.apple.thermaltrap.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.thermaltrap.plist\",\"process_type\":\"App\",\"program\":\"/System/Library/CoreServices/ThermalTrap.app/Contents/MacOS/ThermalTrap\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tiswitcher\",\"name\":\"com.apple.tiswitcher.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.tiswitcher.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/CoreServices/Menu Extras/TextInput.menu/Contents/SharedSupport/TISwitcher.app/Contents/MacOS/TISwitcher\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.tiswitcher.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.tiswitcher", "name": "com.apple.tiswitcher.plist", "path": "/System/Library/LaunchAgents/com.apple.tiswitcher.plist", "process_type": "Interactive", - "label": "com.apple.tiswitcher", "program": "/System/Library/CoreServices/Menu Extras/TextInput.menu/Contents/SharedSupport/TISwitcher.app/Contents/MacOS/TISwitcher" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.tiswitcher\",\"name\":\"com.apple.tiswitcher.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.tiswitcher.plist\",\"process_type\":\"Interactive\",\"program\":\"/System/Library/CoreServices/Menu Extras/TextInput.menu/Contents/SharedSupport/TISwitcher.app/Contents/MacOS/TISwitcher\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.touristd\",\"name\":\"com.apple.touristd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.touristd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/Tourist.framework/Versions/A/Resources/touristd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.touristd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.touristd", "name": "com.apple.touristd.plist", "path": "/System/Library/LaunchAgents/com.apple.touristd.plist", - "label": "com.apple.touristd", "program": "/System/Library/PrivateFrameworks/Tourist.framework/Versions/A/Resources/touristd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.touristd\",\"name\":\"com.apple.touristd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.touristd.plist\",\"process_type\":\"\",\"program\":\"/System/Library/PrivateFrameworks/Tourist.framework/Versions/A/Resources/touristd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.trustd.agent\",\"name\":\"com.apple.trustd.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.trustd.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/trustd --agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.trustd.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/trustd --agent", + "label": "com.apple.trustd.agent", "name": "com.apple.trustd.agent.plist", "path": "/System/Library/LaunchAgents/com.apple.trustd.agent.plist", - "label": "com.apple.trustd.agent" + "program_arguments": "/usr/libexec/trustd --agent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.trustd.agent\",\"name\":\"com.apple.trustd.agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.trustd.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/trustd --agent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.universalaccessAuthWarn\",\"name\":\"com.apple.universalaccessAuthWarn.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.universalaccessAuthWarn.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/universalAccessAuthWarn.app/Contents/MacOS/universalAccessAuthWarn launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.universalaccessAuthWarn.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/universalAccessAuthWarn.app/Contents/MacOS/universalAccessAuthWarn launchd -s", + "label": "com.apple.universalaccessAuthWarn", "name": "com.apple.universalaccessAuthWarn.plist", "path": "/System/Library/LaunchAgents/com.apple.universalaccessAuthWarn.plist", - "label": "com.apple.universalaccessAuthWarn", + "program_arguments": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/universalAccessAuthWarn.app/Contents/MacOS/universalAccessAuthWarn launchd -s", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.universalaccessAuthWarn\",\"name\":\"com.apple.universalaccessAuthWarn.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.universalaccessAuthWarn.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/universalAccessAuthWarn.app/Contents/MacOS/universalAccessAuthWarn launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.universalaccessHUD\",\"name\":\"com.apple.universalaccessHUD.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.universalaccessHUD.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/UniversalAccessHUD.app/Contents/MacOS/UniversalAccessHUD launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.universalaccessHUD.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/UniversalAccessHUD.app/Contents/MacOS/UniversalAccessHUD launchd -s", + "label": "com.apple.universalaccessHUD", "name": "com.apple.universalaccessHUD.plist", "path": "/System/Library/LaunchAgents/com.apple.universalaccessHUD.plist", - "label": "com.apple.universalaccessHUD", + "program_arguments": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/UniversalAccessHUD.app/Contents/MacOS/UniversalAccessHUD launchd -s", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.universalaccessHUD\",\"name\":\"com.apple.universalaccessHUD.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.universalaccessHUD.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/UniversalAccessHUD.app/Contents/MacOS/UniversalAccessHUD launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.universalaccesscontrol\",\"name\":\"com.apple.universalaccesscontrol.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.universalaccesscontrol.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/UniversalAccessControl.app/Contents/MacOS/UniversalAccessControl launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.universalaccesscontrol.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/UniversalAccessControl.app/Contents/MacOS/UniversalAccessControl launchd -s", + "label": "com.apple.universalaccesscontrol", "name": "com.apple.universalaccesscontrol.plist", "path": "/System/Library/LaunchAgents/com.apple.universalaccesscontrol.plist", "process_type": "Interactive", - "label": "com.apple.universalaccesscontrol", + "program_arguments": "/System/Library/CoreServices/UniversalAccessControl.app/Contents/MacOS/UniversalAccessControl launchd -s", "run_at_load": "0" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.universalaccesscontrol\",\"name\":\"com.apple.universalaccesscontrol.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.universalaccesscontrol.plist\",\"process_type\":\"Interactive\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/UniversalAccessControl.app/Contents/MacOS/UniversalAccessControl launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"0\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.universalaccessd\",\"name\":\"com.apple.universalaccessd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.universalaccessd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/universalaccessd launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.universalaccessd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/sbin/universalaccessd launchd -s", + "label": "com.apple.universalaccessd", "name": "com.apple.universalaccessd.plist", "path": "/System/Library/LaunchAgents/com.apple.universalaccessd.plist", - "label": "com.apple.universalaccessd", + "program_arguments": "/usr/sbin/universalaccessd launchd -s", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.universalaccessd\",\"name\":\"com.apple.universalaccessd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.universalaccessd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/sbin/universalaccessd launchd -s\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.unmountassistant.useragent\",\"name\":\"com.apple.unmountassistant.useragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.unmountassistant.useragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/UnmountAssistantAgent.app/Contents/MacOS/UnmountAssistantAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.unmountassistant.useragent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/System/Library/CoreServices/UnmountAssistantAgent.app/Contents/MacOS/UnmountAssistantAgent", + "label": "com.apple.unmountassistant.useragent", "name": "com.apple.unmountassistant.useragent.plist", "path": "/System/Library/LaunchAgents/com.apple.unmountassistant.useragent.plist", - "label": "com.apple.unmountassistant.useragent" + "program_arguments": "/System/Library/CoreServices/UnmountAssistantAgent.app/Contents/MacOS/UnmountAssistantAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.unmountassistant.useragent\",\"name\":\"com.apple.unmountassistant.useragent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.unmountassistant.useragent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/System/Library/CoreServices/UnmountAssistantAgent.app/Contents/MacOS/UnmountAssistantAgent\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.usernoted\",\"name\":\"com.apple.usernoted.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.usernoted.plist\",\"process_type\":\"\",\"program\":\"/usr/sbin/usernoted\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.usernoted.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.apple.usernoted", "name": "com.apple.usernoted.plist", "path": "/System/Library/LaunchAgents/com.apple.usernoted.plist", - "label": "com.apple.usernoted", "program": "/usr/sbin/usernoted", - "keep_alive": "1", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.apple.usernoted\",\"name\":\"com.apple.usernoted.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.usernoted.plist\",\"process_type\":\"\",\"program\":\"/usr/sbin/usernoted\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.videosubscriptionsd\",\"name\":\"com.apple.videosubscriptionsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.videosubscriptionsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/videosubscriptionsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.videosubscriptionsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/libexec/videosubscriptionsd", + "label": "com.apple.videosubscriptionsd", "name": "com.apple.videosubscriptionsd.plist", "path": "/System/Library/LaunchAgents/com.apple.videosubscriptionsd.plist", - "label": "com.apple.videosubscriptionsd" + "program_arguments": "/usr/libexec/videosubscriptionsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.videosubscriptionsd\",\"name\":\"com.apple.videosubscriptionsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.videosubscriptionsd.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/libexec/videosubscriptionsd\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.warmd_agent\",\"name\":\"com.apple.warmd_agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.warmd_agent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/warmd_agent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.warmd_agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.warmd_agent", "name": "com.apple.warmd_agent.plist", "path": "/System/Library/LaunchAgents/com.apple.warmd_agent.plist", - "label": "com.apple.warmd_agent", "program": "/usr/libexec/warmd_agent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.warmd_agent\",\"name\":\"com.apple.warmd_agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.warmd_agent.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/warmd_agent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.webinspectord\",\"name\":\"com.apple.webinspectord.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.webinspectord.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/webinspectord\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.webinspectord.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.webinspectord", "name": "com.apple.webinspectord.plist", "path": "/System/Library/LaunchAgents/com.apple.webinspectord.plist", "process_type": "Adaptive", - "label": "com.apple.webinspectord", "program": "/usr/libexec/webinspectord" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.webinspectord\",\"name\":\"com.apple.webinspectord.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.webinspectord.plist\",\"process_type\":\"Adaptive\",\"program\":\"/usr/libexec/webinspectord\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wifi.WiFiAgent\",\"name\":\"com.apple.wifi.WiFiAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.wifi.WiFiAgent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/CoreServices/WiFiAgent.app/Contents/MacOS/WiFiAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.wifi.WiFiAgent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.wifi.WiFiAgent", "name": "com.apple.wifi.WiFiAgent.plist", "path": "/System/Library/LaunchAgents/com.apple.wifi.WiFiAgent.plist", "process_type": "Adaptive", - "label": "com.apple.wifi.WiFiAgent", "program": "/System/Library/CoreServices/WiFiAgent.app/Contents/MacOS/WiFiAgent" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.wifi.WiFiAgent\",\"name\":\"com.apple.wifi.WiFiAgent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.wifi.WiFiAgent.plist\",\"process_type\":\"Adaptive\",\"program\":\"/System/Library/CoreServices/WiFiAgent.app/Contents/MacOS/WiFiAgent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xpc.loginitemregisterd\",\"name\":\"com.apple.xpc.loginitemregisterd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.xpc.loginitemregisterd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/loginitemregisterd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.xpc.loginitemregisterd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.xpc.loginitemregisterd", "name": "com.apple.xpc.loginitemregisterd.plist", "path": "/System/Library/LaunchAgents/com.apple.xpc.loginitemregisterd.plist", - "label": "com.apple.xpc.loginitemregisterd", "program": "/usr/libexec/loginitemregisterd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xpc.loginitemregisterd\",\"name\":\"com.apple.xpc.loginitemregisterd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.xpc.loginitemregisterd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/loginitemregisterd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xpc.otherbsd\",\"name\":\"com.apple.xpc.otherbsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.xpc.otherbsd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/otherbsd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.apple.xpc.otherbsd.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.apple.xpc.otherbsd", "name": "com.apple.xpc.otherbsd.plist", "path": "/System/Library/LaunchAgents/com.apple.xpc.otherbsd.plist", - "label": "com.apple.xpc.otherbsd", "program": "/usr/libexec/otherbsd" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.apple.xpc.otherbsd\",\"name\":\"com.apple.xpc.otherbsd.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.apple.xpc.otherbsd.plist\",\"process_type\":\"\",\"program\":\"/usr/libexec/otherbsd\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.openssh.ssh-agent\",\"name\":\"com.openssh.ssh-agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.openssh.ssh-agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/bin/ssh-agent -l\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/System/Library/LaunchAgents/com.openssh.ssh-agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/bin/ssh-agent -l", + "label": "com.openssh.ssh-agent", "name": "com.openssh.ssh-agent.plist", "path": "/System/Library/LaunchAgents/com.openssh.ssh-agent.plist", - "label": "com.openssh.ssh-agent" + "program_arguments": "/usr/bin/ssh-agent -l" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.openssh.ssh-agent\",\"name\":\"com.openssh.ssh-agent.plist\",\"on_demand\":\"\",\"path\":\"/System/Library/LaunchAgents/com.openssh.ssh-agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/bin/ssh-agent -l\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.oracle.java.Java-Updater\",\"name\":\"com.oracle.java.Java-Updater.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/com.oracle.java.Java-Updater.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/null\",\"stdout_path\":\"/dev/null\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchAgents/com.oracle.java.Java-Updater.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck", + "label": "com.oracle.java.Java-Updater", "name": "com.oracle.java.Java-Updater.plist", "path": "/Library/LaunchAgents/com.oracle.java.Java-Updater.plist", + "program_arguments": "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck", "stderr_path": "/dev/null", - "stdout_path": "/dev/null", - "label": "com.oracle.java.Java-Updater" + "stdout_path": "/dev/null" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.oracle.java.Java-Updater\",\"name\":\"com.oracle.java.Java-Updater.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/com.oracle.java.Java-Updater.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/null\",\"stdout_path\":\"/dev/null\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.Libmacgpg.xpc\",\"name\":\"org.gpgtools.Libmacgpg.xpc.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.Libmacgpg.xpc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Application Support/GPGTools/org.gpgtools.Libmacgpg.xpc\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchAgents/org.gpgtools.Libmacgpg.xpc.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Library/Application Support/GPGTools/org.gpgtools.Libmacgpg.xpc", + "keep_alive": "0", + "label": "org.gpgtools.Libmacgpg.xpc", "name": "org.gpgtools.Libmacgpg.xpc.plist", "path": "/Library/LaunchAgents/org.gpgtools.Libmacgpg.xpc.plist", - "label": "org.gpgtools.Libmacgpg.xpc", - "keep_alive": "0" + "program_arguments": "/Library/Application Support/GPGTools/org.gpgtools.Libmacgpg.xpc" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.Libmacgpg.xpc\",\"name\":\"org.gpgtools.Libmacgpg.xpc.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.Libmacgpg.xpc.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Application Support/GPGTools/org.gpgtools.Libmacgpg.xpc\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.gpgmail.enable-bundles\",\"name\":\"org.gpgtools.gpgmail.enable-bundles.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.gpgmail.enable-bundles.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Application Support/GPGTools/uuid-patcher enable-bundles\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchAgents/org.gpgtools.gpgmail.enable-bundles.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Library/Application Support/GPGTools/uuid-patcher enable-bundles", + "keep_alive": "0", + "label": "org.gpgtools.gpgmail.enable-bundles", "name": "org.gpgtools.gpgmail.enable-bundles.plist", "path": "/Library/LaunchAgents/org.gpgtools.gpgmail.enable-bundles.plist", - "label": "org.gpgtools.gpgmail.enable-bundles", - "keep_alive": "0", + "program_arguments": "/Library/Application Support/GPGTools/uuid-patcher enable-bundles", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.gpgmail.enable-bundles\",\"name\":\"org.gpgtools.gpgmail.enable-bundles.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.gpgmail.enable-bundles.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Application Support/GPGTools/uuid-patcher enable-bundles\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.gpgmail.user-uuid-patcher\",\"name\":\"org.gpgtools.gpgmail.patch-uuid-user.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.gpgmail.patch-uuid-user.plist\",\"process_type\":\"\",\"program\":\"/Library/Application Support/GPGTools/uuid-patcher\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchAgents/org.gpgtools.gpgmail.patch-uuid-user.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "0", + "label": "org.gpgtools.gpgmail.user-uuid-patcher", "name": "org.gpgtools.gpgmail.patch-uuid-user.plist", "path": "/Library/LaunchAgents/org.gpgtools.gpgmail.patch-uuid-user.plist", - "label": "org.gpgtools.gpgmail.user-uuid-patcher", "program": "/Library/Application Support/GPGTools/uuid-patcher", - "keep_alive": "0", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.gpgmail.user-uuid-patcher\",\"name\":\"org.gpgtools.gpgmail.patch-uuid-user.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.gpgmail.patch-uuid-user.plist\",\"process_type\":\"\",\"program\":\"/Library/Application Support/GPGTools/uuid-patcher\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.macgpg2.fix\",\"name\":\"org.gpgtools.macgpg2.fix.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.macgpg2.fix.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/local/MacGPG2/libexec/fixGpgHome\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchAgents/org.gpgtools.macgpg2.fix.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/usr/local/MacGPG2/libexec/fixGpgHome", + "keep_alive": "0", + "label": "org.gpgtools.macgpg2.fix", "name": "org.gpgtools.macgpg2.fix.plist", "path": "/Library/LaunchAgents/org.gpgtools.macgpg2.fix.plist", - "label": "org.gpgtools.macgpg2.fix", - "keep_alive": "0", + "program_arguments": "/usr/local/MacGPG2/libexec/fixGpgHome", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.macgpg2.fix\",\"name\":\"org.gpgtools.macgpg2.fix.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.macgpg2.fix.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/usr/local/MacGPG2/libexec/fixGpgHome\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.gpgtools.macgpg2.shutdown-gpg-agent\",\"name\":\"org.gpgtools.macgpg2.shutdown-gpg-agent.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.macgpg2.shutdown-gpg-agent.plist\",\"process_type\":\"\",\"program\":\"/usr/local/MacGPG2/libexec/shutdown-gpg-agent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchAgents/org.gpgtools.macgpg2.shutdown-gpg-agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "org.gpgtools.macgpg2.shutdown-gpg-agent", "name": "org.gpgtools.macgpg2.shutdown-gpg-agent.plist", "path": "/Library/LaunchAgents/org.gpgtools.macgpg2.shutdown-gpg-agent.plist", - "label": "org.gpgtools.macgpg2.shutdown-gpg-agent", "program": "/usr/local/MacGPG2/libexec/shutdown-gpg-agent", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"org.gpgtools.macgpg2.shutdown-gpg-agent\",\"name\":\"org.gpgtools.macgpg2.shutdown-gpg-agent.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.macgpg2.shutdown-gpg-agent.plist\",\"process_type\":\"\",\"program\":\"/usr/local/MacGPG2/libexec/shutdown-gpg-agent\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.updater\",\"name\":\"org.gpgtools.updater.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.updater.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Application Support/GPGTools/GPGSuite_Updater.app/Contents/MacOS/GPGSuite_Updater\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"10800\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"~/Library/Logs/DiagnosticReports\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Library/LaunchAgents/org.gpgtools.updater.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Library/Application Support/GPGTools/GPGSuite_Updater.app/Contents/MacOS/GPGSuite_Updater", + "keep_alive": "0", + "label": "org.gpgtools.updater", + "name": "org.gpgtools.updater.plist", "path": "/Library/LaunchAgents/org.gpgtools.updater.plist", + "program_arguments": "/Library/Application Support/GPGTools/GPGSuite_Updater.app/Contents/MacOS/GPGSuite_Updater", "start_interval": "10800", - "watch_paths": "~/Library/Logs/DiagnosticReports", - "name": "org.gpgtools.updater.plist", - "label": "org.gpgtools.updater", - "keep_alive": "0" + "watch_paths": "~/Library/Logs/DiagnosticReports" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.gpgtools.updater\",\"name\":\"org.gpgtools.updater.plist\",\"on_demand\":\"\",\"path\":\"/Library/LaunchAgents/org.gpgtools.updater.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Library/Application Support/GPGTools/GPGSuite_Updater.app/Contents/MacOS/GPGSuite_Updater\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"10800\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"~/Library/Logs/DiagnosticReports\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.amazon.music\",\"name\":\"com.amazon.music.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/com.amazon.music.plist\",\"process_type\":\"\",\"program\":\"/Applications/Amazon Music.app/Contents/MacOS/Amazon Music Helper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/Library/LaunchAgents/com.amazon.music.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "keep_alive": "1", + "label": "com.amazon.music", "name": "com.amazon.music.plist", "path": "/Users/tsg/Library/LaunchAgents/com.amazon.music.plist", - "label": "com.amazon.music", "program": "/Applications/Amazon Music.app/Contents/MacOS/Amazon Music Helper", - "keep_alive": "1", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"com.amazon.music\",\"name\":\"com.amazon.music.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/com.amazon.music.plist\",\"process_type\":\"\",\"program\":\"/Applications/Amazon Music.app/Contents/MacOS/Amazon Music Helper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.amazon.music.startup\",\"name\":\"com.amazon.music.startup.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/com.amazon.music.startup.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Applications/Amazon Music.app/Contents/MacOS/Amazon Music\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/Library/LaunchAgents/com.amazon.music.startup.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Applications/Amazon Music.app/Contents/MacOS/Amazon Music", - "path": "/Users/tsg/Library/LaunchAgents/com.amazon.music.startup.plist", - "run_at_load": "1", - "name": "com.amazon.music.startup.plist", "disabled": "0", + "keep_alive": "0", "label": "com.amazon.music.startup", - "keep_alive": "0" + "name": "com.amazon.music.startup.plist", + "path": "/Users/tsg/Library/LaunchAgents/com.amazon.music.startup.plist", + "program_arguments": "/Applications/Amazon Music.app/Contents/MacOS/Amazon Music", + "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"0\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"com.amazon.music.startup\",\"name\":\"com.amazon.music.startup.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/com.amazon.music.startup.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Applications/Amazon Music.app/Contents/MacOS/Amazon Music\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.dropbox.DropboxMacUpdate.agent\",\"name\":\"com.dropbox.DropboxMacUpdate.agent.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Users/tsg/Library/Dropbox/DropboxMacUpdate.app/Contents/MacOS/DropboxMacUpdate -check periodic\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"3651\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/null\",\"stdout_path\":\"/dev/null\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Users/tsg/Library/Dropbox/DropboxMacUpdate.app/Contents/MacOS/DropboxMacUpdate -check periodic", + "label": "com.dropbox.DropboxMacUpdate.agent", + "name": "com.dropbox.DropboxMacUpdate.agent.plist", "path": "/Users/tsg/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist", - "stderr_path": "/dev/null", - "stdout_path": "/dev/null", + "program_arguments": "/Users/tsg/Library/Dropbox/DropboxMacUpdate.app/Contents/MacOS/DropboxMacUpdate -check periodic", "start_interval": "3651", - "name": "com.dropbox.DropboxMacUpdate.agent.plist", - "label": "com.dropbox.DropboxMacUpdate.agent" + "stderr_path": "/dev/null", + "stdout_path": "/dev/null" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.dropbox.DropboxMacUpdate.agent\",\"name\":\"com.dropbox.DropboxMacUpdate.agent.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Users/tsg/Library/Dropbox/DropboxMacUpdate.app/Contents/MacOS/DropboxMacUpdate -check periodic\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"3651\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/null\",\"stdout_path\":\"/dev/null\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.google.keystone.user.agent\",\"name\":\"com.google.keystone.agent.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/com.google.keystone.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Users/tsg/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"3623\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/null\",\"stdout_path\":\"/dev/null\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/Library/LaunchAgents/com.google.keystone.agent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Users/tsg/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded", + "label": "com.google.keystone.user.agent", + "name": "com.google.keystone.agent.plist", "path": "/Users/tsg/Library/LaunchAgents/com.google.keystone.agent.plist", - "stderr_path": "/dev/null", - "stdout_path": "/dev/null", + "program_arguments": "/Users/tsg/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded", "run_at_load": "1", "start_interval": "3623", - "name": "com.google.keystone.agent.plist", - "label": "com.google.keystone.user.agent" + "stderr_path": "/dev/null", + "stdout_path": "/dev/null" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.google.keystone.user.agent\",\"name\":\"com.google.keystone.agent.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/com.google.keystone.agent.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Users/tsg/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"3623\",\"start_on_mount\":\"\",\"stderr_path\":\"/dev/null\",\"stdout_path\":\"/dev/null\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.lastpass.LastPassHelper\",\"name\":\"com.lastpass.LastPassHelper.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/com.lastpass.LastPassHelper.plist\",\"process_type\":\"\",\"program\":\"/Users/tsg/Library/Application Support/LastPass/LastPassHelper.app/Contents/MacOS/LastPassHelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/Library/LaunchAgents/com.lastpass.LastPassHelper.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { + "label": "com.lastpass.LastPassHelper", "name": "com.lastpass.LastPassHelper.plist", "path": "/Users/tsg/Library/LaunchAgents/com.lastpass.LastPassHelper.plist", - "label": "com.lastpass.LastPassHelper", "program": "/Users/tsg/Library/Application Support/LastPass/LastPassHelper.app/Contents/MacOS/LastPassHelper", "run_at_load": "1" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"\",\"label\":\"com.lastpass.LastPassHelper\",\"name\":\"com.lastpass.LastPassHelper.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/com.lastpass.LastPassHelper.plist\",\"process_type\":\"\",\"program\":\"/Users/tsg/Library/Application Support/LastPass/LastPassHelper.app/Contents/MacOS/LastPassHelper\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"1\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"keybase.kbfs\",\"name\":\"keybase.kbfs.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/keybase.kbfs.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Applications/Keybase.app/Contents/SharedSupport/bin/kbfs -debug -log-file=/Users/tsg/Library/Logs/keybase.kbfs.log -runtime-dir=/Users/tsg/Library/Caches/Keybase /keybase\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/Users/tsg/Library/Logs/keybase.start.log\",\"stdout_path\":\"/Users/tsg/Library/Logs/keybase.start.log\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/Library/LaunchAgents/keybase.kbfs.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Applications/Keybase.app/Contents/SharedSupport/bin/kbfs -debug -log-file=/Users/tsg/Library/Logs/keybase.kbfs.log -runtime-dir=/Users/tsg/Library/Caches/Keybase /keybase", + "keep_alive": "1", + "label": "keybase.kbfs", + "name": "keybase.kbfs.plist", "path": "/Users/tsg/Library/LaunchAgents/keybase.kbfs.plist", + "program_arguments": "/Applications/Keybase.app/Contents/SharedSupport/bin/kbfs -debug -log-file=/Users/tsg/Library/Logs/keybase.kbfs.log -runtime-dir=/Users/tsg/Library/Caches/Keybase /keybase", "stderr_path": "/Users/tsg/Library/Logs/keybase.start.log", "stdout_path": "/Users/tsg/Library/Logs/keybase.start.log", - "name": "keybase.kbfs.plist", - "working_directory": "/tmp", - "label": "keybase.kbfs", - "keep_alive": "1" + "working_directory": "/tmp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"keybase.kbfs\",\"name\":\"keybase.kbfs.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/keybase.kbfs.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Applications/Keybase.app/Contents/SharedSupport/bin/kbfs -debug -log-file=/Users/tsg/Library/Logs/keybase.kbfs.log -runtime-dir=/Users/tsg/Library/Caches/Keybase /keybase\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/Users/tsg/Library/Logs/keybase.start.log\",\"stdout_path\":\"/Users/tsg/Library/Logs/keybase.start.log\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"keybase.service\",\"name\":\"keybase.service.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/keybase.service.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Applications/Keybase.app/Contents/SharedSupport/bin/keybase -d --log-file=/Users/tsg/Library/Logs/keybase.service.log service\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/Users/tsg/Library/Logs/keybase.start.log\",\"stdout_path\":\"/Users/tsg/Library/Logs/keybase.start.log\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/Library/LaunchAgents/keybase.service.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Applications/Keybase.app/Contents/SharedSupport/bin/keybase -d --log-file=/Users/tsg/Library/Logs/keybase.service.log service", + "keep_alive": "1", + "label": "keybase.service", + "name": "keybase.service.plist", "path": "/Users/tsg/Library/LaunchAgents/keybase.service.plist", + "program_arguments": "/Applications/Keybase.app/Contents/SharedSupport/bin/keybase -d --log-file=/Users/tsg/Library/Logs/keybase.service.log service", "stderr_path": "/Users/tsg/Library/Logs/keybase.start.log", "stdout_path": "/Users/tsg/Library/Logs/keybase.start.log", - "name": "keybase.service.plist", - "working_directory": "/tmp", - "label": "keybase.service", - "keep_alive": "1" + "working_directory": "/tmp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"keybase.service\",\"name\":\"keybase.service.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/keybase.service.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Applications/Keybase.app/Contents/SharedSupport/bin/keybase -d --log-file=/Users/tsg/Library/Logs/keybase.service.log service\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/Users/tsg/Library/Logs/keybase.start.log\",\"stdout_path\":\"/Users/tsg/Library/Logs/keybase.start.log\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"keybase.updater\",\"name\":\"keybase.updater.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/keybase.updater.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Applications/Keybase.app/Contents/SharedSupport/bin/updater -path-to-keybase=/Applications/Keybase.app/Contents/SharedSupport/bin/keybase\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/Users/tsg/Library/Logs/keybase.updater.log\",\"stdout_path\":\"/Users/tsg/Library/Logs/keybase.updater.log\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/Library/LaunchAgents/keybase.updater.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "program_arguments": "/Applications/Keybase.app/Contents/SharedSupport/bin/updater -path-to-keybase=/Applications/Keybase.app/Contents/SharedSupport/bin/keybase", + "keep_alive": "1", + "label": "keybase.updater", + "name": "keybase.updater.plist", "path": "/Users/tsg/Library/LaunchAgents/keybase.updater.plist", + "program_arguments": "/Applications/Keybase.app/Contents/SharedSupport/bin/updater -path-to-keybase=/Applications/Keybase.app/Contents/SharedSupport/bin/keybase", "stderr_path": "/Users/tsg/Library/Logs/keybase.updater.log", "stdout_path": "/Users/tsg/Library/Logs/keybase.updater.log", - "name": "keybase.updater.plist", - "working_directory": "/tmp", - "label": "keybase.updater", - "keep_alive": "1" + "working_directory": "/tmp" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"1\",\"label\":\"keybase.updater\",\"name\":\"keybase.updater.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/keybase.updater.plist\",\"process_type\":\"\",\"program\":\"\",\"program_arguments\":\"/Applications/Keybase.app/Contents/SharedSupport/bin/updater -path-to-keybase=/Applications/Keybase.app/Contents/SharedSupport/bin/keybase\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"/Users/tsg/Library/Logs/keybase.updater.log\",\"stdout_path\":\"/Users/tsg/Library/Logs/keybase.updater.log\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"/tmp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:51.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.virtualbox.vboxwebsvc\",\"name\":\"org.virtualbox.vboxwebsrv.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist\",\"process_type\":\"\",\"program\":\"/Applications/VirtualBox.app/Contents/MacOS/vboxwebsrv\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", "columns": { - "name": "org.virtualbox.vboxwebsrv.plist", - "path": "/Users/tsg/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist", "disabled": "1", + "keep_alive": "0", "label": "org.virtualbox.vboxwebsvc", - "program": "/Applications/VirtualBox.app/Contents/MacOS/vboxwebsrv", - "keep_alive": "0" + "name": "org.virtualbox.vboxwebsrv.plist", + "path": "/Users/tsg/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist", + "program": "/Applications/VirtualBox.app/Contents/MacOS/vboxwebsrv" }, - "name": "pack_it-compliance_launchd", - "unix_time": "1514471991", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:51 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_launchd", + "unix_time": "1514471991" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_launchd" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:51 2017 UTC\",\"columns\":{\"disabled\":\"1\",\"groupname\":\"\",\"inetd_compatibility\":\"\",\"keep_alive\":\"0\",\"label\":\"org.virtualbox.vboxwebsvc\",\"name\":\"org.virtualbox.vboxwebsrv.plist\",\"on_demand\":\"\",\"path\":\"/Users/tsg/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist\",\"process_type\":\"\",\"program\":\"/Applications/VirtualBox.app/Contents/MacOS/vboxwebsrv\",\"program_arguments\":\"\",\"queue_directories\":\"\",\"root_directory\":\"\",\"run_at_load\":\"\",\"start_interval\":\"\",\"start_on_mount\":\"\",\"stderr_path\":\"\",\"stdout_path\":\"\",\"username\":\"\",\"watch_paths\":\"\",\"working_directory\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_launchd\",\"unixTime\":\"1514471991\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/libexec/configd\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/usr/libexec/configd" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "path": "/usr/libexec/configd", "state": "3" }, - "name": "pack_it-compliance_alf_exceptions", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_exceptions", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_exceptions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/libexec/configd\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/sbin/mDNSResponder\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/usr/sbin/mDNSResponder" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "path": "/usr/sbin/mDNSResponder", "state": "3" }, - "name": "pack_it-compliance_alf_exceptions", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_exceptions", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_exceptions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/sbin/mDNSResponder\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/sbin/racoon\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/usr/sbin/racoon" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "path": "/usr/sbin/racoon", "state": "3" }, - "name": "pack_it-compliance_alf_exceptions", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_exceptions", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_exceptions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/sbin/racoon\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/bin/nmblookup\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/usr/bin/nmblookup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "path": "/usr/bin/nmblookup", "state": "3" }, - "name": "pack_it-compliance_alf_exceptions", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_exceptions", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_exceptions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/bin/nmblookup\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/readconfig\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/readconfig" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "path": "/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/readconfig", "state": "3" }, - "name": "pack_it-compliance_alf_exceptions", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_exceptions", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_exceptions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/readconfig\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/libexec/discoveryd\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/usr/libexec/discoveryd" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "path": "/usr/libexec/discoveryd", "state": "3" }, - "name": "pack_it-compliance_alf_exceptions", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_exceptions", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, - "rule": { - "name": "pack_it-compliance_alf_exceptions" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/libexec/discoveryd\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ], + "user": [ + "tsg" + ] }, - "user": { - "name": "tsg" + "rule": { + "name": "pack_it-compliance_alf_exceptions" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/libexec/bootpd\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/usr/libexec/bootpd" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "path": "/usr/libexec/bootpd", "state": "3" }, - "name": "pack_it-compliance_alf_exceptions", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_exceptions", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_exceptions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/libexec/bootpd\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/libexec/xartstorageremoted\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/usr/libexec/xartstorageremoted" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "path": "/usr/libexec/xartstorageremoted", "state": "3" }, - "name": "pack_it-compliance_alf_exceptions", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_exceptions", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_exceptions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/usr/libexec/xartstorageremoted\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/System/Library/PrivateFrameworks/EmbeddedOSInstall.framework/Versions/A/XPCServices/EmbeddedOSInstallService.xpc/\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/EmbeddedOSInstall.framework/Versions/A/XPCServices/EmbeddedOSInstallService.xpc/" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "path": "/System/Library/PrivateFrameworks/EmbeddedOSInstall.framework/Versions/A/XPCServices/EmbeddedOSInstallService.xpc/", "state": "3" }, - "name": "pack_it-compliance_alf_exceptions", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf_exceptions", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf_exceptions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"path\":\"/System/Library/PrivateFrameworks/EmbeddedOSInstall.framework/Versions/A/XPCServices/EmbeddedOSInstallService.xpc/\",\"state\":\"3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf_exceptions\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk0\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/disk0" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk0\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk0s2\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"0DB444B2-AA24-47DE-82EE-8942733B7171\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/disk0s2", "uuid": "0DB444B2-AA24-47DE-82EE-8942733B7171" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk0s2\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"0DB444B2-AA24-47DE-82EE-8942733B7171\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk0s1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"F8B90D51-89FD-42FC-944C-481F1179BE10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/disk0s1", "uuid": "F8B90D51-89FD-42FC-944C-481F1179BE10" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk0s1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"F8B90D51-89FD-42FC-944C-481F1179BE10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"F3C8E286-7922-4DF5-9D18-E49D238B061C\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/disk1", "uuid": "F3C8E286-7922-4DF5-9D18-E49D238B061C" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"F3C8E286-7922-4DF5-9D18-E49D238B061C\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"1\",\"name\":\"/dev/disk1s1\",\"type\":\"APFS Encryption\",\"uid\":\"501\",\"user_uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"uuid\":\"FB52F09F-EA67-32CA-A2A9-5DA0F916BDF0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "type": "APFS Encryption", "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { + "encrypted": "1", "name": "/dev/disk1s1", + "type": "APFS Encryption", "uid": "501", "user_uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "encrypted": "1", - "type": "APFS Encryption", "uuid": "FB52F09F-EA67-32CA-A2A9-5DA0F916BDF0" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"1\",\"name\":\"/dev/disk1s1\",\"type\":\"APFS Encryption\",\"uid\":\"501\",\"user_uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"uuid\":\"FB52F09F-EA67-32CA-A2A9-5DA0F916BDF0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk1s2\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"2E4CA07D-12A6-48AA-A772-81B7C8E57712\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/disk1s2", "uuid": "2E4CA07D-12A6-48AA-A772-81B7C8E57712" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk1s2\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"2E4CA07D-12A6-48AA-A772-81B7C8E57712\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk1s3\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"C7614E14-D0F9-4866-B094-099F3E6886BE\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/disk1s3", "uuid": "C7614E14-D0F9-4866-B094-099F3E6886BE" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk1s3\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"C7614E14-D0F9-4866-B094-099F3E6886BE\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk1s4\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"A14F130D-021F-48A9-B45E-B21B577AF412\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/disk1s4", "uuid": "A14F130D-021F-48A9-B45E-B21B577AF412" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/disk1s4\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"A14F130D-021F-48A9-B45E-B21B577AF412\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Amazon Music\",\"bundle_identifier\":\"com.amazon.music\",\"bundle_name\":\"Amazon Music\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.1.3\",\"bundle_version\":\"6.1.3.1192\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\\\\xC2\\\\xA9 2007 - 2017, Amazon.com Inc.\",\"development_region\":\"English\",\"display_name\":\"Amazon Music\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Amazon Music 6.1.3.1192 \\\\xC2\\\\xA9 2007 - 2017, Amazon.com Inc.\",\"last_opened_time\":\"1513635619.00891\",\"minimum_system_version\":\"10.6.0\",\"name\":\"Amazon Music.app\",\"path\":\"/Applications/Amazon Music.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Amazon Music.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "\\xC2\\xA9 2007 - 2017, Amazon.com Inc.", - "info_string": "Amazon Music 6.1.3.1192 \\xC2\\xA9 2007 - 2017, Amazon.com Inc.", - "bundle_short_version": "6.1.3", - "last_opened_time": "1513635619.00891", + "bundle_executable": "Amazon Music", + "bundle_identifier": "com.amazon.music", "bundle_name": "Amazon Music", - "display_name": "Amazon Music", + "bundle_package_type": "APPL", + "bundle_short_version": "6.1.3", "bundle_version": "6.1.3.1192", + "copyright": "\\xC2\\xA9 2007 - 2017, Amazon.com Inc.", "development_region": "English", - "path": "/Applications/Amazon Music.app", - "name": "Amazon Music.app", - "bundle_identifier": "com.amazon.music", + "display_name": "Amazon Music", + "info_string": "Amazon Music 6.1.3.1192 \\xC2\\xA9 2007 - 2017, Amazon.com Inc.", + "last_opened_time": "1513635619.00891", "minimum_system_version": "10.6.0", - "bundle_executable": "Amazon Music", - "bundle_package_type": "APPL" + "name": "Amazon Music.app", + "path": "/Applications/Amazon Music.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Amazon Music\",\"bundle_identifier\":\"com.amazon.music\",\"bundle_name\":\"Amazon Music\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.1.3\",\"bundle_version\":\"6.1.3.1192\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\\\\xC2\\\\xA9 2007 - 2017, Amazon.com Inc.\",\"development_region\":\"English\",\"display_name\":\"Amazon Music\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Amazon Music 6.1.3.1192 \\\\xC2\\\\xA9 2007 - 2017, Amazon.com Inc.\",\"last_opened_time\":\"1513635619.00891\",\"minimum_system_version\":\"10.6.0\",\"name\":\"Amazon Music.app\",\"path\":\"/Applications/Amazon Music.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"App Store\",\"bundle_identifier\":\"com.apple.appstore\",\"bundle_name\":\"App Store\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.3\",\"bundle_version\":\"652\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514042012.5747\",\"minimum_system_version\":\"10.13\",\"name\":\"App Store.app\",\"path\":\"/Applications/App Store.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:54.000Z", "file": { "path": "/Applications/App Store.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "2.3", - "last_opened_time": "1514042012.5747", + "bundle_executable": "App Store", + "bundle_identifier": "com.apple.appstore", "bundle_name": "App Store", + "bundle_package_type": "APPL", + "bundle_short_version": "2.3", "bundle_version": "652", - "development_region": "English", - "path": "/Applications/App Store.app", - "name": "App Store.app", - "bundle_identifier": "com.apple.appstore", - "minimum_system_version": "10.13", - "bundle_executable": "App Store", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "last_opened_time": "1514042012.5747", + "minimum_system_version": "10.13", + "name": "App Store.app", + "path": "/Applications/App Store.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"App Store\",\"bundle_identifier\":\"com.apple.appstore\",\"bundle_name\":\"App Store\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.3\",\"bundle_version\":\"652\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514042012.5747\",\"minimum_system_version\":\"10.13\",\"name\":\"App Store.app\",\"path\":\"/Applications/App Store.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Automator\",\"bundle_identifier\":\"com.apple.Automator\",\"bundle_name\":\"Automator\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.8\",\"bundle_version\":\"444.1\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2004\\\\xE2\\\\x80\\\\x932016 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10\",\"name\":\"Automator.app\",\"path\":\"/Applications/Automator.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Automator.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 2004\\xE2\\x80\\x932016 Apple Inc. All rights reserved.", - "bundle_short_version": "2.8", - "last_opened_time": "-1.0", + "bundle_executable": "Automator", + "bundle_identifier": "com.apple.Automator", "bundle_name": "Automator", + "bundle_package_type": "APPL", + "bundle_short_version": "2.8", "bundle_version": "444.1", - "development_region": "English", - "path": "/Applications/Automator.app", - "name": "Automator.app", - "bundle_identifier": "com.apple.Automator", - "minimum_system_version": "10.10", - "bundle_executable": "Automator", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2004\\xE2\\x80\\x932016 Apple Inc. All rights reserved.", + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.10", + "name": "Automator.app", + "path": "/Applications/Automator.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Automator\",\"bundle_identifier\":\"com.apple.Automator\",\"bundle_name\":\"Automator\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.8\",\"bundle_version\":\"444.1\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2004\\\\xE2\\\\x80\\\\x932016 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10\",\"name\":\"Automator.app\",\"path\":\"/Applications/Automator.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Calculator\",\"bundle_identifier\":\"com.apple.calculator\",\"bundle_name\":\"Calculator\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"123\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.13, Copyright \\\\xC2\\\\xA9 2001-2017, Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10.0\",\"name\":\"Calculator.app\",\"path\":\"/Applications/Calculator.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Calculator.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "10.13, Copyright \\xC2\\xA9 2001-2017, Apple Inc.", - "bundle_short_version": "10.13", - "last_opened_time": "-1.0", + "bundle_executable": "Calculator", + "bundle_identifier": "com.apple.calculator", "bundle_name": "Calculator", + "bundle_package_type": "APPL", + "bundle_short_version": "10.13", "bundle_version": "123", - "development_region": "English", - "path": "/Applications/Calculator.app", - "name": "Calculator.app", - "bundle_identifier": "com.apple.calculator", - "minimum_system_version": "10.10.0", - "bundle_executable": "Calculator", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "info_string": "10.13, Copyright \\xC2\\xA9 2001-2017, Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.10.0", + "name": "Calculator.app", + "path": "/Applications/Calculator.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Calculator\",\"bundle_identifier\":\"com.apple.calculator\",\"bundle_name\":\"Calculator\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"123\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.13, Copyright \\\\xC2\\\\xA9 2001-2017, Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10.0\",\"name\":\"Calculator.app\",\"path\":\"/Applications/Calculator.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Calendar\",\"bundle_identifier\":\"com.apple.iCal\",\"bundle_name\":\"Calendar\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"2194\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Calendar\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.8\",\"name\":\"Calendar.app\",\"path\":\"/Applications/Calendar.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Calendar.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "10.0", - "last_opened_time": "-1.0", + "bundle_executable": "Calendar", + "bundle_identifier": "com.apple.iCal", "bundle_name": "Calendar", - "display_name": "Calendar", + "bundle_package_type": "APPL", + "bundle_short_version": "10.0", "bundle_version": "2194", - "development_region": "English", - "path": "/Applications/Calendar.app", - "name": "Calendar.app", - "bundle_identifier": "com.apple.iCal", - "minimum_system_version": "10.8", - "bundle_executable": "Calendar", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "Calendar", + "last_opened_time": "-1.0", + "minimum_system_version": "10.8", + "name": "Calendar.app", + "path": "/Applications/Calendar.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Calendar\",\"bundle_identifier\":\"com.apple.iCal\",\"bundle_name\":\"Calendar\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"2194\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Calendar\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.8\",\"name\":\"Calendar.app\",\"path\":\"/Applications/Calendar.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Chess\",\"bundle_identifier\":\"com.apple.Chess\",\"bundle_name\":\"Chess\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.15\",\"bundle_version\":\"3.15\",\"category\":\"public.app-category.board-games\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright 2003-2017 Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"3.15, Copyright 2003-2017 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9.0\",\"name\":\"Chess.app\",\"path\":\"/Applications/Chess.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Chess.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright 2003-2017 Apple Inc.", - "info_string": "3.15, Copyright 2003-2017 Apple Inc.", - "bundle_short_version": "3.15", - "last_opened_time": "-1.0", + "bundle_executable": "Chess", + "bundle_identifier": "com.apple.Chess", "bundle_name": "Chess", + "bundle_package_type": "APPL", + "bundle_short_version": "3.15", "bundle_version": "3.15", - "development_region": "English", - "path": "/Applications/Chess.app", - "name": "Chess.app", - "bundle_identifier": "com.apple.Chess", - "minimum_system_version": "10.9.0", - "bundle_executable": "Chess", "category": "public.app-category.board-games", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright 2003-2017 Apple Inc.", + "development_region": "English", + "info_string": "3.15, Copyright 2003-2017 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.9.0", + "name": "Chess.app", + "path": "/Applications/Chess.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Chess\",\"bundle_identifier\":\"com.apple.Chess\",\"bundle_name\":\"Chess\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.15\",\"bundle_version\":\"3.15\",\"category\":\"public.app-category.board-games\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright 2003-2017 Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"3.15, Copyright 2003-2017 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9.0\",\"name\":\"Chess.app\",\"path\":\"/Applications/Chess.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Contacts\",\"bundle_identifier\":\"com.apple.AddressBook\",\"bundle_name\":\"Contacts\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc.\\\\n All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"Contacts\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13.0\",\"name\":\"Contacts.app\",\"path\":\"/Applications/Contacts.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Contacts.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 2002-2017 Apple Inc.\\n All Rights Reserved.", - "bundle_short_version": "11.0", - "last_opened_time": "-1.0", + "bundle_executable": "Contacts", + "bundle_identifier": "com.apple.AddressBook", "bundle_name": "Contacts", - "display_name": "Contacts", + "bundle_package_type": "APPL", + "bundle_short_version": "11.0", "bundle_version": "1806", - "development_region": "English", - "path": "/Applications/Contacts.app", - "name": "Contacts.app", - "bundle_identifier": "com.apple.AddressBook", - "minimum_system_version": "10.13.0", - "bundle_executable": "Contacts", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2002-2017 Apple Inc.\\n All Rights Reserved.", + "development_region": "English", + "display_name": "Contacts", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13.0", + "name": "Contacts.app", + "path": "/Applications/Contacts.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Contacts\",\"bundle_identifier\":\"com.apple.AddressBook\",\"bundle_name\":\"Contacts\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc.\\\\n All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"Contacts\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13.0\",\"name\":\"Contacts.app\",\"path\":\"/Applications/Contacts.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"DVD Player\",\"bundle_identifier\":\"com.apple.DVDPlayer\",\"bundle_name\":\"DVD Player\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.8\",\"bundle_version\":\"5500.70\",\"category\":\"public.app-category.video\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.8, Copyright \\\\xC2\\\\xA9 2001-2015 by Apple Inc. All Rights Reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7.0\",\"name\":\"DVD Player.app\",\"path\":\"/Applications/DVD Player.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/DVD Player.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "5.8, Copyright \\xC2\\xA9 2001-2015 by Apple Inc. All Rights Reserved.", - "bundle_short_version": "5.8", - "last_opened_time": "-1.0", + "bundle_executable": "DVD Player", + "bundle_identifier": "com.apple.DVDPlayer", "bundle_name": "DVD Player", + "bundle_package_type": "APPL", + "bundle_short_version": "5.8", "bundle_version": "5500.70", - "development_region": "English", - "path": "/Applications/DVD Player.app", - "name": "DVD Player.app", - "bundle_identifier": "com.apple.DVDPlayer", - "minimum_system_version": "10.7.0", - "bundle_executable": "DVD Player", "category": "public.app-category.video", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "info_string": "5.8, Copyright \\xC2\\xA9 2001-2015 by Apple Inc. All Rights Reserved.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.7.0", + "name": "DVD Player.app", + "path": "/Applications/DVD Player.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"DVD Player\",\"bundle_identifier\":\"com.apple.DVDPlayer\",\"bundle_name\":\"DVD Player\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.8\",\"bundle_version\":\"5500.70\",\"category\":\"public.app-category.video\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.8, Copyright \\\\xC2\\\\xA9 2001-2015 by Apple Inc. All Rights Reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7.0\",\"name\":\"DVD Player.app\",\"path\":\"/Applications/DVD Player.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Dashboard\",\"bundle_identifier\":\"com.apple.dashboardlauncher\",\"bundle_name\":\"Dashboard\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.8\",\"bundle_version\":\"1.8\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.8, Copyright 2006-2014 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"Dashboard.app\",\"path\":\"/Applications/Dashboard.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Dashboard.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "1.8, Copyright 2006-2014 Apple Inc.", - "bundle_short_version": "1.8", - "last_opened_time": "-1.0", + "bundle_executable": "Dashboard", + "bundle_identifier": "com.apple.dashboardlauncher", "bundle_name": "Dashboard", + "bundle_package_type": "APPL", + "bundle_short_version": "1.8", "bundle_version": "1.8", - "development_region": "English", - "path": "/Applications/Dashboard.app", - "name": "Dashboard.app", - "bundle_identifier": "com.apple.dashboardlauncher", - "minimum_system_version": "10.7", - "bundle_executable": "Dashboard", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "development_region": "English", + "element": "1", + "info_string": "1.8, Copyright 2006-2014 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.7", + "name": "Dashboard.app", + "path": "/Applications/Dashboard.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Dashboard\",\"bundle_identifier\":\"com.apple.dashboardlauncher\",\"bundle_name\":\"Dashboard\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.8\",\"bundle_version\":\"1.8\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.8, Copyright 2006-2014 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"Dashboard.app\",\"path\":\"/Applications/Dashboard.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Dictionary\",\"bundle_identifier\":\"com.apple.Dictionary\",\"bundle_name\":\"Dictionary\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.2.2\",\"bundle_version\":\"203\",\"category\":\"public.app-category.reference\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Dictionary\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514452502.71323\",\"minimum_system_version\":\"10.7.0\",\"name\":\"Dictionary.app\",\"path\":\"/Applications/Dictionary.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Dictionary.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "2.2.2", - "last_opened_time": "1514452502.71323", + "bundle_executable": "Dictionary", + "bundle_identifier": "com.apple.Dictionary", "bundle_name": "Dictionary", - "display_name": "Dictionary", + "bundle_package_type": "APPL", + "bundle_short_version": "2.2.2", "bundle_version": "203", - "development_region": "English", - "path": "/Applications/Dictionary.app", - "name": "Dictionary.app", - "bundle_identifier": "com.apple.Dictionary", - "minimum_system_version": "10.7.0", - "bundle_executable": "Dictionary", "category": "public.app-category.reference", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "Dictionary", + "last_opened_time": "1514452502.71323", + "minimum_system_version": "10.7.0", + "name": "Dictionary.app", + "path": "/Applications/Dictionary.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Dictionary\",\"bundle_identifier\":\"com.apple.Dictionary\",\"bundle_name\":\"Dictionary\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.2.2\",\"bundle_version\":\"203\",\"category\":\"public.app-category.reference\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Dictionary\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514452502.71323\",\"minimum_system_version\":\"10.7.0\",\"name\":\"Dictionary.app\",\"path\":\"/Applications/Dictionary.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Docker\",\"bundle_identifier\":\"com.docker.docker\",\"bundle_name\":\"Docker\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"17.09.1-ce-mac42\",\"bundle_version\":\"21090\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Docker Inc. All Rights Reserved.\",\"development_region\":\"en\",\"display_name\":\"Docker\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514388952.19597\",\"minimum_system_version\":\"10.10\",\"name\":\"Docker.app\",\"path\":\"/Applications/Docker.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Docker.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 Docker Inc. All Rights Reserved.", - "bundle_short_version": "17.09.1-ce-mac42", - "last_opened_time": "1514388952.19597", + "bundle_executable": "Docker", + "bundle_identifier": "com.docker.docker", "bundle_name": "Docker", - "display_name": "Docker", + "bundle_package_type": "APPL", + "bundle_short_version": "17.09.1-ce-mac42", "bundle_version": "21090", - "development_region": "en", - "path": "/Applications/Docker.app", - "name": "Docker.app", - "bundle_identifier": "com.docker.docker", - "minimum_system_version": "10.10", - "bundle_executable": "Docker", "category": "public.app-category.developer-tools", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "copyright": "Copyright \\xC2\\xA9 2016 Docker Inc. All Rights Reserved.", + "development_region": "en", + "display_name": "Docker", + "element": "1", + "last_opened_time": "1514388952.19597", + "minimum_system_version": "10.10", + "name": "Docker.app", + "path": "/Applications/Docker.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Docker\",\"bundle_identifier\":\"com.docker.docker\",\"bundle_name\":\"Docker\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"17.09.1-ce-mac42\",\"bundle_version\":\"21090\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Docker Inc. All Rights Reserved.\",\"development_region\":\"en\",\"display_name\":\"Docker\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514388952.19597\",\"minimum_system_version\":\"10.10\",\"name\":\"Docker.app\",\"path\":\"/Applications/Docker.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"DockerHelper\",\"bundle_identifier\":\"com.docker.helper\",\"bundle_name\":\"DockerHelper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0.1\",\"bundle_version\":\"2\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 docker. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1512753148.0\",\"minimum_system_version\":\"10.10\",\"name\":\"DockerHelper.app\",\"path\":\"/Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015 docker. All rights reserved.", - "bundle_short_version": "1.0.1", - "last_opened_time": "1512753148.0", + "bundle_executable": "DockerHelper", + "bundle_identifier": "com.docker.helper", "bundle_name": "DockerHelper", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0.1", "bundle_version": "2", - "development_region": "en", - "path": "/Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app", - "name": "DockerHelper.app", - "bundle_identifier": "com.docker.helper", - "minimum_system_version": "10.10", - "bundle_executable": "DockerHelper", "category": "public.app-category.developer-tools", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2015 docker. All rights reserved.", + "development_region": "en", + "last_opened_time": "1512753148.0", + "minimum_system_version": "10.10", + "name": "DockerHelper.app", + "path": "/Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"DockerHelper\",\"bundle_identifier\":\"com.docker.helper\",\"bundle_name\":\"DockerHelper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0.1\",\"bundle_version\":\"2\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 docker. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1512753148.0\",\"minimum_system_version\":\"10.10\",\"name\":\"DockerHelper.app\",\"path\":\"/Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"0\",\"bundle_executable\":\"Dropbox\",\"bundle_identifier\":\"com.getdropbox.dropbox\",\"bundle_name\":\"Dropbox\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"40.4.46\",\"bundle_version\":\"40.4.46\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright Dropbox, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Dropbox\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1513601508.55934\",\"minimum_system_version\":\"10.6\",\"name\":\"Dropbox.app\",\"path\":\"/Applications/Dropbox.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Dropbox.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "0", - "copyright": "Copyright Dropbox, Inc. All rights reserved.", - "bundle_short_version": "40.4.46", - "last_opened_time": "1513601508.55934", + "bundle_executable": "Dropbox", + "bundle_identifier": "com.getdropbox.dropbox", "bundle_name": "Dropbox", - "display_name": "Dropbox", + "bundle_package_type": "APPL", + "bundle_short_version": "40.4.46", "bundle_version": "40.4.46", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright Dropbox, Inc. All rights reserved.", "development_region": "en", - "path": "/Applications/Dropbox.app", - "name": "Dropbox.app", - "bundle_identifier": "com.getdropbox.dropbox", + "display_name": "Dropbox", + "element": "1", + "last_opened_time": "1513601508.55934", "minimum_system_version": "10.6", - "bundle_executable": "Dropbox", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Dropbox.app", + "path": "/Applications/Dropbox.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"0\",\"bundle_executable\":\"Dropbox\",\"bundle_identifier\":\"com.getdropbox.dropbox\",\"bundle_name\":\"Dropbox\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"40.4.46\",\"bundle_version\":\"40.4.46\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright Dropbox, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Dropbox\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1513601508.55934\",\"minimum_system_version\":\"10.6\",\"name\":\"Dropbox.app\",\"path\":\"/Applications/Dropbox.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"loginhelper\",\"bundle_identifier\":\"com.getdropbox.dropbox.loginhelper\",\"bundle_name\":\"Dropbox Login Helper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Dropbox, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1512435648.0\",\"minimum_system_version\":\"10.6\",\"name\":\"loginhelper.app\",\"path\":\"/Applications/Dropbox.app/Contents/Library/LoginItems/loginhelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Dropbox.app/Contents/Library/LoginItems/loginhelper.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015 Dropbox, Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "1512435648.0", + "bundle_executable": "loginhelper", + "bundle_identifier": "com.getdropbox.dropbox.loginhelper", "bundle_name": "Dropbox Login Helper", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2015 Dropbox, Inc. All rights reserved.", "development_region": "en", - "path": "/Applications/Dropbox.app/Contents/Library/LoginItems/loginhelper.app", - "name": "loginhelper.app", - "bundle_identifier": "com.getdropbox.dropbox.loginhelper", + "last_opened_time": "1512435648.0", "minimum_system_version": "10.6", - "bundle_executable": "loginhelper", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "loginhelper.app", + "path": "/Applications/Dropbox.app/Contents/Library/LoginItems/loginhelper.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"loginhelper\",\"bundle_identifier\":\"com.getdropbox.dropbox.loginhelper\",\"bundle_name\":\"Dropbox Login Helper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Dropbox, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1512435648.0\",\"minimum_system_version\":\"10.6\",\"name\":\"loginhelper.app\",\"path\":\"/Applications/Dropbox.app/Contents/Library/LoginItems/loginhelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"FaceTime\",\"bundle_identifier\":\"com.apple.FaceTime\",\"bundle_name\":\"FaceTime\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0\",\"bundle_version\":\"3080\",\"category\":\"public.app-category.social-networking\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514366781.14505\",\"minimum_system_version\":\"10.7\",\"name\":\"FaceTime.app\",\"path\":\"/Applications/FaceTime.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/FaceTime.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "4.0", - "last_opened_time": "1514366781.14505", + "bundle_executable": "FaceTime", + "bundle_identifier": "com.apple.FaceTime", "bundle_name": "FaceTime", + "bundle_package_type": "APPL", + "bundle_short_version": "4.0", "bundle_version": "3080", - "development_region": "English", - "path": "/Applications/FaceTime.app", - "name": "FaceTime.app", - "bundle_identifier": "com.apple.FaceTime", - "minimum_system_version": "10.7", - "bundle_executable": "FaceTime", "category": "public.app-category.social-networking", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "last_opened_time": "1514366781.14505", + "minimum_system_version": "10.7", + "name": "FaceTime.app", + "path": "/Applications/FaceTime.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"FaceTime\",\"bundle_identifier\":\"com.apple.FaceTime\",\"bundle_name\":\"FaceTime\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0\",\"bundle_version\":\"3080\",\"category\":\"public.app-category.social-networking\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514366781.14505\",\"minimum_system_version\":\"10.7\",\"name\":\"FaceTime.app\",\"path\":\"/Applications/FaceTime.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"firefox\",\"bundle_identifier\":\"org.mozilla.firefox\",\"bundle_name\":\"Firefox\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"57.0.1\",\"bundle_version\":\"5717.11.28\",\"category\":\"public.app-category.productivity\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Firefox 57.0.1\",\"last_opened_time\":\"1513758410.92773\",\"minimum_system_version\":\"10.9.0\",\"name\":\"Firefox.app\",\"path\":\"/Applications/Firefox.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Firefox.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "Firefox 57.0.1", - "bundle_short_version": "57.0.1", - "last_opened_time": "1513758410.92773", + "bundle_executable": "firefox", + "bundle_identifier": "org.mozilla.firefox", "bundle_name": "Firefox", + "bundle_package_type": "APPL", + "bundle_short_version": "57.0.1", "bundle_version": "5717.11.28", + "category": "public.app-category.productivity", "development_region": "English", - "path": "/Applications/Firefox.app", - "name": "Firefox.app", - "bundle_identifier": "org.mozilla.firefox", + "info_string": "Firefox 57.0.1", + "last_opened_time": "1513758410.92773", "minimum_system_version": "10.9.0", - "bundle_executable": "firefox", - "category": "public.app-category.productivity", - "bundle_package_type": "APPL" + "name": "Firefox.app", + "path": "/Applications/Firefox.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"firefox\",\"bundle_identifier\":\"org.mozilla.firefox\",\"bundle_name\":\"Firefox\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"57.0.1\",\"bundle_version\":\"5717.11.28\",\"category\":\"public.app-category.productivity\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Firefox 57.0.1\",\"last_opened_time\":\"1513758410.92773\",\"minimum_system_version\":\"10.9.0\",\"name\":\"Firefox.app\",\"path\":\"/Applications/Firefox.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Font Book\",\"bundle_identifier\":\"com.apple.FontBook\",\"bundle_name\":\"Font Book\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.0\",\"bundle_version\":\"310\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Font Book\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"8.0, Copyright \\\\xC2\\\\xA9 2003\\\\xE2\\\\x80\\\\x932017 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Font Book.app\",\"path\":\"/Applications/Font Book.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Font Book.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "8.0, Copyright \\xC2\\xA9 2003\\xE2\\x80\\x932017 Apple Inc.", - "bundle_short_version": "8.0", - "last_opened_time": "-1.0", + "bundle_executable": "Font Book", + "bundle_identifier": "com.apple.FontBook", "bundle_name": "Font Book", - "display_name": "Font Book", + "bundle_package_type": "APPL", + "bundle_short_version": "8.0", "bundle_version": "310", - "development_region": "English", - "path": "/Applications/Font Book.app", - "name": "Font Book.app", - "bundle_identifier": "com.apple.FontBook", - "minimum_system_version": "10.13", - "bundle_executable": "Font Book", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "Font Book", + "info_string": "8.0, Copyright \\xC2\\xA9 2003\\xE2\\x80\\x932017 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Font Book.app", + "path": "/Applications/Font Book.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Font Book\",\"bundle_identifier\":\"com.apple.FontBook\",\"bundle_name\":\"Font Book\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.0\",\"bundle_version\":\"310\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Font Book\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"8.0, Copyright \\\\xC2\\\\xA9 2003\\\\xE2\\\\x80\\\\x932017 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Font Book.app\",\"path\":\"/Applications/Font Book.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"GPG Keychain\",\"bundle_identifier\":\"org.gpgtools.gpgkeychain\",\"bundle_name\":\"GPG Keychain\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.4.2\",\"bundle_version\":\"1403\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 GPGTools, 2017 (GPL v3)\",\"development_region\":\"English\",\"display_name\":\"GPG Keychain\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9\",\"name\":\"GPG Keychain.app\",\"path\":\"/Applications/GPG Keychain.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/GPG Keychain.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 GPGTools, 2017 (GPL v3)", - "bundle_short_version": "1.4.2", - "last_opened_time": "-1.0", + "bundle_executable": "GPG Keychain", + "bundle_identifier": "org.gpgtools.gpgkeychain", "bundle_name": "GPG Keychain", - "display_name": "GPG Keychain", + "bundle_package_type": "APPL", + "bundle_short_version": "1.4.2", "bundle_version": "1403", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 GPGTools, 2017 (GPL v3)", "development_region": "English", - "path": "/Applications/GPG Keychain.app", - "name": "GPG Keychain.app", - "bundle_identifier": "org.gpgtools.gpgkeychain", + "display_name": "GPG Keychain", + "last_opened_time": "-1.0", "minimum_system_version": "10.9", - "bundle_executable": "GPG Keychain", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "GPG Keychain.app", + "path": "/Applications/GPG Keychain.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"GPG Keychain\",\"bundle_identifier\":\"org.gpgtools.gpgkeychain\",\"bundle_name\":\"GPG Keychain\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.4.2\",\"bundle_version\":\"1403\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 GPGTools, 2017 (GPL v3)\",\"development_region\":\"English\",\"display_name\":\"GPG Keychain\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9\",\"name\":\"GPG Keychain.app\",\"path\":\"/Applications/GPG Keychain.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"GarageBand\",\"bundle_identifier\":\"com.apple.garageband10\",\"bundle_name\":\"GarageBand\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.2.0\",\"bundle_version\":\"4769.13\",\"category\":\"public.app-category.music\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"GarageBand\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"GarageBand 10.2.0, Copyright \\\\xC2\\\\xA9 2004-2017 Apple Inc. All Rights Reserved\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.11\",\"name\":\"GarageBand.app\",\"path\":\"/Applications/GarageBand.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/GarageBand.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "GarageBand 10.2.0, Copyright \\xC2\\xA9 2004-2017 Apple Inc. All Rights Reserved", - "bundle_short_version": "10.2.0", - "last_opened_time": "-1.0", + "bundle_executable": "GarageBand", + "bundle_identifier": "com.apple.garageband10", "bundle_name": "GarageBand", - "display_name": "GarageBand", + "bundle_package_type": "APPL", + "bundle_short_version": "10.2.0", "bundle_version": "4769.13", - "development_region": "English", - "path": "/Applications/GarageBand.app", - "name": "GarageBand.app", - "bundle_identifier": "com.apple.garageband10", - "minimum_system_version": "10.11", - "bundle_executable": "GarageBand", "category": "public.app-category.music", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "GarageBand", + "info_string": "GarageBand 10.2.0, Copyright \\xC2\\xA9 2004-2017 Apple Inc. All Rights Reserved", + "last_opened_time": "-1.0", + "minimum_system_version": "10.11", + "name": "GarageBand.app", + "path": "/Applications/GarageBand.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"GarageBand\",\"bundle_identifier\":\"com.apple.garageband10\",\"bundle_name\":\"GarageBand\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.2.0\",\"bundle_version\":\"4769.13\",\"category\":\"public.app-category.music\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"GarageBand\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"GarageBand 10.2.0, Copyright \\\\xC2\\\\xA9 2004-2017 Apple Inc. All Rights Reserved\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.11\",\"name\":\"GarageBand.app\",\"path\":\"/Applications/GarageBand.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Google Chrome\",\"bundle_identifier\":\"com.google.Chrome\",\"bundle_name\":\"Chrome\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"63.0.3239.84\",\"bundle_version\":\"3239.84\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"Google Chrome\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514389095.73966\",\"minimum_system_version\":\"10.9.0\",\"name\":\"Google Chrome.app\",\"path\":\"/Applications/Google Chrome.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Google Chrome.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "63.0.3239.84", - "last_opened_time": "1514389095.73966", + "bundle_executable": "Google Chrome", + "bundle_identifier": "com.google.Chrome", "bundle_name": "Chrome", - "display_name": "Google Chrome", + "bundle_package_type": "APPL", + "bundle_short_version": "63.0.3239.84", "bundle_version": "3239.84", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/Applications/Google Chrome.app", - "name": "Google Chrome.app", - "bundle_identifier": "com.google.Chrome", + "display_name": "Google Chrome", + "last_opened_time": "1514389095.73966", "minimum_system_version": "10.9.0", - "bundle_executable": "Google Chrome", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Google Chrome.app", + "path": "/Applications/Google Chrome.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Google Chrome\",\"bundle_identifier\":\"com.google.Chrome\",\"bundle_name\":\"Chrome\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"63.0.3239.84\",\"bundle_version\":\"3239.84\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"Google Chrome\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514389095.73966\",\"minimum_system_version\":\"10.9.0\",\"name\":\"Google Chrome.app\",\"path\":\"/Applications/Google Chrome.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Image Capture\",\"bundle_identifier\":\"com.apple.Image_Capture\",\"bundle_name\":\"Image Capture\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0\",\"bundle_version\":\"1106\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2000-2017 Apple Inc.\\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"Image Capture\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10.0\",\"name\":\"Image Capture.app\",\"path\":\"/Applications/Image Capture.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Image Capture.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2000-2017 Apple Inc.\\x0AAll rights reserved.", - "bundle_short_version": "7.0", - "last_opened_time": "-1.0", + "bundle_executable": "Image Capture", + "bundle_identifier": "com.apple.Image_Capture", "bundle_name": "Image Capture", - "display_name": "Image Capture", + "bundle_package_type": "APPL", + "bundle_short_version": "7.0", "bundle_version": "1106", - "development_region": "English", - "path": "/Applications/Image Capture.app", - "name": "Image Capture.app", - "bundle_identifier": "com.apple.Image_Capture", - "minimum_system_version": "10.10.0", - "bundle_executable": "Image Capture", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2000-2017 Apple Inc.\\x0AAll rights reserved.", + "development_region": "English", + "display_name": "Image Capture", + "last_opened_time": "-1.0", + "minimum_system_version": "10.10.0", + "name": "Image Capture.app", + "path": "/Applications/Image Capture.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Image Capture\",\"bundle_identifier\":\"com.apple.Image_Capture\",\"bundle_name\":\"Image Capture\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0\",\"bundle_version\":\"1106\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2000-2017 Apple Inc.\\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"Image Capture\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10.0\",\"name\":\"Image Capture.app\",\"path\":\"/Applications/Image Capture.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Keybase\",\"bundle_identifier\":\"keybase.Electron\",\"bundle_name\":\"Keybase\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0.38-20171220205307+f5d54bc77\",\"bundle_version\":\"1.0.38-20171220205307+f5d54bc77\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"\",\"copyright\":\"Copyright (c) 2015, Keybase\",\"development_region\":\"\",\"display_name\":\"Keybase\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1513954668.30224\",\"minimum_system_version\":\"10.9.0\",\"name\":\"Keybase.app\",\"path\":\"/Applications/Keybase.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Keybase.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright (c) 2015, Keybase", - "bundle_short_version": "1.0.38-20171220205307+f5d54bc77", - "last_opened_time": "1513954668.30224", + "bundle_executable": "Keybase", + "bundle_identifier": "keybase.Electron", "bundle_name": "Keybase", - "display_name": "Keybase", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0.38-20171220205307+f5d54bc77", "bundle_version": "1.0.38-20171220205307+f5d54bc77", - "path": "/Applications/Keybase.app", - "name": "Keybase.app", - "bundle_identifier": "keybase.Electron", - "minimum_system_version": "10.9.0", - "bundle_executable": "Keybase", "category": "public.app-category.developer-tools", - "bundle_package_type": "APPL", - "element": "1" + "copyright": "Copyright (c) 2015, Keybase", + "display_name": "Keybase", + "element": "1", + "last_opened_time": "1513954668.30224", + "minimum_system_version": "10.9.0", + "name": "Keybase.app", + "path": "/Applications/Keybase.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Keybase\",\"bundle_identifier\":\"keybase.Electron\",\"bundle_name\":\"Keybase\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0.38-20171220205307+f5d54bc77\",\"bundle_version\":\"1.0.38-20171220205307+f5d54bc77\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"\",\"copyright\":\"Copyright (c) 2015, Keybase\",\"development_region\":\"\",\"display_name\":\"Keybase\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1513954668.30224\",\"minimum_system_version\":\"10.9.0\",\"name\":\"Keybase.app\",\"path\":\"/Applications/Keybase.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Keynote\",\"bundle_identifier\":\"com.apple.iWork.Keynote\",\"bundle_name\":\"Keynote\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.3.1\",\"bundle_version\":\"5249\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2003-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.12\",\"name\":\"Keynote.app\",\"path\":\"/Applications/Keynote.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Keynote.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "\\xC2\\xA9 2003-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "7.3.1", - "last_opened_time": "-1.0", + "bundle_executable": "Keynote", + "bundle_identifier": "com.apple.iWork.Keynote", "bundle_name": "Keynote", + "bundle_package_type": "APPL", + "bundle_short_version": "7.3.1", "bundle_version": "5249", - "development_region": "English", - "path": "/Applications/Keynote.app", - "name": "Keynote.app", - "bundle_identifier": "com.apple.iWork.Keynote", - "minimum_system_version": "10.12", - "bundle_executable": "Keynote", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "\\xC2\\xA9 2003-2017 Apple Inc. All rights reserved.", + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.12", + "name": "Keynote.app", + "path": "/Applications/Keynote.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Keynote\",\"bundle_identifier\":\"com.apple.iWork.Keynote\",\"bundle_name\":\"Keynote\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.3.1\",\"bundle_version\":\"5249\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2003-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.12\",\"name\":\"Keynote.app\",\"path\":\"/Applications/Keynote.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"LastPass\",\"bundle_identifier\":\"com.lastpass.LastPass\",\"bundle_name\":\"LastPass\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.25.0\",\"bundle_version\":\"440\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2008-2017 LogMeIn, Inc. DBA LastPass\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"3.25.0 Copyright (c) 2008-2017 LogMeIn, Inc. DBA LastPass\",\"last_opened_time\":\"1514225403.4797\",\"minimum_system_version\":\"10.10\",\"name\":\"LastPass.app\",\"path\":\"/Applications/LastPass.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/LastPass.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "\\xC2\\xA9 2008-2017 LogMeIn, Inc. DBA LastPass", - "info_string": "3.25.0 Copyright (c) 2008-2017 LogMeIn, Inc. DBA LastPass", - "bundle_short_version": "3.25.0", - "last_opened_time": "1514225403.4797", + "bundle_executable": "LastPass", + "bundle_identifier": "com.lastpass.LastPass", "bundle_name": "LastPass", + "bundle_package_type": "APPL", + "bundle_short_version": "3.25.0", "bundle_version": "440", - "development_region": "en", - "path": "/Applications/LastPass.app", - "name": "LastPass.app", - "bundle_identifier": "com.lastpass.LastPass", - "minimum_system_version": "10.10", - "bundle_executable": "LastPass", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "\\xC2\\xA9 2008-2017 LogMeIn, Inc. DBA LastPass", + "development_region": "en", + "info_string": "3.25.0 Copyright (c) 2008-2017 LogMeIn, Inc. DBA LastPass", + "last_opened_time": "1514225403.4797", + "minimum_system_version": "10.10", + "name": "LastPass.app", + "path": "/Applications/LastPass.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"LastPass\",\"bundle_identifier\":\"com.lastpass.LastPass\",\"bundle_name\":\"LastPass\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.25.0\",\"bundle_version\":\"440\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2008-2017 LogMeIn, Inc. DBA LastPass\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"3.25.0 Copyright (c) 2008-2017 LogMeIn, Inc. DBA LastPass\",\"last_opened_time\":\"1514225403.4797\",\"minimum_system_version\":\"10.10\",\"name\":\"LastPass.app\",\"path\":\"/Applications/LastPass.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"LPLaunchAtLoginHelperApp\",\"bundle_identifier\":\"com.lastpass.LPLaunchAtLoginHelperApp\",\"bundle_name\":\"LPLaunchAtLoginHelperApp\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.25.0\",\"bundle_version\":\"440\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2008-2017 LogMeIn, Inc. DBA LastPass\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"3.25.0 Copyright (c) 2008-2017 LogMeIn, Inc. DBA LastPass\",\"last_opened_time\":\"1513375395.03905\",\"minimum_system_version\":\"10.10\",\"name\":\"LPLaunchAtLoginHelperApp.app\",\"path\":\"/Applications/LastPass.app/Contents/Library/LoginItems/LPLaunchAtLoginHelperApp.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/LastPass.app/Contents/Library/LoginItems/LPLaunchAtLoginHelperApp.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "\\xC2\\xA9 2008-2017 LogMeIn, Inc. DBA LastPass", - "info_string": "3.25.0 Copyright (c) 2008-2017 LogMeIn, Inc. DBA LastPass", - "bundle_short_version": "3.25.0", - "last_opened_time": "1513375395.03905", + "bundle_executable": "LPLaunchAtLoginHelperApp", + "bundle_identifier": "com.lastpass.LPLaunchAtLoginHelperApp", "bundle_name": "LPLaunchAtLoginHelperApp", + "bundle_package_type": "APPL", + "bundle_short_version": "3.25.0", "bundle_version": "440", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "\\xC2\\xA9 2008-2017 LogMeIn, Inc. DBA LastPass", "development_region": "en", - "path": "/Applications/LastPass.app/Contents/Library/LoginItems/LPLaunchAtLoginHelperApp.app", - "name": "LPLaunchAtLoginHelperApp.app", - "bundle_identifier": "com.lastpass.LPLaunchAtLoginHelperApp", + "info_string": "3.25.0 Copyright (c) 2008-2017 LogMeIn, Inc. DBA LastPass", + "last_opened_time": "1513375395.03905", "minimum_system_version": "10.10", - "bundle_executable": "LPLaunchAtLoginHelperApp", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "LPLaunchAtLoginHelperApp.app", + "path": "/Applications/LastPass.app/Contents/Library/LoginItems/LPLaunchAtLoginHelperApp.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"LPLaunchAtLoginHelperApp\",\"bundle_identifier\":\"com.lastpass.LPLaunchAtLoginHelperApp\",\"bundle_name\":\"LPLaunchAtLoginHelperApp\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.25.0\",\"bundle_version\":\"440\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2008-2017 LogMeIn, Inc. DBA LastPass\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"3.25.0 Copyright (c) 2008-2017 LogMeIn, Inc. DBA LastPass\",\"last_opened_time\":\"1513375395.03905\",\"minimum_system_version\":\"10.10\",\"name\":\"LPLaunchAtLoginHelperApp.app\",\"path\":\"/Applications/LastPass.app/Contents/Library/LoginItems/LPLaunchAtLoginHelperApp.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Launchpad\",\"bundle_identifier\":\"com.apple.launchpad.launcher\",\"bundle_name\":\"Launchpad\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.0, Copyright 2010-2014 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Launchpad.app\",\"path\":\"/Applications/Launchpad.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Launchpad.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "1.0, Copyright 2010-2014 Apple Inc.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Launchpad", + "bundle_identifier": "com.apple.launchpad.launcher", "bundle_name": "Launchpad", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", - "development_region": "English", - "path": "/Applications/Launchpad.app", - "name": "Launchpad.app", - "bundle_identifier": "com.apple.launchpad.launcher", - "minimum_system_version": "10.13", - "bundle_executable": "Launchpad", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "development_region": "English", + "element": "1", + "info_string": "1.0, Copyright 2010-2014 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Launchpad.app", + "path": "/Applications/Launchpad.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Launchpad\",\"bundle_identifier\":\"com.apple.launchpad.launcher\",\"bundle_name\":\"Launchpad\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.0, Copyright 2010-2014 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Launchpad.app\",\"path\":\"/Applications/Launchpad.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"MacVim\",\"bundle_identifier\":\"org.vim.MacVim\",\"bundle_name\":\"MacVim\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.0.1420\",\"bundle_version\":\"144\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514388959.1538\",\"minimum_system_version\":\"\",\"name\":\"MacVim.app\",\"path\":\"/Applications/MacVim.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/MacVim.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "development_region": "English", - "path": "/Applications/MacVim.app", - "name": "MacVim.app", - "bundle_short_version": "8.0.1420", + "bundle_executable": "MacVim", "bundle_identifier": "org.vim.MacVim", - "last_opened_time": "1514388959.1538", "bundle_name": "MacVim", - "bundle_executable": "MacVim", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "144" + "bundle_short_version": "8.0.1420", + "bundle_version": "144", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "1514388959.1538", + "name": "MacVim.app", + "path": "/Applications/MacVim.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"MacVim\",\"bundle_identifier\":\"org.vim.MacVim\",\"bundle_name\":\"MacVim\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.0.1420\",\"bundle_version\":\"144\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514388959.1538\",\"minimum_system_version\":\"\",\"name\":\"MacVim.app\",\"path\":\"/Applications/MacVim.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Mail\",\"bundle_identifier\":\"com.apple.mail\",\"bundle_name\":\"Mail\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.1\",\"bundle_version\":\"3445.4.7\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1509312651.55633\",\"minimum_system_version\":\"10.13\",\"name\":\"Mail.app\",\"path\":\"/Applications/Mail.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Mail.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "11.1", - "last_opened_time": "1509312651.55633", + "bundle_executable": "Mail", + "bundle_identifier": "com.apple.mail", "bundle_name": "Mail", + "bundle_package_type": "APPL", + "bundle_short_version": "11.1", "bundle_version": "3445.4.7", - "development_region": "en", - "path": "/Applications/Mail.app", - "name": "Mail.app", - "bundle_identifier": "com.apple.mail", - "minimum_system_version": "10.13", - "bundle_executable": "Mail", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "en", + "last_opened_time": "1509312651.55633", + "minimum_system_version": "10.13", + "name": "Mail.app", + "path": "/Applications/Mail.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Mail\",\"bundle_identifier\":\"com.apple.mail\",\"bundle_name\":\"Mail\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.1\",\"bundle_version\":\"3445.4.7\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1509312651.55633\",\"minimum_system_version\":\"10.13\",\"name\":\"Mail.app\",\"path\":\"/Applications/Mail.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Maps\",\"bundle_identifier\":\"com.apple.Maps\",\"bundle_name\":\"Maps\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0\",\"bundle_version\":\"2125.21.9.8.3\",\"category\":\"public.app-category.travel\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012-2016 Apple Inc.\\\\nAll rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Maps\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Maps.app\",\"path\":\"/Applications/Maps.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Maps.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 2012-2016 Apple Inc.\\nAll rights reserved.", - "bundle_short_version": "2.0", - "last_opened_time": "-1.0", + "bundle_executable": "Maps", + "bundle_identifier": "com.apple.Maps", "bundle_name": "Maps", - "display_name": "Maps", + "bundle_package_type": "APPL", + "bundle_short_version": "2.0", "bundle_version": "2125.21.9.8.3", - "development_region": "en", - "path": "/Applications/Maps.app", - "name": "Maps.app", - "bundle_identifier": "com.apple.Maps", - "minimum_system_version": "10.13", - "bundle_executable": "Maps", "category": "public.app-category.travel", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2012-2016 Apple Inc.\\nAll rights reserved.", + "development_region": "en", + "display_name": "Maps", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Maps.app", + "path": "/Applications/Maps.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Maps\",\"bundle_identifier\":\"com.apple.Maps\",\"bundle_name\":\"Maps\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0\",\"bundle_version\":\"2125.21.9.8.3\",\"category\":\"public.app-category.travel\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012-2016 Apple Inc.\\\\nAll rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Maps\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Maps.app\",\"path\":\"/Applications/Maps.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Messages\",\"bundle_identifier\":\"com.apple.iChat\",\"bundle_name\":\"Messages\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"5500\",\"category\":\"public.app-category.social-networking\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Messages\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.11.0\",\"name\":\"Messages.app\",\"path\":\"/Applications/Messages.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Messages.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "11.0", - "last_opened_time": "-1.0", + "bundle_executable": "Messages", + "bundle_identifier": "com.apple.iChat", "bundle_name": "Messages", - "display_name": "Messages", + "bundle_package_type": "APPL", + "bundle_short_version": "11.0", "bundle_version": "5500", - "development_region": "English", - "path": "/Applications/Messages.app", - "name": "Messages.app", - "bundle_identifier": "com.apple.iChat", - "minimum_system_version": "10.11.0", - "bundle_executable": "Messages", "category": "public.app-category.social-networking", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "Messages", + "last_opened_time": "-1.0", + "minimum_system_version": "10.11.0", + "name": "Messages.app", + "path": "/Applications/Messages.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Messages\",\"bundle_identifier\":\"com.apple.iChat\",\"bundle_name\":\"Messages\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"5500\",\"category\":\"public.app-category.social-networking\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Messages\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.11.0\",\"name\":\"Messages.app\",\"path\":\"/Applications/Messages.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Microsoft Remote Desktop\",\"bundle_identifier\":\"com.microsoft.rdc.mac\",\"bundle_name\":\"Microsoft Remote Desktop\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.0.27325\",\"bundle_version\":\"8.0.27325\",\"category\":\"public.app-category.business\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"8.0.43\",\"last_opened_time\":\"1512733496.66669\",\"minimum_system_version\":\"10.9\",\"name\":\"Microsoft Remote Desktop.app\",\"path\":\"/Applications/Microsoft Remote Desktop.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Microsoft Remote Desktop.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "8.0.43", - "bundle_short_version": "8.0.27325", - "last_opened_time": "1512733496.66669", + "bundle_executable": "Microsoft Remote Desktop", + "bundle_identifier": "com.microsoft.rdc.mac", "bundle_name": "Microsoft Remote Desktop", + "bundle_package_type": "APPL", + "bundle_short_version": "8.0.27325", "bundle_version": "8.0.27325", + "category": "public.app-category.business", "development_region": "en", - "path": "/Applications/Microsoft Remote Desktop.app", - "name": "Microsoft Remote Desktop.app", - "bundle_identifier": "com.microsoft.rdc.mac", + "info_string": "8.0.43", + "last_opened_time": "1512733496.66669", "minimum_system_version": "10.9", - "bundle_executable": "Microsoft Remote Desktop", - "category": "public.app-category.business", - "bundle_package_type": "APPL" + "name": "Microsoft Remote Desktop.app", + "path": "/Applications/Microsoft Remote Desktop.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Microsoft Remote Desktop\",\"bundle_identifier\":\"com.microsoft.rdc.mac\",\"bundle_name\":\"Microsoft Remote Desktop\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.0.27325\",\"bundle_version\":\"8.0.27325\",\"category\":\"public.app-category.business\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"8.0.43\",\"last_opened_time\":\"1512733496.66669\",\"minimum_system_version\":\"10.9\",\"name\":\"Microsoft Remote Desktop.app\",\"path\":\"/Applications/Microsoft Remote Desktop.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Mission Control\",\"bundle_identifier\":\"com.apple.exposelauncher\",\"bundle_name\":\"Mission Control\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.2\",\"bundle_version\":\"1.2\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.2, Copyright 2007-2014 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"Mission Control.app\",\"path\":\"/Applications/Mission Control.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Mission Control.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "1.2, Copyright 2007-2014 Apple Inc.", - "bundle_short_version": "1.2", - "last_opened_time": "-1.0", + "bundle_executable": "Mission Control", + "bundle_identifier": "com.apple.exposelauncher", "bundle_name": "Mission Control", + "bundle_package_type": "APPL", + "bundle_short_version": "1.2", "bundle_version": "1.2", - "development_region": "English", - "path": "/Applications/Mission Control.app", - "name": "Mission Control.app", - "bundle_identifier": "com.apple.exposelauncher", - "minimum_system_version": "10.7", - "bundle_executable": "Mission Control", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "development_region": "English", + "element": "1", + "info_string": "1.2, Copyright 2007-2014 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.7", + "name": "Mission Control.app", + "path": "/Applications/Mission Control.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Mission Control\",\"bundle_identifier\":\"com.apple.exposelauncher\",\"bundle_name\":\"Mission Control\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.2\",\"bundle_version\":\"1.2\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.2, Copyright 2007-2014 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"Mission Control.app\",\"path\":\"/Applications/Mission Control.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Notes\",\"bundle_identifier\":\"com.apple.Notes\",\"bundle_name\":\"Notes\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.5\",\"bundle_version\":\"863\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"Notes\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Notes.app\",\"path\":\"/Applications/Notes.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Notes.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "4.5", - "last_opened_time": "-1.0", + "bundle_executable": "Notes", + "bundle_identifier": "com.apple.Notes", "bundle_name": "Notes", - "display_name": "Notes", + "bundle_package_type": "APPL", + "bundle_short_version": "4.5", "bundle_version": "863", - "development_region": "en", - "path": "/Applications/Notes.app", - "name": "Notes.app", - "bundle_identifier": "com.apple.Notes", - "minimum_system_version": "10.13", - "bundle_executable": "Notes", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "en", + "display_name": "Notes", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Notes.app", + "path": "/Applications/Notes.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Notes\",\"bundle_identifier\":\"com.apple.Notes\",\"bundle_name\":\"Notes\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.5\",\"bundle_version\":\"863\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"Notes\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Notes.app\",\"path\":\"/Applications/Notes.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Numbers\",\"bundle_identifier\":\"com.apple.iWork.Numbers\",\"bundle_name\":\"Numbers\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.3.1\",\"bundle_version\":\"5249\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2008-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1510870218.01578\",\"minimum_system_version\":\"10.12\",\"name\":\"Numbers.app\",\"path\":\"/Applications/Numbers.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Numbers.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "\\xC2\\xA9 2008-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "4.3.1", - "last_opened_time": "1510870218.01578", + "bundle_executable": "Numbers", + "bundle_identifier": "com.apple.iWork.Numbers", "bundle_name": "Numbers", + "bundle_package_type": "APPL", + "bundle_short_version": "4.3.1", "bundle_version": "5249", - "development_region": "English", - "path": "/Applications/Numbers.app", - "name": "Numbers.app", - "bundle_identifier": "com.apple.iWork.Numbers", - "minimum_system_version": "10.12", - "bundle_executable": "Numbers", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "\\xC2\\xA9 2008-2017 Apple Inc. All rights reserved.", + "development_region": "English", + "last_opened_time": "1510870218.01578", + "minimum_system_version": "10.12", + "name": "Numbers.app", + "path": "/Applications/Numbers.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Numbers\",\"bundle_identifier\":\"com.apple.iWork.Numbers\",\"bundle_name\":\"Numbers\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.3.1\",\"bundle_version\":\"5249\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2008-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1510870218.01578\",\"minimum_system_version\":\"10.12\",\"name\":\"Numbers.app\",\"path\":\"/Applications/Numbers.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Pages\",\"bundle_identifier\":\"com.apple.iWork.Pages\",\"bundle_name\":\"Pages\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.3.1\",\"bundle_version\":\"5249\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2005-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"6.0, Copyright 2005\\\\xE2\\\\x80\\\\x932017 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.12\",\"name\":\"Pages.app\",\"path\":\"/Applications/Pages.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Pages.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "\\xC2\\xA9 2005-2017 Apple Inc. All rights reserved.", - "info_string": "6.0, Copyright 2005\\xE2\\x80\\x932017 Apple Inc.", - "bundle_short_version": "6.3.1", - "last_opened_time": "-1.0", + "bundle_executable": "Pages", + "bundle_identifier": "com.apple.iWork.Pages", "bundle_name": "Pages", + "bundle_package_type": "APPL", + "bundle_short_version": "6.3.1", "bundle_version": "5249", - "development_region": "English", - "path": "/Applications/Pages.app", - "name": "Pages.app", - "bundle_identifier": "com.apple.iWork.Pages", - "minimum_system_version": "10.12", - "bundle_executable": "Pages", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "\\xC2\\xA9 2005-2017 Apple Inc. All rights reserved.", + "development_region": "English", + "info_string": "6.0, Copyright 2005\\xE2\\x80\\x932017 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.12", + "name": "Pages.app", + "path": "/Applications/Pages.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Pages\",\"bundle_identifier\":\"com.apple.iWork.Pages\",\"bundle_name\":\"Pages\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.3.1\",\"bundle_version\":\"5249\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2005-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"6.0, Copyright 2005\\\\xE2\\\\x80\\\\x932017 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.12\",\"name\":\"Pages.app\",\"path\":\"/Applications/Pages.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Photo Booth\",\"bundle_identifier\":\"com.apple.PhotoBooth\",\"bundle_name\":\"Photo Booth\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"9.0\",\"bundle_version\":\"902\",\"category\":\"public.app-category.entertainment\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2005-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10.0\",\"name\":\"Photo Booth.app\",\"path\":\"/Applications/Photo Booth.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Photo Booth.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2005-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "9.0", - "last_opened_time": "-1.0", + "bundle_executable": "Photo Booth", + "bundle_identifier": "com.apple.PhotoBooth", "bundle_name": "Photo Booth", + "bundle_package_type": "APPL", + "bundle_short_version": "9.0", "bundle_version": "902", - "development_region": "English", - "path": "/Applications/Photo Booth.app", - "name": "Photo Booth.app", - "bundle_identifier": "com.apple.PhotoBooth", - "minimum_system_version": "10.10.0", - "bundle_executable": "Photo Booth", "category": "public.app-category.entertainment", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2005-2017 Apple Inc. All rights reserved.", + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.10.0", + "name": "Photo Booth.app", + "path": "/Applications/Photo Booth.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Photo Booth\",\"bundle_identifier\":\"com.apple.PhotoBooth\",\"bundle_name\":\"Photo Booth\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"9.0\",\"bundle_version\":\"902\",\"category\":\"public.app-category.entertainment\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2005-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10.0\",\"name\":\"Photo Booth.app\",\"path\":\"/Applications/Photo Booth.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Photos\",\"bundle_identifier\":\"com.apple.Photos\",\"bundle_name\":\"Photos\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.0\",\"bundle_version\":\"3231.11.210\",\"category\":\"public.app-category.photography\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Photos\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Photos.app\",\"path\":\"/Applications/Photos.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Photos.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", - "bundle_short_version": "3.0", - "last_opened_time": "-1.0", + "bundle_executable": "Photos", + "bundle_identifier": "com.apple.Photos", "bundle_name": "Photos", - "display_name": "Photos", + "bundle_package_type": "APPL", + "bundle_short_version": "3.0", "bundle_version": "3231.11.210", - "development_region": "en", - "path": "/Applications/Photos.app", - "name": "Photos.app", - "bundle_identifier": "com.apple.Photos", - "minimum_system_version": "10.13", - "bundle_executable": "Photos", "category": "public.app-category.photography", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", + "development_region": "en", + "display_name": "Photos", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Photos.app", + "path": "/Applications/Photos.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Photos\",\"bundle_identifier\":\"com.apple.Photos\",\"bundle_name\":\"Photos\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.0\",\"bundle_version\":\"3231.11.210\",\"category\":\"public.app-category.photography\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Photos\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Photos.app\",\"path\":\"/Applications/Photos.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Preview\",\"bundle_identifier\":\"com.apple.Preview\",\"bundle_name\":\"Preview\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"944.2\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Preview\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.0, Copyright 2002-2016 Apple Inc.\",\"last_opened_time\":\"1514453730.92435\",\"minimum_system_version\":\"10.10.0\",\"name\":\"Preview.app\",\"path\":\"/Applications/Preview.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Preview.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "10.0, Copyright 2002-2016 Apple Inc.", - "bundle_short_version": "10.0", - "last_opened_time": "1514453730.92435", + "bundle_executable": "Preview", + "bundle_identifier": "com.apple.Preview", "bundle_name": "Preview", - "display_name": "Preview", + "bundle_package_type": "APPL", + "bundle_short_version": "10.0", "bundle_version": "944.2", - "development_region": "English", - "path": "/Applications/Preview.app", - "name": "Preview.app", - "bundle_identifier": "com.apple.Preview", - "minimum_system_version": "10.10.0", - "bundle_executable": "Preview", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "Preview", + "info_string": "10.0, Copyright 2002-2016 Apple Inc.", + "last_opened_time": "1514453730.92435", + "minimum_system_version": "10.10.0", + "name": "Preview.app", + "path": "/Applications/Preview.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Preview\",\"bundle_identifier\":\"com.apple.Preview\",\"bundle_name\":\"Preview\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"944.2\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Preview\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.0, Copyright 2002-2016 Apple Inc.\",\"last_opened_time\":\"1514453730.92435\",\"minimum_system_version\":\"10.10.0\",\"name\":\"Preview.app\",\"path\":\"/Applications/Preview.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"QuickTime Player\",\"bundle_identifier\":\"com.apple.QuickTimePlayerX\",\"bundle_name\":\"QuickTime Player\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.4\",\"bundle_version\":\"928\",\"category\":\"public.app-category.video\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.4, Copyright \\\\xC2\\\\xA9 2009-2014 Apple Inc. All Rights Reserved.\",\"last_opened_time\":\"1512394122.0468\",\"minimum_system_version\":\"10.10.0\",\"name\":\"QuickTime Player.app\",\"path\":\"/Applications/QuickTime Player.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/QuickTime Player.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "10.4, Copyright \\xC2\\xA9 2009-2014 Apple Inc. All Rights Reserved.", - "bundle_short_version": "10.4", - "last_opened_time": "1512394122.0468", + "bundle_executable": "QuickTime Player", + "bundle_identifier": "com.apple.QuickTimePlayerX", "bundle_name": "QuickTime Player", + "bundle_package_type": "APPL", + "bundle_short_version": "10.4", "bundle_version": "928", - "development_region": "English", - "path": "/Applications/QuickTime Player.app", - "name": "QuickTime Player.app", - "bundle_identifier": "com.apple.QuickTimePlayerX", - "minimum_system_version": "10.10.0", - "bundle_executable": "QuickTime Player", "category": "public.app-category.video", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "info_string": "10.4, Copyright \\xC2\\xA9 2009-2014 Apple Inc. All Rights Reserved.", + "last_opened_time": "1512394122.0468", + "minimum_system_version": "10.10.0", + "name": "QuickTime Player.app", + "path": "/Applications/QuickTime Player.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"QuickTime Player\",\"bundle_identifier\":\"com.apple.QuickTimePlayerX\",\"bundle_name\":\"QuickTime Player\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.4\",\"bundle_version\":\"928\",\"category\":\"public.app-category.video\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.4, Copyright \\\\xC2\\\\xA9 2009-2014 Apple Inc. All Rights Reserved.\",\"last_opened_time\":\"1512394122.0468\",\"minimum_system_version\":\"10.10.0\",\"name\":\"QuickTime Player.app\",\"path\":\"/Applications/QuickTime Player.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Reminders\",\"bundle_identifier\":\"com.apple.reminders\",\"bundle_name\":\"Reminders\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"1456\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.8\",\"name\":\"Reminders.app\",\"path\":\"/Applications/Reminders.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Reminders.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "5.0", - "last_opened_time": "-1.0", + "bundle_executable": "Reminders", + "bundle_identifier": "com.apple.reminders", "bundle_name": "Reminders", + "bundle_package_type": "APPL", + "bundle_short_version": "5.0", "bundle_version": "1456", - "development_region": "en", - "path": "/Applications/Reminders.app", - "name": "Reminders.app", - "bundle_identifier": "com.apple.reminders", - "minimum_system_version": "10.8", - "bundle_executable": "Reminders", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "en", + "last_opened_time": "-1.0", + "minimum_system_version": "10.8", + "name": "Reminders.app", + "path": "/Applications/Reminders.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Reminders\",\"bundle_identifier\":\"com.apple.reminders\",\"bundle_name\":\"Reminders\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"1456\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.8\",\"name\":\"Reminders.app\",\"path\":\"/Applications/Reminders.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Safari\",\"bundle_identifier\":\"com.apple.Safari\",\"bundle_name\":\"Safari\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0.1\",\"bundle_version\":\"13604.3.5\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"11.0.1, Copyright \\\\xC2\\\\xA9 2003-2017 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13.0\",\"name\":\"Safari.app\",\"path\":\"/Applications/Safari.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Safari.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "11.0.1, Copyright \\xC2\\xA9 2003-2017 Apple Inc.", - "bundle_short_version": "11.0.1", - "last_opened_time": "-1.0", + "bundle_executable": "Safari", + "bundle_identifier": "com.apple.Safari", "bundle_name": "Safari", + "bundle_package_type": "APPL", + "bundle_short_version": "11.0.1", "bundle_version": "13604.3.5", - "development_region": "English", - "path": "/Applications/Safari.app", - "name": "Safari.app", - "bundle_identifier": "com.apple.Safari", - "minimum_system_version": "10.13.0", - "bundle_executable": "Safari", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "info_string": "11.0.1, Copyright \\xC2\\xA9 2003-2017 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13.0", + "name": "Safari.app", + "path": "/Applications/Safari.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Safari\",\"bundle_identifier\":\"com.apple.Safari\",\"bundle_name\":\"Safari\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0.1\",\"bundle_version\":\"13604.3.5\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"11.0.1, Copyright \\\\xC2\\\\xA9 2003-2017 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13.0\",\"name\":\"Safari.app\",\"path\":\"/Applications/Safari.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"SelfControl\",\"bundle_identifier\":\"org.eyebeam.SelfControl\",\"bundle_name\":\"SelfControl\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.2.2\",\"bundle_version\":\"2.2.2\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Free and open-source under the GPL.\",\"development_region\":\"English\",\"display_name\":\"SelfControl\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SelfControl.app\",\"path\":\"/Applications/SelfControl.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/SelfControl.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Free and open-source under the GPL.", - "bundle_short_version": "2.2.2", - "last_opened_time": "-1.0", + "bundle_executable": "SelfControl", + "bundle_identifier": "org.eyebeam.SelfControl", "bundle_name": "SelfControl", - "display_name": "SelfControl", + "bundle_package_type": "APPL", + "bundle_short_version": "2.2.2", "bundle_version": "2.2.2", - "development_region": "English", - "path": "/Applications/SelfControl.app", - "name": "SelfControl.app", - "bundle_identifier": "org.eyebeam.SelfControl", - "bundle_executable": "SelfControl", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Free and open-source under the GPL.", + "development_region": "English", + "display_name": "SelfControl", + "last_opened_time": "-1.0", + "name": "SelfControl.app", + "path": "/Applications/SelfControl.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"SelfControl\",\"bundle_identifier\":\"org.eyebeam.SelfControl\",\"bundle_name\":\"SelfControl\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.2.2\",\"bundle_version\":\"2.2.2\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Free and open-source under the GPL.\",\"development_region\":\"English\",\"display_name\":\"SelfControl\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SelfControl.app\",\"path\":\"/Applications/SelfControl.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Siri\",\"bundle_identifier\":\"com.apple.siri.launcher\",\"bundle_name\":\"Siri\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.0, Copyright 2016 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Siri.app\",\"path\":\"/Applications/Siri.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Siri.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "1.0, Copyright 2016 Apple Inc.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Siri", + "bundle_identifier": "com.apple.siri.launcher", "bundle_name": "Siri", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", - "development_region": "English", - "path": "/Applications/Siri.app", - "name": "Siri.app", - "bundle_identifier": "com.apple.siri.launcher", - "minimum_system_version": "10.13", - "bundle_executable": "Siri", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "development_region": "English", + "element": "1", + "info_string": "1.0, Copyright 2016 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Siri.app", + "path": "/Applications/Siri.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Siri\",\"bundle_identifier\":\"com.apple.siri.launcher\",\"bundle_name\":\"Siri\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.0, Copyright 2016 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Siri.app\",\"path\":\"/Applications/Siri.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Skype\",\"bundle_identifier\":\"com.skype.skype\",\"bundle_name\":\"Skype\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.10\",\"bundle_version\":\"8.10.0.4\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"\",\"display_name\":\"Skype\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9\",\"name\":\"Skype.app\",\"path\":\"/Applications/Skype.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Skype.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "path": "/Applications/Skype.app", - "name": "Skype.app", - "bundle_short_version": "8.10", + "bundle_executable": "Skype", "bundle_identifier": "com.skype.skype", - "minimum_system_version": "10.9", - "last_opened_time": "-1.0", "bundle_name": "Skype", - "display_name": "Skype", - "bundle_executable": "Skype", - "category": "public.app-category.developer-tools", "bundle_package_type": "APPL", - "bundle_version": "8.10.0.4" + "bundle_short_version": "8.10", + "bundle_version": "8.10.0.4", + "category": "public.app-category.developer-tools", + "display_name": "Skype", + "last_opened_time": "-1.0", + "minimum_system_version": "10.9", + "name": "Skype.app", + "path": "/Applications/Skype.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Skype\",\"bundle_identifier\":\"com.skype.skype\",\"bundle_name\":\"Skype\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.10\",\"bundle_version\":\"8.10.0.4\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"\",\"display_name\":\"Skype\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9\",\"name\":\"Skype.app\",\"path\":\"/Applications/Skype.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Slack\",\"bundle_identifier\":\"com.tinyspeck.slackmacgap\",\"bundle_name\":\"Slack\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.0.0\",\"bundle_version\":\"4507\",\"category\":\"public.app-category.business\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514452535.40888\",\"minimum_system_version\":\"10.9\",\"name\":\"Slack.app\",\"path\":\"/Applications/Slack.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Slack.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "3.0.0", - "last_opened_time": "1514452535.40888", + "bundle_executable": "Slack", + "bundle_identifier": "com.tinyspeck.slackmacgap", "bundle_name": "Slack", + "bundle_package_type": "APPL", + "bundle_short_version": "3.0.0", "bundle_version": "4507", + "category": "public.app-category.business", "development_region": "English", - "path": "/Applications/Slack.app", - "name": "Slack.app", - "bundle_identifier": "com.tinyspeck.slackmacgap", + "last_opened_time": "1514452535.40888", "minimum_system_version": "10.9", - "bundle_executable": "Slack", - "category": "public.app-category.business", - "bundle_package_type": "APPL" + "name": "Slack.app", + "path": "/Applications/Slack.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Slack\",\"bundle_identifier\":\"com.tinyspeck.slackmacgap\",\"bundle_name\":\"Slack\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.0.0\",\"bundle_version\":\"4507\",\"category\":\"public.app-category.business\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514452535.40888\",\"minimum_system_version\":\"10.9\",\"name\":\"Slack.app\",\"path\":\"/Applications/Slack.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SoundCleod\",\"bundle_identifier\":\"com.electron.soundcleod\",\"bundle_name\":\"SoundCleod\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.3.0\",\"bundle_version\":\"1.3.0\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 M\\\\xC3\\\\xA1rton Salomv\\\\xC3\\\\xA1ry\",\"development_region\":\"\",\"display_name\":\"SoundCleod\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9.0\",\"name\":\"SoundCleod.app\",\"path\":\"/Applications/SoundCleod.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/SoundCleod.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2017 M\\xC3\\xA1rton Salomv\\xC3\\xA1ry", - "bundle_short_version": "1.3.0", - "last_opened_time": "-1.0", + "bundle_executable": "SoundCleod", + "bundle_identifier": "com.electron.soundcleod", "bundle_name": "SoundCleod", - "display_name": "SoundCleod", + "bundle_package_type": "APPL", + "bundle_short_version": "1.3.0", "bundle_version": "1.3.0", - "path": "/Applications/SoundCleod.app", - "name": "SoundCleod.app", - "bundle_identifier": "com.electron.soundcleod", - "minimum_system_version": "10.9.0", - "bundle_executable": "SoundCleod", "category": "public.app-category.developer-tools", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2017 M\\xC3\\xA1rton Salomv\\xC3\\xA1ry", + "display_name": "SoundCleod", + "last_opened_time": "-1.0", + "minimum_system_version": "10.9.0", + "name": "SoundCleod.app", + "path": "/Applications/SoundCleod.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SoundCleod\",\"bundle_identifier\":\"com.electron.soundcleod\",\"bundle_name\":\"SoundCleod\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.3.0\",\"bundle_version\":\"1.3.0\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 M\\\\xC3\\\\xA1rton Salomv\\\\xC3\\\\xA1ry\",\"development_region\":\"\",\"display_name\":\"SoundCleod\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9.0\",\"name\":\"SoundCleod.app\",\"path\":\"/Applications/SoundCleod.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SpeedCrunch\",\"bundle_identifier\":\"\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"master\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1512555958.44929\",\"minimum_system_version\":\"\",\"name\":\"SpeedCrunch.app\",\"path\":\"/Applications/SpeedCrunch.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/SpeedCrunch.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Applications/SpeedCrunch.app", - "name": "SpeedCrunch.app", + "bundle_executable": "SpeedCrunch", + "bundle_package_type": "APPL", "bundle_short_version": "master", + "development_region": "English", "last_opened_time": "1512555958.44929", - "bundle_executable": "SpeedCrunch", - "bundle_package_type": "APPL" + "name": "SpeedCrunch.app", + "path": "/Applications/SpeedCrunch.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SpeedCrunch\",\"bundle_identifier\":\"\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"master\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1512555958.44929\",\"minimum_system_version\":\"\",\"name\":\"SpeedCrunch.app\",\"path\":\"/Applications/SpeedCrunch.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Stickies\",\"bundle_identifier\":\"com.apple.Stickies\",\"bundle_name\":\"Stickies\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.8.0\",\"name\":\"Stickies.app\",\"path\":\"/Applications/Stickies.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Stickies.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Applications/Stickies.app", - "name": "Stickies.app", - "bundle_short_version": "10.1", + "bundle_executable": "Stickies", "bundle_identifier": "com.apple.Stickies", - "minimum_system_version": "10.8.0", - "last_opened_time": "-1.0", "bundle_name": "Stickies", - "bundle_executable": "Stickies", + "bundle_package_type": "APPL", + "bundle_short_version": "10.1", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.8.0", + "name": "Stickies.app", + "path": "/Applications/Stickies.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Stickies\",\"bundle_identifier\":\"com.apple.Stickies\",\"bundle_name\":\"Stickies\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.8.0\",\"name\":\"Stickies.app\",\"path\":\"/Applications/Stickies.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"System Preferences\",\"bundle_identifier\":\"com.apple.systempreferences\",\"bundle_name\":\"System Preferences\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"14.0\",\"bundle_version\":\"14.0\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1513632662.6779\",\"minimum_system_version\":\"10.9.0\",\"name\":\"System Preferences.app\",\"path\":\"/Applications/System Preferences.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/System Preferences.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "14.0", - "last_opened_time": "1513632662.6779", + "bundle_executable": "System Preferences", + "bundle_identifier": "com.apple.systempreferences", "bundle_name": "System Preferences", + "bundle_package_type": "APPL", + "bundle_short_version": "14.0", "bundle_version": "14.0", - "development_region": "English", - "path": "/Applications/System Preferences.app", - "name": "System Preferences.app", - "bundle_identifier": "com.apple.systempreferences", - "minimum_system_version": "10.9.0", - "bundle_executable": "System Preferences", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "last_opened_time": "1513632662.6779", + "minimum_system_version": "10.9.0", + "name": "System Preferences.app", + "path": "/Applications/System Preferences.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"System Preferences\",\"bundle_identifier\":\"com.apple.systempreferences\",\"bundle_name\":\"System Preferences\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"14.0\",\"bundle_version\":\"14.0\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1513632662.6779\",\"minimum_system_version\":\"10.9.0\",\"name\":\"System Preferences.app\",\"path\":\"/Applications/System Preferences.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"TextEdit\",\"bundle_identifier\":\"com.apple.TextEdit\",\"bundle_name\":\"TextEdit\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.13\",\"bundle_version\":\"332\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2017, Apple Inc.\\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"TextEdit\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1510917447.05348\",\"minimum_system_version\":\"10.10\",\"name\":\"TextEdit.app\",\"path\":\"/Applications/TextEdit.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/TextEdit.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 1995-2017, Apple Inc.\\x0AAll rights reserved.", - "bundle_short_version": "1.13", - "last_opened_time": "1510917447.05348", + "bundle_executable": "TextEdit", + "bundle_identifier": "com.apple.TextEdit", "bundle_name": "TextEdit", - "display_name": "TextEdit", + "bundle_package_type": "APPL", + "bundle_short_version": "1.13", "bundle_version": "332", - "development_region": "English", - "path": "/Applications/TextEdit.app", - "name": "TextEdit.app", - "bundle_identifier": "com.apple.TextEdit", - "minimum_system_version": "10.10", - "bundle_executable": "TextEdit", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 1995-2017, Apple Inc.\\x0AAll rights reserved.", + "development_region": "English", + "display_name": "TextEdit", + "last_opened_time": "1510917447.05348", + "minimum_system_version": "10.10", + "name": "TextEdit.app", + "path": "/Applications/TextEdit.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"TextEdit\",\"bundle_identifier\":\"com.apple.TextEdit\",\"bundle_name\":\"TextEdit\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.13\",\"bundle_version\":\"332\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2017, Apple Inc.\\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"TextEdit\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1510917447.05348\",\"minimum_system_version\":\"10.10\",\"name\":\"TextEdit.app\",\"path\":\"/Applications/TextEdit.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Time Machine\",\"bundle_identifier\":\"com.apple.backup.launcher\",\"bundle_name\":\"Time Machine\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.3\",\"bundle_version\":\"1.3\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.3, Copyright 2007-2014 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"Time Machine.app\",\"path\":\"/Applications/Time Machine.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Time Machine.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "1.3, Copyright 2007-2014 Apple Inc.", - "bundle_short_version": "1.3", - "last_opened_time": "-1.0", + "bundle_executable": "Time Machine", + "bundle_identifier": "com.apple.backup.launcher", "bundle_name": "Time Machine", + "bundle_package_type": "APPL", + "bundle_short_version": "1.3", "bundle_version": "1.3", - "development_region": "English", - "path": "/Applications/Time Machine.app", - "name": "Time Machine.app", - "bundle_identifier": "com.apple.backup.launcher", - "minimum_system_version": "10.7", - "bundle_executable": "Time Machine", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "development_region": "English", + "element": "1", + "info_string": "1.3, Copyright 2007-2014 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.7", + "name": "Time Machine.app", + "path": "/Applications/Time Machine.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Time Machine\",\"bundle_identifier\":\"com.apple.backup.launcher\",\"bundle_name\":\"Time Machine\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.3\",\"bundle_version\":\"1.3\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.3, Copyright 2007-2014 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"Time Machine.app\",\"path\":\"/Applications/Time Machine.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Activity Monitor\",\"bundle_identifier\":\"com.apple.ActivityMonitor\",\"bundle_name\":\"Activity Monitor\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.13, Copyright \\\\xC2\\\\xA9 2000-2017 Apple Inc.\",\"last_opened_time\":\"1513156459.86595\",\"minimum_system_version\":\"10.13\",\"name\":\"Activity Monitor.app\",\"path\":\"/Applications/Utilities/Activity Monitor.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Activity Monitor.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "10.13, Copyright \\xC2\\xA9 2000-2017 Apple Inc.", - "bundle_short_version": "10.13", - "last_opened_time": "1513156459.86595", - "bundle_name": "Activity Monitor", - "development_region": "English", - "path": "/Applications/Utilities/Activity Monitor.app", - "name": "Activity Monitor.app", - "bundle_identifier": "com.apple.ActivityMonitor", - "minimum_system_version": "10.13", "bundle_executable": "Activity Monitor", + "bundle_identifier": "com.apple.ActivityMonitor", + "bundle_name": "Activity Monitor", + "bundle_package_type": "APPL", + "bundle_short_version": "10.13", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "info_string": "10.13, Copyright \\xC2\\xA9 2000-2017 Apple Inc.", + "last_opened_time": "1513156459.86595", + "minimum_system_version": "10.13", + "name": "Activity Monitor.app", + "path": "/Applications/Utilities/Activity Monitor.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Activity Monitor\",\"bundle_identifier\":\"com.apple.ActivityMonitor\",\"bundle_name\":\"Activity Monitor\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.13, Copyright \\\\xC2\\\\xA9 2000-2017 Apple Inc.\",\"last_opened_time\":\"1513156459.86595\",\"minimum_system_version\":\"10.13\",\"name\":\"Activity Monitor.app\",\"path\":\"/Applications/Utilities/Activity Monitor.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirPort Utility\",\"bundle_identifier\":\"com.apple.airport.airportutility\",\"bundle_name\":\"AirPort Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.3.8\",\"bundle_version\":\"638.5\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2001 -2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"AirPort Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"6.3.8, Copyright 2001 -2017 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10\",\"name\":\"AirPort Utility.app\",\"path\":\"/Applications/Utilities/AirPort Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/AirPort Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2001 -2017 Apple Inc. All rights reserved.", - "info_string": "6.3.8, Copyright 2001 -2017 Apple Inc.", - "bundle_short_version": "6.3.8", - "last_opened_time": "-1.0", + "bundle_executable": "AirPort Utility", + "bundle_identifier": "com.apple.airport.airportutility", "bundle_name": "AirPort Utility", - "display_name": "AirPort Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "6.3.8", "bundle_version": "638.5", - "development_region": "en", - "path": "/Applications/Utilities/AirPort Utility.app", - "name": "AirPort Utility.app", - "bundle_identifier": "com.apple.airport.airportutility", - "minimum_system_version": "10.10", - "bundle_executable": "AirPort Utility", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2001 -2017 Apple Inc. All rights reserved.", + "development_region": "en", + "display_name": "AirPort Utility", + "info_string": "6.3.8, Copyright 2001 -2017 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.10", + "name": "AirPort Utility.app", + "path": "/Applications/Utilities/AirPort Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirPort Utility\",\"bundle_identifier\":\"com.apple.airport.airportutility\",\"bundle_name\":\"AirPort Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.3.8\",\"bundle_version\":\"638.5\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2001 -2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"AirPort Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"6.3.8, Copyright 2001 -2017 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10\",\"name\":\"AirPort Utility.app\",\"path\":\"/Applications/Utilities/AirPort Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Audio MIDI Setup\",\"bundle_identifier\":\"com.apple.audio.AudioMIDISetup\",\"bundle_name\":\"Audio MIDI Setup\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.2\",\"bundle_version\":\"3.2\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"3.2, Copyright 2002-2017 Apple, Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9.0\",\"name\":\"Audio MIDI Setup.app\",\"path\":\"/Applications/Utilities/Audio MIDI Setup.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Audio MIDI Setup.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "3.2, Copyright 2002-2017 Apple, Inc.", - "bundle_short_version": "3.2", - "last_opened_time": "-1.0", + "bundle_executable": "Audio MIDI Setup", + "bundle_identifier": "com.apple.audio.AudioMIDISetup", "bundle_name": "Audio MIDI Setup", + "bundle_package_type": "APPL", + "bundle_short_version": "3.2", "bundle_version": "3.2", - "development_region": "English", - "path": "/Applications/Utilities/Audio MIDI Setup.app", - "name": "Audio MIDI Setup.app", - "bundle_identifier": "com.apple.audio.AudioMIDISetup", - "minimum_system_version": "10.9.0", - "bundle_executable": "Audio MIDI Setup", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "info_string": "3.2, Copyright 2002-2017 Apple, Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.9.0", + "name": "Audio MIDI Setup.app", + "path": "/Applications/Utilities/Audio MIDI Setup.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Audio MIDI Setup\",\"bundle_identifier\":\"com.apple.audio.AudioMIDISetup\",\"bundle_name\":\"Audio MIDI Setup\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.2\",\"bundle_version\":\"3.2\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"3.2, Copyright 2002-2017 Apple, Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9.0\",\"name\":\"Audio MIDI Setup.app\",\"path\":\"/Applications/Utilities/Audio MIDI Setup.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Bluetooth File Exchange\",\"bundle_identifier\":\"com.apple.BluetoothFileExchange\",\"bundle_name\":\"Bluetooth File Exchange\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.0.0\",\"bundle_version\":\"6.0.1f1\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"6.0.0, Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Bluetooth File Exchange.app\",\"path\":\"/Applications/Utilities/Bluetooth File Exchange.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Bluetooth File Exchange.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", - "info_string": "6.0.0, Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "6.0.0", - "last_opened_time": "-1.0", + "bundle_executable": "Bluetooth File Exchange", + "bundle_identifier": "com.apple.BluetoothFileExchange", "bundle_name": "Bluetooth File Exchange", + "bundle_package_type": "APPL", + "bundle_short_version": "6.0.0", "bundle_version": "6.0.1f1", - "development_region": "English", - "path": "/Applications/Utilities/Bluetooth File Exchange.app", - "name": "Bluetooth File Exchange.app", - "bundle_identifier": "com.apple.BluetoothFileExchange", - "minimum_system_version": "10.13", - "bundle_executable": "Bluetooth File Exchange", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", + "development_region": "English", + "info_string": "6.0.0, Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Bluetooth File Exchange.app", + "path": "/Applications/Utilities/Bluetooth File Exchange.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Bluetooth File Exchange\",\"bundle_identifier\":\"com.apple.BluetoothFileExchange\",\"bundle_name\":\"Bluetooth File Exchange\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.0.0\",\"bundle_version\":\"6.0.1f1\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"6.0.0, Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Bluetooth File Exchange.app\",\"path\":\"/Applications/Utilities/Bluetooth File Exchange.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Boot Camp Assistant\",\"bundle_identifier\":\"com.apple.bootcampassistant\",\"bundle_name\":\"Boot Camp Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.1.0\",\"bundle_version\":\"6067.20.4\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Boot Camp Assistant\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Boot Camp Assistant 6.1.0, Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.11.0\",\"name\":\"Boot Camp Assistant.app\",\"path\":\"/Applications/Utilities/Boot Camp Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Boot Camp Assistant.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "Boot Camp Assistant 6.1.0, Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved", - "bundle_short_version": "6.1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Boot Camp Assistant", + "bundle_identifier": "com.apple.bootcampassistant", "bundle_name": "Boot Camp Assistant", - "display_name": "Boot Camp Assistant", + "bundle_package_type": "APPL", + "bundle_short_version": "6.1.0", "bundle_version": "6067.20.4", - "development_region": "English", - "path": "/Applications/Utilities/Boot Camp Assistant.app", - "name": "Boot Camp Assistant.app", - "bundle_identifier": "com.apple.bootcampassistant", - "minimum_system_version": "10.11.0", - "bundle_executable": "Boot Camp Assistant", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "Boot Camp Assistant", + "info_string": "Boot Camp Assistant 6.1.0, Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved", + "last_opened_time": "-1.0", + "minimum_system_version": "10.11.0", + "name": "Boot Camp Assistant.app", + "path": "/Applications/Utilities/Boot Camp Assistant.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Boot Camp Assistant\",\"bundle_identifier\":\"com.apple.bootcampassistant\",\"bundle_name\":\"Boot Camp Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.1.0\",\"bundle_version\":\"6067.20.4\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Boot Camp Assistant\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Boot Camp Assistant 6.1.0, Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.11.0\",\"name\":\"Boot Camp Assistant.app\",\"path\":\"/Applications/Utilities/Boot Camp Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ColorSync Utility\",\"bundle_identifier\":\"com.apple.ColorSyncUtility\",\"bundle_name\":\"ColorSync Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.13.0\",\"bundle_version\":\"303\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014\\\\xE2\\\\x80\\\\x932017 Apple Inc.\\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"ColorSync Utility.app\",\"path\":\"/Applications/Utilities/ColorSync Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/ColorSync Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014\\xE2\\x80\\x932017 Apple Inc.\\x0AAll rights reserved.", - "bundle_short_version": "4.13.0", - "last_opened_time": "-1.0", + "bundle_executable": "ColorSync Utility", + "bundle_identifier": "com.apple.ColorSyncUtility", "bundle_name": "ColorSync Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "4.13.0", "bundle_version": "303", - "development_region": "English", - "path": "/Applications/Utilities/ColorSync Utility.app", - "name": "ColorSync Utility.app", - "bundle_identifier": "com.apple.ColorSyncUtility", - "minimum_system_version": "10.13", - "bundle_executable": "ColorSync Utility", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2014\\xE2\\x80\\x932017 Apple Inc.\\x0AAll rights reserved.", + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "ColorSync Utility.app", + "path": "/Applications/Utilities/ColorSync Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ColorSync Utility\",\"bundle_identifier\":\"com.apple.ColorSyncUtility\",\"bundle_name\":\"ColorSync Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.13.0\",\"bundle_version\":\"303\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014\\\\xE2\\\\x80\\\\x932017 Apple Inc.\\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"ColorSync Utility.app\",\"path\":\"/Applications/Utilities/ColorSync Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Console\",\"bundle_identifier\":\"com.apple.Console\",\"bundle_name\":\"Console\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"2.0.44\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"Console\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Console.app\",\"path\":\"/Applications/Utilities/Console.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Console.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Console", + "bundle_identifier": "com.apple.Console", "bundle_name": "Console", - "display_name": "Console", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "2.0.44", - "development_region": "en", - "path": "/Applications/Utilities/Console.app", - "name": "Console.app", - "bundle_identifier": "com.apple.Console", - "minimum_system_version": "10.13", - "bundle_executable": "Console", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "en", + "display_name": "Console", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Console.app", + "path": "/Applications/Utilities/Console.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Console\",\"bundle_identifier\":\"com.apple.Console\",\"bundle_name\":\"Console\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"2.0.44\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"Console\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Console.app\",\"path\":\"/Applications/Utilities/Console.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Digital Color Meter\",\"bundle_identifier\":\"com.apple.DigitalColorMeter\",\"bundle_name\":\"Digital Color Meter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.11\",\"bundle_version\":\"5.11\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 Copyright 2001-2017 Apple Inc., All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.11, \\\\xC2\\\\xA9 Copyright 2001-2017 Apple Inc. All Rights Reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Digital Color Meter.app\",\"path\":\"/Applications/Utilities/Digital Color Meter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Digital Color Meter.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "\\xC2\\xA9 Copyright 2001-2017 Apple Inc., All Rights Reserved.", - "info_string": "5.11, \\xC2\\xA9 Copyright 2001-2017 Apple Inc. All Rights Reserved.", - "bundle_short_version": "5.11", - "last_opened_time": "-1.0", + "bundle_executable": "Digital Color Meter", + "bundle_identifier": "com.apple.DigitalColorMeter", "bundle_name": "Digital Color Meter", + "bundle_package_type": "APPL", + "bundle_short_version": "5.11", "bundle_version": "5.11", - "development_region": "English", - "path": "/Applications/Utilities/Digital Color Meter.app", - "name": "Digital Color Meter.app", - "bundle_identifier": "com.apple.DigitalColorMeter", - "minimum_system_version": "10.13", - "bundle_executable": "Digital Color Meter", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "\\xC2\\xA9 Copyright 2001-2017 Apple Inc., All Rights Reserved.", + "development_region": "English", + "info_string": "5.11, \\xC2\\xA9 Copyright 2001-2017 Apple Inc. All Rights Reserved.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Digital Color Meter.app", + "path": "/Applications/Utilities/Digital Color Meter.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Digital Color Meter\",\"bundle_identifier\":\"com.apple.DigitalColorMeter\",\"bundle_name\":\"Digital Color Meter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.11\",\"bundle_version\":\"5.11\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 Copyright 2001-2017 Apple Inc., All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.11, \\\\xC2\\\\xA9 Copyright 2001-2017 Apple Inc. All Rights Reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Digital Color Meter.app\",\"path\":\"/Applications/Utilities/Digital Color Meter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Disk Utility\",\"bundle_identifier\":\"com.apple.DiskUtility\",\"bundle_name\":\"Disk Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"17.0\",\"bundle_version\":\"1626\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015-2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Disk Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Disk Utility.app\",\"path\":\"/Applications/Utilities/Disk Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Disk Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "17.0", - "last_opened_time": "-1.0", + "bundle_executable": "Disk Utility", + "bundle_identifier": "com.apple.DiskUtility", "bundle_name": "Disk Utility", - "display_name": "Disk Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "17.0", "bundle_version": "1626", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2015-2017 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/Applications/Utilities/Disk Utility.app", - "name": "Disk Utility.app", - "bundle_identifier": "com.apple.DiskUtility", + "display_name": "Disk Utility", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Disk Utility", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Disk Utility.app", + "path": "/Applications/Utilities/Disk Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Disk Utility\",\"bundle_identifier\":\"com.apple.DiskUtility\",\"bundle_name\":\"Disk Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"17.0\",\"bundle_version\":\"1626\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015-2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Disk Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Disk Utility.app\",\"path\":\"/Applications/Utilities/Disk Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Grab\",\"bundle_identifier\":\"com.apple.Grab\",\"bundle_name\":\"Grab\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.10\",\"bundle_version\":\"141\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2017 Apple Inc.\\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.11\",\"name\":\"Grab.app\",\"path\":\"/Applications/Utilities/Grab.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Grab.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 1995-2017 Apple Inc.\\x0AAll rights reserved.", - "bundle_short_version": "1.10", - "last_opened_time": "-1.0", + "bundle_executable": "Grab", + "bundle_identifier": "com.apple.Grab", "bundle_name": "Grab", + "bundle_package_type": "APPL", + "bundle_short_version": "1.10", "bundle_version": "141", - "development_region": "English", - "path": "/Applications/Utilities/Grab.app", - "name": "Grab.app", - "bundle_identifier": "com.apple.Grab", - "minimum_system_version": "10.11", - "bundle_executable": "Grab", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 1995-2017 Apple Inc.\\x0AAll rights reserved.", + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.11", + "name": "Grab.app", + "path": "/Applications/Utilities/Grab.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Grab\",\"bundle_identifier\":\"com.apple.Grab\",\"bundle_name\":\"Grab\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.10\",\"bundle_version\":\"141\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2017 Apple Inc.\\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.11\",\"name\":\"Grab.app\",\"path\":\"/Applications/Utilities/Grab.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Grapher\",\"bundle_identifier\":\"com.apple.grapher\",\"bundle_name\":\"Grapher\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.6\",\"bundle_version\":\"\",\"category\":\"public.app-category.education\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Grapher\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7.0\",\"name\":\"Grapher.app\",\"path\":\"/Applications/Utilities/Grapher.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Grapher.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "2.6", - "last_opened_time": "-1.0", - "bundle_name": "Grapher", - "display_name": "Grapher", - "development_region": "English", - "path": "/Applications/Utilities/Grapher.app", - "name": "Grapher.app", - "bundle_identifier": "com.apple.grapher", - "minimum_system_version": "10.7.0", "bundle_executable": "Grapher", + "bundle_identifier": "com.apple.grapher", + "bundle_name": "Grapher", + "bundle_package_type": "APPL", + "bundle_short_version": "2.6", "category": "public.app-category.education", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "Grapher", + "last_opened_time": "-1.0", + "minimum_system_version": "10.7.0", + "name": "Grapher.app", + "path": "/Applications/Utilities/Grapher.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Grapher\",\"bundle_identifier\":\"com.apple.grapher\",\"bundle_name\":\"Grapher\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.6\",\"bundle_version\":\"\",\"category\":\"public.app-category.education\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Grapher\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7.0\",\"name\":\"Grapher.app\",\"path\":\"/Applications/Utilities/Grapher.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"0\",\"bundle_executable\":\"Keychain Access\",\"bundle_identifier\":\"com.apple.keychainaccess\",\"bundle_name\":\"Keychain Access\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"55237.1.1\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1998-2017, Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"Keychain Access\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13.0\",\"name\":\"Keychain Access.app\",\"path\":\"/Applications/Utilities/Keychain Access.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Keychain Access.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "0", - "copyright": "Copyright \\xC2\\xA9 1998-2017, Apple Inc. All Rights Reserved.", - "bundle_short_version": "10.0", - "last_opened_time": "-1.0", + "bundle_executable": "Keychain Access", + "bundle_identifier": "com.apple.keychainaccess", "bundle_name": "Keychain Access", - "display_name": "Keychain Access", + "bundle_package_type": "APPL", + "bundle_short_version": "10.0", "bundle_version": "55237.1.1", - "development_region": "English", - "path": "/Applications/Utilities/Keychain Access.app", - "name": "Keychain Access.app", - "bundle_identifier": "com.apple.keychainaccess", - "minimum_system_version": "10.13.0", - "bundle_executable": "Keychain Access", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 1998-2017, Apple Inc. All Rights Reserved.", + "development_region": "English", + "display_name": "Keychain Access", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13.0", + "name": "Keychain Access.app", + "path": "/Applications/Utilities/Keychain Access.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"0\",\"bundle_executable\":\"Keychain Access\",\"bundle_identifier\":\"com.apple.keychainaccess\",\"bundle_name\":\"Keychain Access\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"55237.1.1\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1998-2017, Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"Keychain Access\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13.0\",\"name\":\"Keychain Access.app\",\"path\":\"/Applications/Utilities/Keychain Access.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Migration Assistant\",\"bundle_identifier\":\"com.apple.MigrateAssistant\",\"bundle_name\":\"Migration Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"10.13\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"Migration Assistant\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Migration Assistant.app\",\"path\":\"/Applications/Utilities/Migration Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Migration Assistant.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", - "bundle_short_version": "10.13", - "last_opened_time": "-1.0", + "bundle_executable": "Migration Assistant", + "bundle_identifier": "com.apple.MigrateAssistant", "bundle_name": "Migration Assistant", - "display_name": "Migration Assistant", + "bundle_package_type": "APPL", + "bundle_short_version": "10.13", "bundle_version": "10.13", - "development_region": "English", - "path": "/Applications/Utilities/Migration Assistant.app", - "name": "Migration Assistant.app", - "bundle_identifier": "com.apple.MigrateAssistant", - "minimum_system_version": "10.13", - "bundle_executable": "Migration Assistant", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", + "development_region": "English", + "display_name": "Migration Assistant", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Migration Assistant.app", + "path": "/Applications/Utilities/Migration Assistant.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Migration Assistant\",\"bundle_identifier\":\"com.apple.MigrateAssistant\",\"bundle_name\":\"Migration Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"10.13\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"Migration Assistant\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Migration Assistant.app\",\"path\":\"/Applications/Utilities/Migration Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Script Editor\",\"bundle_identifier\":\"com.apple.ScriptEditor2\",\"bundle_name\":\"Script Editor\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.10\",\"bundle_version\":\"194\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10.0\",\"name\":\"Script Editor.app\",\"path\":\"/Applications/Utilities/Script Editor.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Script Editor.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "2.10", - "last_opened_time": "-1.0", + "bundle_executable": "Script Editor", + "bundle_identifier": "com.apple.ScriptEditor2", "bundle_name": "Script Editor", + "bundle_package_type": "APPL", + "bundle_short_version": "2.10", "bundle_version": "194", - "development_region": "English", - "path": "/Applications/Utilities/Script Editor.app", - "name": "Script Editor.app", - "bundle_identifier": "com.apple.ScriptEditor2", - "minimum_system_version": "10.10.0", - "bundle_executable": "Script Editor", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.10.0", + "name": "Script Editor.app", + "path": "/Applications/Utilities/Script Editor.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Script Editor\",\"bundle_identifier\":\"com.apple.ScriptEditor2\",\"bundle_name\":\"Script Editor\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.10\",\"bundle_version\":\"194\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10.0\",\"name\":\"Script Editor.app\",\"path\":\"/Applications/Utilities/Script Editor.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"System Information\",\"bundle_identifier\":\"com.apple.SystemProfiler\",\"bundle_name\":\"System Information\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.12\",\"bundle_version\":\"915\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"10.12, Copyright \\\\xC2\\\\xA9 1997-2016 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.12\",\"name\":\"System Information.app\",\"path\":\"/Applications/Utilities/System Information.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/System Information.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "10.12, Copyright \\xC2\\xA9 1997-2016 Apple Inc.", - "bundle_short_version": "10.12", - "last_opened_time": "-1.0", + "bundle_executable": "System Information", + "bundle_identifier": "com.apple.SystemProfiler", "bundle_name": "System Information", + "bundle_package_type": "APPL", + "bundle_short_version": "10.12", "bundle_version": "915", - "development_region": "English", - "path": "/Applications/Utilities/System Information.app", - "name": "System Information.app", - "bundle_identifier": "com.apple.SystemProfiler", - "minimum_system_version": "10.12", - "bundle_executable": "System Information", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "development_region": "English", + "element": "1", + "info_string": "10.12, Copyright \\xC2\\xA9 1997-2016 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.12", + "name": "System Information.app", + "path": "/Applications/Utilities/System Information.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"System Information\",\"bundle_identifier\":\"com.apple.SystemProfiler\",\"bundle_name\":\"System Information\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.12\",\"bundle_version\":\"915\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"10.12, Copyright \\\\xC2\\\\xA9 1997-2016 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.12\",\"name\":\"System Information.app\",\"path\":\"/Applications/Utilities/System Information.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Terminal\",\"bundle_identifier\":\"com.apple.Terminal\",\"bundle_name\":\"Terminal\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.8\",\"bundle_version\":\"400\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 1991\\\\xE2\\\\x80\\\\x932017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"Terminal\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10\",\"name\":\"Terminal.app\",\"path\":\"/Applications/Utilities/Terminal.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/Terminal.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "\\xC2\\xA9 1991\\xE2\\x80\\x932017 Apple Inc. All rights reserved.", - "bundle_short_version": "2.8", - "last_opened_time": "-1.0", + "bundle_executable": "Terminal", + "bundle_identifier": "com.apple.Terminal", "bundle_name": "Terminal", - "display_name": "Terminal", + "bundle_package_type": "APPL", + "bundle_short_version": "2.8", "bundle_version": "400", - "development_region": "English", - "path": "/Applications/Utilities/Terminal.app", - "name": "Terminal.app", - "bundle_identifier": "com.apple.Terminal", - "minimum_system_version": "10.10", - "bundle_executable": "Terminal", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "\\xC2\\xA9 1991\\xE2\\x80\\x932017 Apple Inc. All rights reserved.", + "development_region": "English", + "display_name": "Terminal", + "last_opened_time": "-1.0", + "minimum_system_version": "10.10", + "name": "Terminal.app", + "path": "/Applications/Utilities/Terminal.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Terminal\",\"bundle_identifier\":\"com.apple.Terminal\",\"bundle_name\":\"Terminal\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.8\",\"bundle_version\":\"400\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 1991\\\\xE2\\\\x80\\\\x932017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"Terminal\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10\",\"name\":\"Terminal.app\",\"path\":\"/Applications/Utilities/Terminal.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"VoiceOver Utility\",\"bundle_identifier\":\"com.apple.VoiceOverUtility\",\"bundle_name\":\"VoiceOver Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8\",\"bundle_version\":\"562.1.3\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2005-2017 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"VoiceOver Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7.0\",\"name\":\"VoiceOver Utility.app\",\"path\":\"/Applications/Utilities/VoiceOver Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/Utilities/VoiceOver Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2005-2017 Apple Inc. All Rights Reserved.", - "bundle_short_version": "8", - "last_opened_time": "-1.0", + "bundle_executable": "VoiceOver Utility", + "bundle_identifier": "com.apple.VoiceOverUtility", "bundle_name": "VoiceOver Utility", - "display_name": "VoiceOver Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "8", "bundle_version": "562.1.3", - "development_region": "English", - "path": "/Applications/Utilities/VoiceOver Utility.app", - "name": "VoiceOver Utility.app", - "bundle_identifier": "com.apple.VoiceOverUtility", - "minimum_system_version": "10.7.0", - "bundle_executable": "VoiceOver Utility", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2005-2017 Apple Inc. All Rights Reserved.", + "development_region": "English", + "display_name": "VoiceOver Utility", + "last_opened_time": "-1.0", + "minimum_system_version": "10.7.0", + "name": "VoiceOver Utility.app", + "path": "/Applications/Utilities/VoiceOver Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"VoiceOver Utility\",\"bundle_identifier\":\"com.apple.VoiceOverUtility\",\"bundle_name\":\"VoiceOver Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8\",\"bundle_version\":\"562.1.3\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2005-2017 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"VoiceOver Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7.0\",\"name\":\"VoiceOver Utility.app\",\"path\":\"/Applications/Utilities/VoiceOver Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"VLC\",\"bundle_identifier\":\"org.videolan.vlc\",\"bundle_name\":\"VLC media player\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.2.6\",\"bundle_version\":\"2.2.6\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Copyright \\\\xC2\\\\xA9 1996-2017 the VideoLAN team\",\"last_opened_time\":\"1512394567.88232\",\"minimum_system_version\":\"10.6.0\",\"name\":\"VLC.app\",\"path\":\"/Applications/VLC.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/VLC.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "Copyright \\xC2\\xA9 1996-2017 the VideoLAN team", - "bundle_short_version": "2.2.6", - "last_opened_time": "1512394567.88232", + "bundle_executable": "VLC", + "bundle_identifier": "org.videolan.vlc", "bundle_name": "VLC media player", + "bundle_package_type": "APPL", + "bundle_short_version": "2.2.6", "bundle_version": "2.2.6", "development_region": "English", - "path": "/Applications/VLC.app", - "name": "VLC.app", - "bundle_identifier": "org.videolan.vlc", + "info_string": "Copyright \\xC2\\xA9 1996-2017 the VideoLAN team", + "last_opened_time": "1512394567.88232", "minimum_system_version": "10.6.0", - "bundle_executable": "VLC", - "bundle_package_type": "APPL" + "name": "VLC.app", + "path": "/Applications/VLC.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"VLC\",\"bundle_identifier\":\"org.videolan.vlc\",\"bundle_name\":\"VLC media player\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.2.6\",\"bundle_version\":\"2.2.6\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Copyright \\\\xC2\\\\xA9 1996-2017 the VideoLAN team\",\"last_opened_time\":\"1512394567.88232\",\"minimum_system_version\":\"10.6.0\",\"name\":\"VLC.app\",\"path\":\"/Applications/VLC.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"VirtualBox\",\"bundle_identifier\":\"org.virtualbox.app.VirtualBox\",\"bundle_name\":\"VirtualBox\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.1.26\",\"bundle_version\":\"5.1.26\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Oracle VM VirtualBox Manager 5.1.26, \\\\xC2\\\\xA9 2007-2017 Oracle Corporation\",\"last_opened_time\":\"1510061902.02579\",\"minimum_system_version\":\"\",\"name\":\"VirtualBox.app\",\"path\":\"/Applications/VirtualBox.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/VirtualBox.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Applications/VirtualBox.app", - "info_string": "Oracle VM VirtualBox Manager 5.1.26, \\xC2\\xA9 2007-2017 Oracle Corporation", - "name": "VirtualBox.app", - "bundle_short_version": "5.1.26", + "bundle_executable": "VirtualBox", "bundle_identifier": "org.virtualbox.app.VirtualBox", - "last_opened_time": "1510061902.02579", "bundle_name": "VirtualBox", - "bundle_executable": "VirtualBox", "bundle_package_type": "APPL", - "bundle_version": "5.1.26" + "bundle_short_version": "5.1.26", + "bundle_version": "5.1.26", + "development_region": "English", + "info_string": "Oracle VM VirtualBox Manager 5.1.26, \\xC2\\xA9 2007-2017 Oracle Corporation", + "last_opened_time": "1510061902.02579", + "name": "VirtualBox.app", + "path": "/Applications/VirtualBox.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"VirtualBox\",\"bundle_identifier\":\"org.virtualbox.app.VirtualBox\",\"bundle_name\":\"VirtualBox\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.1.26\",\"bundle_version\":\"5.1.26\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Oracle VM VirtualBox Manager 5.1.26, \\\\xC2\\\\xA9 2007-2017 Oracle Corporation\",\"last_opened_time\":\"1510061902.02579\",\"minimum_system_version\":\"\",\"name\":\"VirtualBox.app\",\"path\":\"/Applications/VirtualBox.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"iBooks\",\"bundle_identifier\":\"com.apple.iBooksX\",\"bundle_name\":\"iBooks\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.12\",\"bundle_version\":\"1453\",\"category\":\"public.app-category.education\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013\\\\xE2\\\\x80\\\\x932017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"iBooks\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514394511.22793\",\"minimum_system_version\":\"10.13\",\"name\":\"iBooks.app\",\"path\":\"/Applications/iBooks.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/iBooks.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2013\\xE2\\x80\\x932017 Apple Inc. All rights reserved.", - "bundle_short_version": "1.12", - "last_opened_time": "1514394511.22793", + "bundle_executable": "iBooks", + "bundle_identifier": "com.apple.iBooksX", "bundle_name": "iBooks", - "display_name": "iBooks", + "bundle_package_type": "APPL", + "bundle_short_version": "1.12", "bundle_version": "1453", - "development_region": "en", - "path": "/Applications/iBooks.app", - "name": "iBooks.app", - "bundle_identifier": "com.apple.iBooksX", - "minimum_system_version": "10.13", - "bundle_executable": "iBooks", "category": "public.app-category.education", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA9 2013\\xE2\\x80\\x932017 Apple Inc. All rights reserved.", + "development_region": "en", + "display_name": "iBooks", + "last_opened_time": "1514394511.22793", + "minimum_system_version": "10.13", + "name": "iBooks.app", + "path": "/Applications/iBooks.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"iBooks\",\"bundle_identifier\":\"com.apple.iBooksX\",\"bundle_name\":\"iBooks\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.12\",\"bundle_version\":\"1453\",\"category\":\"public.app-category.education\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013\\\\xE2\\\\x80\\\\x932017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"iBooks\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514394511.22793\",\"minimum_system_version\":\"10.13\",\"name\":\"iBooks.app\",\"path\":\"/Applications/iBooks.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"iMovie\",\"bundle_identifier\":\"com.apple.iMovieApp\",\"bundle_name\":\"iMovie\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1.8\",\"bundle_version\":\"311956\",\"category\":\"public.app-category.video\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"iMovie\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.12.2\",\"name\":\"iMovie.app\",\"path\":\"/Applications/iMovie.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/iMovie.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "10.1.8", - "last_opened_time": "-1.0", + "bundle_executable": "iMovie", + "bundle_identifier": "com.apple.iMovieApp", "bundle_name": "iMovie", - "display_name": "iMovie", + "bundle_package_type": "APPL", + "bundle_short_version": "10.1.8", "bundle_version": "311956", - "development_region": "English", - "path": "/Applications/iMovie.app", - "name": "iMovie.app", - "bundle_identifier": "com.apple.iMovieApp", - "minimum_system_version": "10.12.2", - "bundle_executable": "iMovie", "category": "public.app-category.video", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "iMovie", + "last_opened_time": "-1.0", + "minimum_system_version": "10.12.2", + "name": "iMovie.app", + "path": "/Applications/iMovie.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"iMovie\",\"bundle_identifier\":\"com.apple.iMovieApp\",\"bundle_name\":\"iMovie\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1.8\",\"bundle_version\":\"311956\",\"category\":\"public.app-category.video\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"iMovie\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.12.2\",\"name\":\"iMovie.app\",\"path\":\"/Applications/iMovie.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"iTerm2\",\"bundle_identifier\":\"com.googlecode.iterm2\",\"bundle_name\":\"iTerm2\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.1.5\",\"bundle_version\":\"3.1.5\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"GPL v2\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"3.1.5\",\"last_opened_time\":\"1514388918.75655\",\"minimum_system_version\":\"\",\"name\":\"iTerm.app\",\"path\":\"/Applications/iTerm.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/iTerm.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "GPL v2", - "info_string": "3.1.5", - "bundle_short_version": "3.1.5", - "last_opened_time": "1514388918.75655", + "bundle_executable": "iTerm2", + "bundle_identifier": "com.googlecode.iterm2", "bundle_name": "iTerm2", + "bundle_package_type": "APPL", + "bundle_short_version": "3.1.5", "bundle_version": "3.1.5", - "development_region": "English", - "path": "/Applications/iTerm.app", - "name": "iTerm.app", - "bundle_identifier": "com.googlecode.iterm2", - "bundle_executable": "iTerm2", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "GPL v2", + "development_region": "English", + "info_string": "3.1.5", + "last_opened_time": "1514388918.75655", + "name": "iTerm.app", + "path": "/Applications/iTerm.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"iTerm2\",\"bundle_identifier\":\"com.googlecode.iterm2\",\"bundle_name\":\"iTerm2\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.1.5\",\"bundle_version\":\"3.1.5\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"GPL v2\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"3.1.5\",\"last_opened_time\":\"1514388918.75655\",\"minimum_system_version\":\"\",\"name\":\"iTerm.app\",\"path\":\"/Applications/iTerm.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"iTunes\",\"bundle_identifier\":\"com.apple.iTunes\",\"bundle_name\":\"iTunes\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"12.7.2\",\"bundle_version\":\"12.7.2\",\"category\":\"public.app-category.music\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"iTunes 12.7.2.60, \\\\xC2\\\\xA9 2000\\\\xE2\\\\x80\\\\x932017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"iTunes 12.7.2.60, \\\\xC2\\\\xA9 2000\\\\xE2\\\\x80\\\\x932017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"1514194675.29344\",\"minimum_system_version\":\"10.10.5\",\"name\":\"iTunes.app\",\"path\":\"/Applications/iTunes.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/iTunes.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "iTunes 12.7.2.60, \\xC2\\xA9 2000\\xE2\\x80\\x932017 Apple Inc. All rights reserved.", - "info_string": "iTunes 12.7.2.60, \\xC2\\xA9 2000\\xE2\\x80\\x932017 Apple Inc. All rights reserved.", - "bundle_short_version": "12.7.2", - "last_opened_time": "1514194675.29344", + "bundle_executable": "iTunes", + "bundle_identifier": "com.apple.iTunes", "bundle_name": "iTunes", + "bundle_package_type": "APPL", + "bundle_short_version": "12.7.2", "bundle_version": "12.7.2", - "development_region": "English", - "path": "/Applications/iTunes.app", - "name": "iTunes.app", - "bundle_identifier": "com.apple.iTunes", - "minimum_system_version": "10.10.5", - "bundle_executable": "iTunes", "category": "public.app-category.music", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "iTunes 12.7.2.60, \\xC2\\xA9 2000\\xE2\\x80\\x932017 Apple Inc. All rights reserved.", + "development_region": "English", + "info_string": "iTunes 12.7.2.60, \\xC2\\xA9 2000\\xE2\\x80\\x932017 Apple Inc. All rights reserved.", + "last_opened_time": "1514194675.29344", + "minimum_system_version": "10.10.5", + "name": "iTunes.app", + "path": "/Applications/iTunes.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"iTunes\",\"bundle_identifier\":\"com.apple.iTunes\",\"bundle_name\":\"iTunes\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"12.7.2\",\"bundle_version\":\"12.7.2\",\"category\":\"public.app-category.music\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"iTunes 12.7.2.60, \\\\xC2\\\\xA9 2000\\\\xE2\\\\x80\\\\x932017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"iTunes 12.7.2.60, \\\\xC2\\\\xA9 2000\\\\xE2\\\\x80\\\\x932017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"1514194675.29344\",\"minimum_system_version\":\"10.10.5\",\"name\":\"iTunes.app\",\"path\":\"/Applications/iTunes.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"zoom.us\",\"bundle_identifier\":\"us.zoom.xos\",\"bundle_name\":\"zoom.us\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0.38982.0714\",\"bundle_version\":\"4.0.38982.0714\",\"category\":\"public.app-category.video\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA92012-2014 Zoom Video Communications, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1513601978.28297\",\"minimum_system_version\":\"10.6\",\"name\":\"zoom.us.app\",\"path\":\"/Applications/zoom.us.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Applications/zoom.us.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA92012-2014 Zoom Video Communications, Inc. All rights reserved.", - "bundle_short_version": "4.0.38982.0714", - "last_opened_time": "1513601978.28297", + "bundle_executable": "zoom.us", + "bundle_identifier": "us.zoom.xos", "bundle_name": "zoom.us", + "bundle_package_type": "APPL", + "bundle_short_version": "4.0.38982.0714", "bundle_version": "4.0.38982.0714", - "development_region": "en", - "path": "/Applications/zoom.us.app", - "name": "zoom.us.app", - "bundle_identifier": "us.zoom.xos", - "minimum_system_version": "10.6", - "bundle_executable": "zoom.us", "category": "public.app-category.video", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "copyright": "Copyright \\xC2\\xA92012-2014 Zoom Video Communications, Inc. All rights reserved.", + "development_region": "en", + "last_opened_time": "1513601978.28297", + "minimum_system_version": "10.6", + "name": "zoom.us.app", + "path": "/Applications/zoom.us.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"zoom.us\",\"bundle_identifier\":\"us.zoom.xos\",\"bundle_name\":\"zoom.us\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0.38982.0714\",\"bundle_version\":\"4.0.38982.0714\",\"category\":\"public.app-category.video\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA92012-2014 Zoom Video Communications, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1513601978.28297\",\"minimum_system_version\":\"10.6\",\"name\":\"zoom.us.app\",\"path\":\"/Applications/zoom.us.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"GPGSuite_Updater\",\"bundle_identifier\":\"org.gpgtools.updater\",\"bundle_name\":\"GPGSuite_Updater\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2017.3\",\"bundle_version\":\"50\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 GPGTools. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"GPGSuite_Updater\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514201751.70938\",\"minimum_system_version\":\"10.9\",\"name\":\"GPGSuite_Updater.app\",\"path\":\"/Library/Application Support/GPGTools/GPGSuite_Updater.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Application Support/GPGTools/GPGSuite_Updater.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 GPGTools. All rights reserved.", - "bundle_short_version": "2017.3", - "last_opened_time": "1514201751.70938", + "bundle_executable": "GPGSuite_Updater", + "bundle_identifier": "org.gpgtools.updater", "bundle_name": "GPGSuite_Updater", - "display_name": "GPGSuite_Updater", + "bundle_package_type": "APPL", + "bundle_short_version": "2017.3", "bundle_version": "50", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016 GPGTools. All rights reserved.", "development_region": "en", - "path": "/Library/Application Support/GPGTools/GPGSuite_Updater.app", - "name": "GPGSuite_Updater.app", - "bundle_identifier": "org.gpgtools.updater", + "display_name": "GPGSuite_Updater", + "element": "1", + "last_opened_time": "1514201751.70938", "minimum_system_version": "10.9", - "bundle_executable": "GPGSuite_Updater", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "GPGSuite_Updater.app", + "path": "/Library/Application Support/GPGTools/GPGSuite_Updater.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"GPGSuite_Updater\",\"bundle_identifier\":\"org.gpgtools.updater\",\"bundle_name\":\"GPGSuite_Updater\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2017.3\",\"bundle_version\":\"50\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 GPGTools. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"GPGSuite_Updater\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514201751.70938\",\"minimum_system_version\":\"10.9\",\"name\":\"GPGSuite_Updater.app\",\"path\":\"/Library/Application Support/GPGTools/GPGSuite_Updater.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CocoaApplet\",\"bundle_identifier\":\"com.apple.ScriptEditor.id.cocoa-applet-template\",\"bundle_name\":\"CocoaApplet\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1.0\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Cocoa-AppleScript Applet.app\",\"path\":\"/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app", - "name": "Cocoa-AppleScript Applet.app", - "bundle_short_version": "1.0", + "bundle_executable": "CocoaApplet", "bundle_identifier": "com.apple.ScriptEditor.id.cocoa-applet-template", - "last_opened_time": "-1.0", "bundle_name": "CocoaApplet", - "bundle_executable": "CocoaApplet", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", + "bundle_version": "1.0", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "bundle_version": "1.0" + "development_region": "English", + "last_opened_time": "-1.0", + "name": "Cocoa-AppleScript Applet.app", + "path": "/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CocoaApplet\",\"bundle_identifier\":\"com.apple.ScriptEditor.id.cocoa-applet-template\",\"bundle_name\":\"CocoaApplet\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1.0\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Cocoa-AppleScript Applet.app\",\"path\":\"/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Brother Scanner\",\"bundle_identifier\":\"com.brother.scanner.ica\",\"bundle_name\":\"Brother Scanner\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.9.0\",\"bundle_version\":\"272\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"2.9.0, \\\\xC2\\\\xA9 2007-2016 Brother Industries, Ltd. All Rights Reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Brother Scanner.app\",\"path\":\"/Library/Image Capture/Devices/Brother Scanner.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Image Capture/Devices/Brother Scanner.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Library/Image Capture/Devices/Brother Scanner.app", - "info_string": "2.9.0, \\xC2\\xA9 2007-2016 Brother Industries, Ltd. All Rights Reserved.", - "name": "Brother Scanner.app", - "bundle_short_version": "2.9.0", + "bundle_executable": "Brother Scanner", "bundle_identifier": "com.brother.scanner.ica", - "last_opened_time": "-1.0", "bundle_name": "Brother Scanner", - "bundle_executable": "Brother Scanner", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "272" + "bundle_short_version": "2.9.0", + "bundle_version": "272", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "2.9.0, \\xC2\\xA9 2007-2016 Brother Industries, Ltd. All Rights Reserved.", + "last_opened_time": "-1.0", + "name": "Brother Scanner.app", + "path": "/Library/Image Capture/Devices/Brother Scanner.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Brother Scanner\",\"bundle_identifier\":\"com.brother.scanner.ica\",\"bundle_name\":\"Brother Scanner\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.9.0\",\"bundle_version\":\"272\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"2.9.0, \\\\xC2\\\\xA9 2007-2016 Brother Industries, Ltd. All Rights Reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Brother Scanner.app\",\"path\":\"/Library/Image Capture/Devices/Brother Scanner.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Canon IJScanner2\",\"bundle_identifier\":\"jp.co.canon.ijscanner2.scanner.ica\",\"bundle_name\":\"Canon IJScanner2\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0.0\",\"bundle_version\":\"4.0.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright CANON INC. 2009-2014\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Canon IJScanner2 version 4.0.0, Copyright CANON INC. 2009-2014\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Canon IJScanner2.app\",\"path\":\"/Library/Image Capture/Devices/Canon IJScanner2.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Image Capture/Devices/Canon IJScanner2.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright CANON INC. 2009-2014", - "info_string": "Canon IJScanner2 version 4.0.0, Copyright CANON INC. 2009-2014", - "bundle_short_version": "4.0.0", - "last_opened_time": "-1.0", + "bundle_executable": "Canon IJScanner2", + "bundle_identifier": "jp.co.canon.ijscanner2.scanner.ica", "bundle_name": "Canon IJScanner2", + "bundle_package_type": "APPL", + "bundle_short_version": "4.0.0", "bundle_version": "4.0.0", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright CANON INC. 2009-2014", "development_region": "English", - "path": "/Library/Image Capture/Devices/Canon IJScanner2.app", + "info_string": "Canon IJScanner2 version 4.0.0, Copyright CANON INC. 2009-2014", + "last_opened_time": "-1.0", "name": "Canon IJScanner2.app", - "bundle_identifier": "jp.co.canon.ijscanner2.scanner.ica", - "bundle_executable": "Canon IJScanner2", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/Library/Image Capture/Devices/Canon IJScanner2.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Canon IJScanner2\",\"bundle_identifier\":\"jp.co.canon.ijscanner2.scanner.ica\",\"bundle_name\":\"Canon IJScanner2\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0.0\",\"bundle_version\":\"4.0.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright CANON INC. 2009-2014\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Canon IJScanner2 version 4.0.0, Copyright CANON INC. 2009-2014\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Canon IJScanner2.app\",\"path\":\"/Library/Image Capture/Devices/Canon IJScanner2.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Canon IJScanner4\",\"bundle_identifier\":\"jp.co.canon.ij.ica.scanner4\",\"bundle_name\":\"Canon IJScanner4\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0.0\",\"bundle_version\":\"4.0.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright CANON INC. 2009-2014\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Canon IJScanner4 version 4.0.0, Copyright CANON INC. 2009-2014\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Canon IJScanner4.app\",\"path\":\"/Library/Image Capture/Devices/Canon IJScanner4.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Image Capture/Devices/Canon IJScanner4.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright CANON INC. 2009-2014", - "info_string": "Canon IJScanner4 version 4.0.0, Copyright CANON INC. 2009-2014", - "bundle_short_version": "4.0.0", - "last_opened_time": "-1.0", + "bundle_executable": "Canon IJScanner4", + "bundle_identifier": "jp.co.canon.ij.ica.scanner4", "bundle_name": "Canon IJScanner4", + "bundle_package_type": "APPL", + "bundle_short_version": "4.0.0", "bundle_version": "4.0.0", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright CANON INC. 2009-2014", "development_region": "English", - "path": "/Library/Image Capture/Devices/Canon IJScanner4.app", + "info_string": "Canon IJScanner4 version 4.0.0, Copyright CANON INC. 2009-2014", + "last_opened_time": "-1.0", "name": "Canon IJScanner4.app", - "bundle_identifier": "jp.co.canon.ij.ica.scanner4", - "bundle_executable": "Canon IJScanner4", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/Library/Image Capture/Devices/Canon IJScanner4.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Canon IJScanner4\",\"bundle_identifier\":\"jp.co.canon.ij.ica.scanner4\",\"bundle_name\":\"Canon IJScanner4\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0.0\",\"bundle_version\":\"4.0.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright CANON INC. 2009-2014\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Canon IJScanner4 version 4.0.0, Copyright CANON INC. 2009-2014\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Canon IJScanner4.app\",\"path\":\"/Library/Image Capture/Devices/Canon IJScanner4.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Canon IJScanner6\",\"bundle_identifier\":\"jp.co.canon.ij.ica.scanner6\",\"bundle_name\":\"Canon IJScanner6\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0.0\",\"bundle_version\":\"4.0.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright CANON INC. 2009-2014\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Canon IJScanner6 version 4.0.0, Copyright CANON INC. 2009-2014\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Canon IJScanner6.app\",\"path\":\"/Library/Image Capture/Devices/Canon IJScanner6.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Image Capture/Devices/Canon IJScanner6.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright CANON INC. 2009-2014", - "info_string": "Canon IJScanner6 version 4.0.0, Copyright CANON INC. 2009-2014", - "bundle_short_version": "4.0.0", - "last_opened_time": "-1.0", + "bundle_executable": "Canon IJScanner6", + "bundle_identifier": "jp.co.canon.ij.ica.scanner6", "bundle_name": "Canon IJScanner6", + "bundle_package_type": "APPL", + "bundle_short_version": "4.0.0", "bundle_version": "4.0.0", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright CANON INC. 2009-2014", "development_region": "English", - "path": "/Library/Image Capture/Devices/Canon IJScanner6.app", + "info_string": "Canon IJScanner6 version 4.0.0, Copyright CANON INC. 2009-2014", + "last_opened_time": "-1.0", "name": "Canon IJScanner6.app", - "bundle_identifier": "jp.co.canon.ij.ica.scanner6", - "bundle_executable": "Canon IJScanner6", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/Library/Image Capture/Devices/Canon IJScanner6.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, - "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "epoch": "0", + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Canon IJScanner6\",\"bundle_identifier\":\"jp.co.canon.ij.ica.scanner6\",\"bundle_name\":\"Canon IJScanner6\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0.0\",\"bundle_version\":\"4.0.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright CANON INC. 2009-2014\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Canon IJScanner6 version 4.0.0, Copyright CANON INC. 2009-2014\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Canon IJScanner6.app\",\"path\":\"/Library/Image Capture/Devices/Canon IJScanner6.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"EPSON Scanner\",\"bundle_identifier\":\"com.epson.scanner.ica\",\"bundle_name\":\"EPSON Scanner\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.7.24\",\"bundle_version\":\"5.7.24\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.7.24, Copyright(C) Seiko Epson Corporation 2002-2015 All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"EPSON Scanner.app\",\"path\":\"/Library/Image Capture/Devices/EPSON Scanner.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Image Capture/Devices/EPSON Scanner.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Library/Image Capture/Devices/EPSON Scanner.app", - "info_string": "5.7.24, Copyright(C) Seiko Epson Corporation 2002-2015 All rights reserved.", - "name": "EPSON Scanner.app", - "bundle_short_version": "5.7.24", + "bundle_executable": "EPSON Scanner", "bundle_identifier": "com.epson.scanner.ica", - "last_opened_time": "-1.0", "bundle_name": "EPSON Scanner", - "bundle_executable": "EPSON Scanner", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "5.7.24" + "bundle_short_version": "5.7.24", + "bundle_version": "5.7.24", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "5.7.24, Copyright(C) Seiko Epson Corporation 2002-2015 All rights reserved.", + "last_opened_time": "-1.0", + "name": "EPSON Scanner.app", + "path": "/Library/Image Capture/Devices/EPSON Scanner.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"EPSON Scanner\",\"bundle_identifier\":\"com.epson.scanner.ica\",\"bundle_name\":\"EPSON Scanner\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.7.24\",\"bundle_version\":\"5.7.24\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.7.24, Copyright(C) Seiko Epson Corporation 2002-2015 All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"EPSON Scanner.app\",\"path\":\"/Library/Image Capture/Devices/EPSON Scanner.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirScanLegacyDiscovery\",\"bundle_identifier\":\"com.apple.print.AirScanLegacyDiscovery\",\"bundle_name\":\"AirScanLegacyDiscovery\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13\",\"bundle_version\":\"555\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AirScanLegacyDiscovery.app\",\"path\":\"/Library/Image Capture/Support/LegacyDeviceDiscoveryHelpers/AirScanLegacyDiscovery.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Image Capture/Support/LegacyDeviceDiscoveryHelpers/AirScanLegacyDiscovery.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Library/Image Capture/Support/LegacyDeviceDiscoveryHelpers/AirScanLegacyDiscovery.app", - "name": "AirScanLegacyDiscovery.app", - "bundle_short_version": "13", + "bundle_executable": "AirScanLegacyDiscovery", "bundle_identifier": "com.apple.print.AirScanLegacyDiscovery", - "last_opened_time": "-1.0", "bundle_name": "AirScanLegacyDiscovery", - "bundle_executable": "AirScanLegacyDiscovery", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "555" + "bundle_short_version": "13", + "bundle_version": "555", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "AirScanLegacyDiscovery.app", + "path": "/Library/Image Capture/Support/LegacyDeviceDiscoveryHelpers/AirScanLegacyDiscovery.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirScanLegacyDiscovery\",\"bundle_identifier\":\"com.apple.print.AirScanLegacyDiscovery\",\"bundle_name\":\"AirScanLegacyDiscovery\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13\",\"bundle_version\":\"555\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AirScanLegacyDiscovery.app\",\"path\":\"/Library/Image Capture/Support/LegacyDeviceDiscoveryHelpers/AirScanLegacyDiscovery.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"BrStatusMonitor\",\"bundle_identifier\":\"com.brother.utility.BrStatusMonitor\",\"bundle_name\":\"Brother Status Monitor\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.23.0\",\"bundle_version\":\"470\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2005-2016 Brother Industries, Ltd.\\\\x0AAll Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"BrStatusMonitor\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"BrStatusMonitor.app\",\"path\":\"/Library/Printers/Brother/Utilities/BrStatusMonitor.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Printers/Brother/Utilities/BrStatusMonitor.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "\\xC2\\xA9 2005-2016 Brother Industries, Ltd.\\x0AAll Rights Reserved.", - "bundle_short_version": "3.23.0", - "last_opened_time": "-1.0", + "bundle_executable": "BrStatusMonitor", + "bundle_identifier": "com.brother.utility.BrStatusMonitor", "bundle_name": "Brother Status Monitor", - "display_name": "BrStatusMonitor", + "bundle_package_type": "APPL", + "bundle_short_version": "3.23.0", "bundle_version": "470", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "\\xC2\\xA9 2005-2016 Brother Industries, Ltd.\\x0AAll Rights Reserved.", "development_region": "English", - "path": "/Library/Printers/Brother/Utilities/BrStatusMonitor.app", - "name": "BrStatusMonitor.app", - "bundle_identifier": "com.brother.utility.BrStatusMonitor", + "display_name": "BrStatusMonitor", + "last_opened_time": "-1.0", "minimum_system_version": "10.7", - "bundle_executable": "BrStatusMonitor", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "BrStatusMonitor.app", + "path": "/Library/Printers/Brother/Utilities/BrStatusMonitor.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"BrStatusMonitor\",\"bundle_identifier\":\"com.brother.utility.BrStatusMonitor\",\"bundle_name\":\"Brother Status Monitor\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.23.0\",\"bundle_version\":\"470\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2005-2016 Brother Industries, Ltd.\\\\x0AAll Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"BrStatusMonitor\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"BrStatusMonitor.app\",\"path\":\"/Library/Printers/Brother/Utilities/BrStatusMonitor.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"EPFaxAutoSetupTool\",\"bundle_identifier\":\"com.epson.ijfax.app.EPFaxAutoSetupTool\",\"bundle_name\":\"EPFaxAutoSetupTool\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.71\",\"bundle_version\":\"1.71\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"EPFaxAutoSetupTool.app\",\"path\":\"/Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app", - "info_string": "Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", - "name": "EPFaxAutoSetupTool.app", - "bundle_short_version": "1.71", + "bundle_executable": "EPFaxAutoSetupTool", "bundle_identifier": "com.epson.ijfax.app.EPFaxAutoSetupTool", - "last_opened_time": "-1.0", "bundle_name": "EPFaxAutoSetupTool", - "bundle_executable": "EPFaxAutoSetupTool", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1.71" + "bundle_short_version": "1.71", + "bundle_version": "1.71", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", + "last_opened_time": "-1.0", + "name": "EPFaxAutoSetupTool.app", + "path": "/Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"EPFaxAutoSetupTool\",\"bundle_identifier\":\"com.epson.ijfax.app.EPFaxAutoSetupTool\",\"bundle_name\":\"EPFaxAutoSetupTool\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.71\",\"bundle_version\":\"1.71\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"EPFaxAutoSetupTool.app\",\"path\":\"/Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"epsonfax\",\"bundle_identifier\":\"com.epson.ijfax.app.epsonfax\",\"bundle_name\":\"epsonfax\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.71\",\"bundle_version\":\"1.71\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"epsonfax.app\",\"path\":\"/Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app", - "info_string": "Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", - "name": "epsonfax.app", - "bundle_short_version": "1.71", + "bundle_executable": "epsonfax", "bundle_identifier": "com.epson.ijfax.app.epsonfax", - "last_opened_time": "-1.0", "bundle_name": "epsonfax", - "bundle_executable": "epsonfax", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1.71" + "bundle_short_version": "1.71", + "bundle_version": "1.71", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", + "last_opened_time": "-1.0", + "name": "epsonfax.app", + "path": "/Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"epsonfax\",\"bundle_identifier\":\"com.epson.ijfax.app.epsonfax\",\"bundle_name\":\"epsonfax\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.71\",\"bundle_version\":\"1.71\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"epsonfax.app\",\"path\":\"/Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"commandFilter\",\"bundle_identifier\":\"com.epson.ijfax.filter.commandFilter\",\"bundle_name\":\"commandFilter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.71\",\"bundle_version\":\"1.71\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Copyright(C) Seiko Epson Corporation 2012-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"commandFilter.app\",\"path\":\"/Library/Printers/EPSON/Fax/Filter/commandFilter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Printers/EPSON/Fax/Filter/commandFilter.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Library/Printers/EPSON/Fax/Filter/commandFilter.app", - "info_string": "Copyright(C) Seiko Epson Corporation 2012-2015. All rights reserved.", - "name": "commandFilter.app", - "bundle_short_version": "1.71", + "bundle_executable": "commandFilter", "bundle_identifier": "com.epson.ijfax.filter.commandFilter", - "last_opened_time": "-1.0", "bundle_name": "commandFilter", - "bundle_executable": "commandFilter", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1.71" + "bundle_short_version": "1.71", + "bundle_version": "1.71", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "Copyright(C) Seiko Epson Corporation 2012-2015. All rights reserved.", + "last_opened_time": "-1.0", + "name": "commandFilter.app", + "path": "/Library/Printers/EPSON/Fax/Filter/commandFilter.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"commandFilter\",\"bundle_identifier\":\"com.epson.ijfax.filter.commandFilter\",\"bundle_name\":\"commandFilter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.71\",\"bundle_version\":\"1.71\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Copyright(C) Seiko Epson Corporation 2012-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"commandFilter.app\",\"path\":\"/Library/Printers/EPSON/Fax/Filter/commandFilter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"rastertoepfax\",\"bundle_identifier\":\"com.epson.ijfax.filter.rastertoepfax\",\"bundle_name\":\"rastertoepfax\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.71\",\"bundle_version\":\"1.71\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"rastertoepfax.app\",\"path\":\"/Library/Printers/EPSON/Fax/Filter/rastertoepfax.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Printers/EPSON/Fax/Filter/rastertoepfax.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Library/Printers/EPSON/Fax/Filter/rastertoepfax.app", - "info_string": "Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", - "name": "rastertoepfax.app", - "bundle_short_version": "1.71", + "bundle_executable": "rastertoepfax", "bundle_identifier": "com.epson.ijfax.filter.rastertoepfax", - "last_opened_time": "-1.0", "bundle_name": "rastertoepfax", - "bundle_executable": "rastertoepfax", "bundle_package_type": "APPL", - "bundle_version": "1.71" + "bundle_short_version": "1.71", + "bundle_version": "1.71", + "development_region": "English", + "info_string": "Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", + "last_opened_time": "-1.0", + "name": "rastertoepfax.app", + "path": "/Library/Printers/EPSON/Fax/Filter/rastertoepfax.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"rastertoepfax\",\"bundle_identifier\":\"com.epson.ijfax.filter.rastertoepfax\",\"bundle_name\":\"rastertoepfax\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.71\",\"bundle_version\":\"1.71\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"rastertoepfax.app\",\"path\":\"/Library/Printers/EPSON/Fax/Filter/rastertoepfax.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"FAX Utility\",\"bundle_identifier\":\"com.epson.ijfax.utility.FAXUtility\",\"bundle_name\":\"FAX Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.73\",\"bundle_version\":\"1.73\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"1.73, Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"FAX Utility.app\",\"path\":\"/Library/Printers/EPSON/Fax/Utility/FAX Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Printers/EPSON/Fax/Utility/FAX Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", - "info_string": "1.73, Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", - "bundle_short_version": "1.73", - "last_opened_time": "-1.0", + "bundle_executable": "FAX Utility", + "bundle_identifier": "com.epson.ijfax.utility.FAXUtility", "bundle_name": "FAX Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "1.73", "bundle_version": "1.73", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", "development_region": "English", - "path": "/Library/Printers/EPSON/Fax/Utility/FAX Utility.app", + "info_string": "1.73, Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", + "last_opened_time": "-1.0", "name": "FAX Utility.app", - "bundle_identifier": "com.epson.ijfax.utility.FAXUtility", - "bundle_executable": "FAX Utility", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/Library/Printers/EPSON/Fax/Utility/FAX Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"FAX Utility\",\"bundle_identifier\":\"com.epson.ijfax.utility.FAXUtility\",\"bundle_name\":\"FAX Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.73\",\"bundle_version\":\"1.73\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"1.73, Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"FAX Utility.app\",\"path\":\"/Library/Printers/EPSON/Fax/Utility/FAX Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Fax Receive Monitor\",\"bundle_identifier\":\"com.epson.ijfax.app.FaxReceiveMonitor\",\"bundle_name\":\"Fax Receive Monitor\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.71\",\"bundle_version\":\"1.71\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"1.71, Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Fax Receive Monitor.app\",\"path\":\"/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", - "info_string": "1.71, Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", - "bundle_short_version": "1.71", - "last_opened_time": "-1.0", + "bundle_executable": "Fax Receive Monitor", + "bundle_identifier": "com.epson.ijfax.app.FaxReceiveMonitor", "bundle_name": "Fax Receive Monitor", + "bundle_package_type": "APPL", + "bundle_short_version": "1.71", "bundle_version": "1.71", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", "development_region": "English", - "path": "/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app", + "info_string": "1.71, Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.", + "last_opened_time": "-1.0", "name": "Fax Receive Monitor.app", - "bundle_identifier": "com.epson.ijfax.app.FaxReceiveMonitor", - "bundle_executable": "Fax Receive Monitor", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Fax Receive Monitor\",\"bundle_identifier\":\"com.epson.ijfax.app.FaxReceiveMonitor\",\"bundle_name\":\"Fax Receive Monitor\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.71\",\"bundle_version\":\"1.71\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"1.71, Copyright(C) Seiko Epson Corporation 2009-2015. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Fax Receive Monitor.app\",\"path\":\"/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Embed\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Embed.app\",\"path\":\"/Library/Scripts/ColorSync/Embed.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Scripts/ColorSync/Embed.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { + "bundle_executable": "droplet", + "bundle_name": "Embed", + "bundle_package_type": "APPL", "development_region": "English", - "path": "/Library/Scripts/ColorSync/Embed.app", - "name": "Embed.app", "last_opened_time": "-1.0", - "bundle_name": "Embed", - "bundle_executable": "droplet", - "bundle_package_type": "APPL" + "name": "Embed.app", + "path": "/Library/Scripts/ColorSync/Embed.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Embed\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Embed.app\",\"path\":\"/Library/Scripts/ColorSync/Embed.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Extract\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Extract.app\",\"path\":\"/Library/Scripts/ColorSync/Extract.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Scripts/ColorSync/Extract.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { + "bundle_executable": "droplet", + "bundle_name": "Extract", + "bundle_package_type": "APPL", "development_region": "English", - "path": "/Library/Scripts/ColorSync/Extract.app", - "name": "Extract.app", "last_opened_time": "-1.0", - "bundle_name": "Extract", - "bundle_executable": "droplet", - "bundle_package_type": "APPL" + "name": "Extract.app", + "path": "/Library/Scripts/ColorSync/Extract.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Extract\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Extract.app\",\"path\":\"/Library/Scripts/ColorSync/Extract.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Match\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Match.app\",\"path\":\"/Library/Scripts/ColorSync/Match.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Scripts/ColorSync/Match.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { + "bundle_executable": "droplet", + "bundle_name": "Match", + "bundle_package_type": "APPL", "development_region": "English", - "path": "/Library/Scripts/ColorSync/Match.app", - "name": "Match.app", "last_opened_time": "-1.0", - "bundle_name": "Match", - "bundle_executable": "droplet", - "bundle_package_type": "APPL" + "name": "Match.app", + "path": "/Library/Scripts/ColorSync/Match.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Match\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Match.app\",\"path\":\"/Library/Scripts/ColorSync/Match.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Proof\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Proof.app\",\"path\":\"/Library/Scripts/ColorSync/Proof.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Scripts/ColorSync/Proof.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { + "bundle_executable": "droplet", + "bundle_name": "Proof", + "bundle_package_type": "APPL", "development_region": "English", - "path": "/Library/Scripts/ColorSync/Proof.app", - "name": "Proof.app", "last_opened_time": "-1.0", - "bundle_name": "Proof", - "bundle_executable": "droplet", - "bundle_package_type": "APPL" + "name": "Proof.app", + "path": "/Library/Scripts/ColorSync/Proof.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Proof\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Proof.app\",\"path\":\"/Library/Scripts/ColorSync/Proof.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Remove\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Remove.app\",\"path\":\"/Library/Scripts/ColorSync/Remove.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Scripts/ColorSync/Remove.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { + "bundle_executable": "droplet", + "bundle_name": "Remove", + "bundle_package_type": "APPL", "development_region": "English", - "path": "/Library/Scripts/ColorSync/Remove.app", - "name": "Remove.app", "last_opened_time": "-1.0", - "bundle_name": "Remove", - "bundle_executable": "droplet", - "bundle_package_type": "APPL" + "name": "Remove.app", + "path": "/Library/Scripts/ColorSync/Remove.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Remove\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Remove.app\",\"path\":\"/Library/Scripts/ColorSync/Remove.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Rename\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Rename.app\",\"path\":\"/Library/Scripts/ColorSync/Rename.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Scripts/ColorSync/Rename.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { + "bundle_executable": "droplet", + "bundle_name": "Rename", + "bundle_package_type": "APPL", "development_region": "English", - "path": "/Library/Scripts/ColorSync/Rename.app", - "name": "Rename.app", "last_opened_time": "-1.0", - "bundle_name": "Rename", - "bundle_executable": "droplet", - "bundle_package_type": "APPL" + "name": "Rename.app", + "path": "/Library/Scripts/ColorSync/Rename.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Rename\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Rename.app\",\"path\":\"/Library/Scripts/ColorSync/Rename.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Set Info\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Set Info.app\",\"path\":\"/Library/Scripts/ColorSync/Set Info.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Scripts/ColorSync/Set Info.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { + "bundle_executable": "droplet", + "bundle_name": "Set Info", + "bundle_package_type": "APPL", "development_region": "English", - "path": "/Library/Scripts/ColorSync/Set Info.app", - "name": "Set Info.app", "last_opened_time": "-1.0", - "bundle_name": "Set Info", - "bundle_executable": "droplet", - "bundle_package_type": "APPL" + "name": "Set Info.app", + "path": "/Library/Scripts/ColorSync/Set Info.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Set Info\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Set Info.app\",\"path\":\"/Library/Scripts/ColorSync/Set Info.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Show Info\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Show Info.app\",\"path\":\"/Library/Scripts/ColorSync/Show Info.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Scripts/ColorSync/Show Info.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { + "bundle_executable": "droplet", + "bundle_name": "Show Info", + "bundle_package_type": "APPL", "development_region": "English", - "path": "/Library/Scripts/ColorSync/Show Info.app", - "name": "Show Info.app", "last_opened_time": "-1.0", - "bundle_name": "Show Info", - "bundle_executable": "droplet", - "bundle_package_type": "APPL" + "name": "Show Info.app", + "path": "/Library/Scripts/ColorSync/Show Info.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"droplet\",\"bundle_identifier\":\"\",\"bundle_name\":\"Show Info\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Show Info.app\",\"path\":\"/Library/Scripts/ColorSync/Show Info.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"GPGServices\",\"bundle_identifier\":\"org.gpgtools.gpgservices\",\"bundle_name\":\"GPGServices\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.11.2\",\"bundle_version\":\"969\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"GPGServices\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"GPGServices.service\",\"path\":\"/Library/Services/GPGServices.service\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Library/Services/GPGServices.service" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/Library/Services/GPGServices.service", - "name": "GPGServices.service", - "bundle_short_version": "1.11.2", + "bundle_executable": "GPGServices", "bundle_identifier": "org.gpgtools.gpgservices", - "last_opened_time": "-1.0", "bundle_name": "GPGServices", - "display_name": "GPGServices", - "bundle_executable": "GPGServices", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "969" + "bundle_short_version": "1.11.2", + "bundle_version": "969", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "display_name": "GPGServices", + "last_opened_time": "-1.0", + "name": "GPGServices.service", + "path": "/Library/Services/GPGServices.service" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"GPGServices\",\"bundle_identifier\":\"org.gpgtools.gpgservices\",\"bundle_name\":\"GPGServices\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.11.2\",\"bundle_version\":\"969\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"GPGServices\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"GPGServices.service\",\"path\":\"/Library/Services/GPGServices.service\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Display Calibrator\",\"bundle_identifier\":\"com.apple.ColorSyncCalibrator\",\"bundle_name\":\"Display Calibrator\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.10.0\",\"bundle_version\":\"4.10.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"4.10.0, Copyright 2014 Apple Computer, Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Display Calibrator.app\",\"path\":\"/System/Library/ColorSync/Calibrators/Display Calibrator.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/ColorSync/Calibrators/Display Calibrator.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/ColorSync/Calibrators/Display Calibrator.app", - "info_string": "4.10.0, Copyright 2014 Apple Computer, Inc.", - "name": "Display Calibrator.app", - "bundle_short_version": "4.10.0", + "bundle_executable": "Display Calibrator", "bundle_identifier": "com.apple.ColorSyncCalibrator", - "last_opened_time": "-1.0", "bundle_name": "Display Calibrator", - "bundle_executable": "Display Calibrator", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "4.10.0" + "bundle_short_version": "4.10.0", + "bundle_version": "4.10.0", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "4.10.0, Copyright 2014 Apple Computer, Inc.", + "last_opened_time": "-1.0", + "name": "Display Calibrator.app", + "path": "/System/Library/ColorSync/Calibrators/Display Calibrator.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Display Calibrator\",\"bundle_identifier\":\"com.apple.ColorSyncCalibrator\",\"bundle_name\":\"Display Calibrator\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.10.0\",\"bundle_version\":\"4.10.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"4.10.0, Copyright 2014 Apple Computer, Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Display Calibrator.app\",\"path\":\"/System/Library/ColorSync/Calibrators/Display Calibrator.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AVB Audio Configuration\",\"bundle_identifier\":\"com.apple.AVB-Audio-Configuration\",\"bundle_name\":\"AVB Audio Configuration\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AVB Audio Configuration.app\",\"path\":\"/System/Library/CoreServices/AVB Audio Configuration.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:54.000Z", "file": { "path": "/System/Library/CoreServices/AVB Audio Configuration.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "AVB Audio Configuration", + "bundle_identifier": "com.apple.AVB-Audio-Configuration", "bundle_name": "AVB Audio Configuration", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/AVB Audio Configuration.app", - "name": "AVB Audio Configuration.app", - "bundle_identifier": "com.apple.AVB-Audio-Configuration", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AVB Audio Configuration", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "AVB Audio Configuration.app", + "path": "/System/Library/CoreServices/AVB Audio Configuration.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AVB Audio Configuration\",\"bundle_identifier\":\"com.apple.AVB-Audio-Configuration\",\"bundle_name\":\"AVB Audio Configuration\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AVB Audio Configuration.app\",\"path\":\"/System/Library/CoreServices/AVB Audio Configuration.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AddPrinter\",\"bundle_identifier\":\"com.apple.print.add\",\"bundle_name\":\"AddPrinter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13\",\"bundle_version\":\"555\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2007, Apple Inc., All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AddPrinter.app\",\"path\":\"/System/Library/CoreServices/AddPrinter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/AddPrinter.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 1995-2007, Apple Inc., All Rights Reserved.", - "bundle_short_version": "13", - "last_opened_time": "-1.0", + "bundle_executable": "AddPrinter", + "bundle_identifier": "com.apple.print.add", "bundle_name": "AddPrinter", + "bundle_package_type": "APPL", + "bundle_short_version": "13", "bundle_version": "555", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 1995-2007, Apple Inc., All Rights Reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/AddPrinter.app", + "element": "1", + "last_opened_time": "-1.0", "name": "AddPrinter.app", - "bundle_identifier": "com.apple.print.add", - "bundle_executable": "AddPrinter", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/AddPrinter.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AddPrinter\",\"bundle_identifier\":\"com.apple.print.add\",\"bundle_name\":\"AddPrinter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13\",\"bundle_version\":\"555\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2007, Apple Inc., All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AddPrinter.app\",\"path\":\"/System/Library/CoreServices/AddPrinter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AddressBookUrlForwarder\",\"bundle_identifier\":\"com.apple.AddressBook.UrlForwarder\",\"bundle_name\":\"AddressBookUrlForwarder\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AddressBookUrlForwarder.app\",\"path\":\"/System/Library/CoreServices/AddressBookUrlForwarder.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/AddressBookUrlForwarder.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/AddressBookUrlForwarder.app", - "name": "AddressBookUrlForwarder.app", - "bundle_short_version": "11.0", + "bundle_executable": "AddressBookUrlForwarder", "bundle_identifier": "com.apple.AddressBook.UrlForwarder", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "AddressBookUrlForwarder", - "bundle_executable": "AddressBookUrlForwarder", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1806" + "bundle_short_version": "11.0", + "bundle_version": "1806", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "AddressBookUrlForwarder.app", + "path": "/System/Library/CoreServices/AddressBookUrlForwarder.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AddressBookUrlForwarder\",\"bundle_identifier\":\"com.apple.AddressBook.UrlForwarder\",\"bundle_name\":\"AddressBookUrlForwarder\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AddressBookUrlForwarder.app\",\"path\":\"/System/Library/CoreServices/AddressBookUrlForwarder.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirPlayUIAgent\",\"bundle_identifier\":\"com.apple.AirPlayUIAgent\",\"bundle_name\":\"AirPlayUIAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0\",\"bundle_version\":\"352.16.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AirPlayUIAgent.app\",\"path\":\"/System/Library/CoreServices/AirPlayUIAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/AirPlayUIAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", - "bundle_short_version": "2.0", - "last_opened_time": "-1.0", + "bundle_executable": "AirPlayUIAgent", + "bundle_identifier": "com.apple.AirPlayUIAgent", "bundle_name": "AirPlayUIAgent", + "bundle_package_type": "APPL", + "bundle_short_version": "2.0", "bundle_version": "352.16.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/AirPlayUIAgent.app", - "name": "AirPlayUIAgent.app", - "bundle_identifier": "com.apple.AirPlayUIAgent", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AirPlayUIAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "AirPlayUIAgent.app", + "path": "/System/Library/CoreServices/AirPlayUIAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirPlayUIAgent\",\"bundle_identifier\":\"com.apple.AirPlayUIAgent\",\"bundle_name\":\"AirPlayUIAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0\",\"bundle_version\":\"352.16.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AirPlayUIAgent.app\",\"path\":\"/System/Library/CoreServices/AirPlayUIAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirPort Base Station Agent\",\"bundle_identifier\":\"com.apple.AirPortBaseStationAgent\",\"bundle_name\":\"AirPort Base Station Agent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.2.1\",\"bundle_version\":\"221.6\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"AirPort Base Station Agent\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"2.2.1 (221.6), Copyright \\\\xC2\\\\xA9 2006-2013 Apple Inc. All Rights Reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AirPort Base Station Agent.app\",\"path\":\"/System/Library/CoreServices/AirPort Base Station Agent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/AirPort Base Station Agent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "2.2.1 (221.6), Copyright \\xC2\\xA9 2006-2013 Apple Inc. All Rights Reserved.", - "bundle_short_version": "2.2.1", - "last_opened_time": "-1.0", + "bundle_executable": "AirPort Base Station Agent", + "bundle_identifier": "com.apple.AirPortBaseStationAgent", "bundle_name": "AirPort Base Station Agent", - "display_name": "AirPort Base Station Agent", + "bundle_package_type": "APPL", + "bundle_short_version": "2.2.1", "bundle_version": "221.6", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/AirPort Base Station Agent.app", + "display_name": "AirPort Base Station Agent", + "element": "1", + "info_string": "2.2.1 (221.6), Copyright \\xC2\\xA9 2006-2013 Apple Inc. All Rights Reserved.", + "last_opened_time": "-1.0", "name": "AirPort Base Station Agent.app", - "bundle_identifier": "com.apple.AirPortBaseStationAgent", - "bundle_executable": "AirPort Base Station Agent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/AirPort Base Station Agent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirPort Base Station Agent\",\"bundle_identifier\":\"com.apple.AirPortBaseStationAgent\",\"bundle_name\":\"AirPort Base Station Agent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.2.1\",\"bundle_version\":\"221.6\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"AirPort Base Station Agent\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"2.2.1 (221.6), Copyright \\\\xC2\\\\xA9 2006-2013 Apple Inc. All Rights Reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AirPort Base Station Agent.app\",\"path\":\"/System/Library/CoreServices/AirPort Base Station Agent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AppleFileServer\",\"bundle_identifier\":\"com.apple.AppleFileServer\",\"bundle_name\":\"AppleFileServer\",\"bundle_package_type\":\"FMWK\",\"bundle_short_version\":\"2.1\",\"bundle_version\":\"1.0\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AppleFileServer.app\",\"path\":\"/System/Library/CoreServices/AppleFileServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/AppleFileServer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/AppleFileServer.app", - "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", - "name": "AppleFileServer.app", - "bundle_short_version": "2.1", + "bundle_executable": "AppleFileServer", "bundle_identifier": "com.apple.AppleFileServer", - "last_opened_time": "-1.0", "bundle_name": "AppleFileServer", - "bundle_executable": "AppleFileServer", "bundle_package_type": "FMWK", - "bundle_version": "1.0" + "bundle_short_version": "2.1", + "bundle_version": "1.0", + "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "AppleFileServer.app", + "path": "/System/Library/CoreServices/AppleFileServer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AppleFileServer\",\"bundle_identifier\":\"com.apple.AppleFileServer\",\"bundle_name\":\"AppleFileServer\",\"bundle_package_type\":\"FMWK\",\"bundle_short_version\":\"2.1\",\"bundle_version\":\"1.0\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AppleFileServer.app\",\"path\":\"/System/Library/CoreServices/AppleFileServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AppleGraphicsWarning\",\"bundle_identifier\":\"com.apple.AppleGraphicsWarning\",\"bundle_name\":\"AppleGraphicsWarning\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.3.0\",\"bundle_version\":\"2.3.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright Apple Inc., 2008-2014\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Version 2.3.0, Copyright Apple Inc., 2008-2014\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AppleGraphicsWarning.app\",\"path\":\"/System/Library/CoreServices/AppleGraphicsWarning.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/AppleGraphicsWarning.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright Apple Inc., 2008-2014", - "info_string": "Version 2.3.0, Copyright Apple Inc., 2008-2014", - "bundle_short_version": "2.3.0", - "last_opened_time": "-1.0", + "bundle_executable": "AppleGraphicsWarning", + "bundle_identifier": "com.apple.AppleGraphicsWarning", "bundle_name": "AppleGraphicsWarning", + "bundle_package_type": "APPL", + "bundle_short_version": "2.3.0", "bundle_version": "2.3.0", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright Apple Inc., 2008-2014", "development_region": "English", - "path": "/System/Library/CoreServices/AppleGraphicsWarning.app", + "element": "1", + "info_string": "Version 2.3.0, Copyright Apple Inc., 2008-2014", + "last_opened_time": "-1.0", "name": "AppleGraphicsWarning.app", - "bundle_identifier": "com.apple.AppleGraphicsWarning", - "bundle_executable": "AppleGraphicsWarning", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/AppleGraphicsWarning.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AppleGraphicsWarning\",\"bundle_identifier\":\"com.apple.AppleGraphicsWarning\",\"bundle_name\":\"AppleGraphicsWarning\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.3.0\",\"bundle_version\":\"2.3.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright Apple Inc., 2008-2014\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Version 2.3.0, Copyright Apple Inc., 2008-2014\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AppleGraphicsWarning.app\",\"path\":\"/System/Library/CoreServices/AppleGraphicsWarning.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"AppleScript Utility\",\"bundle_identifier\":\"com.apple.AppleScriptUtility\",\"bundle_name\":\"AppleScript Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.1.2\",\"bundle_version\":\"37\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AppleScript Utility.app\",\"path\":\"/System/Library/CoreServices/AppleScript Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/AppleScript Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "development_region": "English", - "path": "/System/Library/CoreServices/AppleScript Utility.app", - "name": "AppleScript Utility.app", - "bundle_short_version": "1.1.2", + "bundle_executable": "AppleScript Utility", "bundle_identifier": "com.apple.AppleScriptUtility", - "last_opened_time": "-1.0", "bundle_name": "AppleScript Utility", - "bundle_executable": "AppleScript Utility", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "37" + "bundle_short_version": "1.1.2", + "bundle_version": "37", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "AppleScript Utility.app", + "path": "/System/Library/CoreServices/AppleScript Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"AppleScript Utility\",\"bundle_identifier\":\"com.apple.AppleScriptUtility\",\"bundle_name\":\"AppleScript Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.1.2\",\"bundle_version\":\"37\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AppleScript Utility.app\",\"path\":\"/System/Library/CoreServices/AppleScript Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"About This Mac\",\"bundle_identifier\":\"com.apple.AboutThisMacLauncher\",\"bundle_name\":\"About This Mac\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"About This Mac\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"About This Mac.app\",\"path\":\"/System/Library/CoreServices/Applications/About This Mac.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/About This Mac.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "About This Mac", + "bundle_identifier": "com.apple.AboutThisMacLauncher", "bundle_name": "About This Mac", - "display_name": "About This Mac", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Applications/About This Mac.app", - "name": "About This Mac.app", - "bundle_identifier": "com.apple.AboutThisMacLauncher", + "display_name": "About This Mac", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "About This Mac", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "About This Mac.app", + "path": "/System/Library/CoreServices/Applications/About This Mac.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"About This Mac\",\"bundle_identifier\":\"com.apple.AboutThisMacLauncher\",\"bundle_name\":\"About This Mac\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"About This Mac\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"About This Mac.app\",\"path\":\"/System/Library/CoreServices/Applications/About This Mac.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Archive Utility\",\"bundle_identifier\":\"com.apple.archiveutility\",\"bundle_name\":\"Archive Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.10\",\"bundle_version\":\"81\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2003-2014 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"Archive Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1511347035.3749\",\"minimum_system_version\":\"\",\"name\":\"Archive Utility.app\",\"path\":\"/System/Library/CoreServices/Applications/Archive Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/Archive Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "\\xC2\\xA9 2003-2014 Apple Inc. All Rights Reserved.", - "bundle_short_version": "10.10", - "last_opened_time": "1511347035.3749", + "bundle_executable": "Archive Utility", + "bundle_identifier": "com.apple.archiveutility", "bundle_name": "Archive Utility", - "display_name": "Archive Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "10.10", "bundle_version": "81", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "\\xC2\\xA9 2003-2014 Apple Inc. All Rights Reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/Applications/Archive Utility.app", + "display_name": "Archive Utility", + "last_opened_time": "1511347035.3749", "name": "Archive Utility.app", - "bundle_identifier": "com.apple.archiveutility", - "bundle_executable": "Archive Utility", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/System/Library/CoreServices/Applications/Archive Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Archive Utility\",\"bundle_identifier\":\"com.apple.archiveutility\",\"bundle_name\":\"Archive Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.10\",\"bundle_version\":\"81\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\\\\xC2\\\\xA9 2003-2014 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"Archive Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1511347035.3749\",\"minimum_system_version\":\"\",\"name\":\"Archive Utility.app\",\"path\":\"/System/Library/CoreServices/Applications/Archive Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Directory Utility\",\"bundle_identifier\":\"com.apple.DirectoryUtility\",\"bundle_name\":\"Directory Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"412\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Directory Utility.app\",\"path\":\"/System/Library/CoreServices/Applications/Directory Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/Directory Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/Applications/Directory Utility.app", - "name": "Directory Utility.app", - "bundle_short_version": "5.0", + "bundle_executable": "Directory Utility", "bundle_identifier": "com.apple.DirectoryUtility", - "last_opened_time": "-1.0", "bundle_name": "Directory Utility", - "bundle_executable": "Directory Utility", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "412" + "bundle_short_version": "5.0", + "bundle_version": "412", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "Directory Utility.app", + "path": "/System/Library/CoreServices/Applications/Directory Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Directory Utility\",\"bundle_identifier\":\"com.apple.DirectoryUtility\",\"bundle_name\":\"Directory Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"412\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Directory Utility.app\",\"path\":\"/System/Library/CoreServices/Applications/Directory Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Feedback Assistant\",\"bundle_identifier\":\"com.apple.appleseed.FeedbackAssistant\",\"bundle_name\":\"Feedback Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.5\",\"bundle_version\":\"329\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Feedback Assistant\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Feedback Assistant.app\",\"path\":\"/System/Library/CoreServices/Applications/Feedback Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/Feedback Assistant.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", - "bundle_short_version": "4.5", - "last_opened_time": "-1.0", + "bundle_executable": "Feedback Assistant", + "bundle_identifier": "com.apple.appleseed.FeedbackAssistant", "bundle_name": "Feedback Assistant", - "display_name": "Feedback Assistant", + "bundle_package_type": "APPL", + "bundle_short_version": "4.5", "bundle_version": "329", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Applications/Feedback Assistant.app", - "name": "Feedback Assistant.app", - "bundle_identifier": "com.apple.appleseed.FeedbackAssistant", + "display_name": "Feedback Assistant", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Feedback Assistant", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Feedback Assistant.app", + "path": "/System/Library/CoreServices/Applications/Feedback Assistant.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Feedback Assistant\",\"bundle_identifier\":\"com.apple.appleseed.FeedbackAssistant\",\"bundle_name\":\"Feedback Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.5\",\"bundle_version\":\"329\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Feedback Assistant\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Feedback Assistant.app\",\"path\":\"/System/Library/CoreServices/Applications/Feedback Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Folder Actions Setup\",\"bundle_identifier\":\"com.apple.FolderActionsSetup\",\"bundle_name\":\"Folder Actions Setup\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.2\",\"bundle_version\":\"27\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"Folder Actions Setup\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Folder Actions Setup.app\",\"path\":\"/System/Library/CoreServices/Applications/Folder Actions Setup.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/Folder Actions Setup.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "1.2", - "last_opened_time": "-1.0", + "bundle_executable": "Folder Actions Setup", + "bundle_identifier": "com.apple.FolderActionsSetup", "bundle_name": "Folder Actions Setup", - "display_name": "Folder Actions Setup", + "bundle_package_type": "APPL", + "bundle_short_version": "1.2", "bundle_version": "27", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/Applications/Folder Actions Setup.app", - "name": "Folder Actions Setup.app", - "bundle_identifier": "com.apple.FolderActionsSetup", + "display_name": "Folder Actions Setup", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Folder Actions Setup", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Folder Actions Setup.app", + "path": "/System/Library/CoreServices/Applications/Folder Actions Setup.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Folder Actions Setup\",\"bundle_identifier\":\"com.apple.FolderActionsSetup\",\"bundle_name\":\"Folder Actions Setup\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.2\",\"bundle_version\":\"27\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"Folder Actions Setup\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Folder Actions Setup.app\",\"path\":\"/System/Library/CoreServices/Applications/Folder Actions Setup.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Network Utility\",\"bundle_identifier\":\"com.apple.NetworkUtility\",\"bundle_name\":\"Network Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.9.2\",\"bundle_version\":\"114\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"1.9.2, Copyright \\\\xC2\\\\xA9 2000-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Network Utility.app\",\"path\":\"/System/Library/CoreServices/Applications/Network Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/Network Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "1.9.2, Copyright \\xC2\\xA9 2000-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "1.9.2", - "last_opened_time": "-1.0", + "bundle_executable": "Network Utility", + "bundle_identifier": "com.apple.NetworkUtility", "bundle_name": "Network Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "1.9.2", "bundle_version": "114", - "development_region": "English", - "path": "/System/Library/CoreServices/Applications/Network Utility.app", - "name": "Network Utility.app", - "bundle_identifier": "com.apple.NetworkUtility", - "minimum_system_version": "10.13", - "bundle_executable": "Network Utility", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "info_string": "1.9.2, Copyright \\xC2\\xA9 2000-2017 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Network Utility.app", + "path": "/System/Library/CoreServices/Applications/Network Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Network Utility\",\"bundle_identifier\":\"com.apple.NetworkUtility\",\"bundle_name\":\"Network Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.9.2\",\"bundle_version\":\"114\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"1.9.2, Copyright \\\\xC2\\\\xA9 2000-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Network Utility.app\",\"path\":\"/System/Library/CoreServices/Applications/Network Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"RAID Utility\",\"bundle_identifier\":\"com.apple.RAIDUtility\",\"bundle_name\":\"RAID Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0\",\"bundle_version\":\"404\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"RAID Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"RAID Utility 3.0 (404), Copyright \\\\xC2\\\\xA9 2007-2013 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7.0\",\"name\":\"RAID Utility.app\",\"path\":\"/System/Library/CoreServices/Applications/RAID Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/RAID Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "RAID Utility 3.0 (404), Copyright \\xC2\\xA9 2007-2013 Apple Inc.", - "bundle_short_version": "4.0", - "last_opened_time": "-1.0", + "bundle_executable": "RAID Utility", + "bundle_identifier": "com.apple.RAIDUtility", "bundle_name": "RAID Utility", - "display_name": "RAID Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "4.0", "bundle_version": "404", - "development_region": "English", - "path": "/System/Library/CoreServices/Applications/RAID Utility.app", - "name": "RAID Utility.app", - "bundle_identifier": "com.apple.RAIDUtility", - "minimum_system_version": "10.7.0", - "bundle_executable": "RAID Utility", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "RAID Utility", + "info_string": "RAID Utility 3.0 (404), Copyright \\xC2\\xA9 2007-2013 Apple Inc.", + "last_opened_time": "-1.0", + "minimum_system_version": "10.7.0", + "name": "RAID Utility.app", + "path": "/System/Library/CoreServices/Applications/RAID Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"RAID Utility\",\"bundle_identifier\":\"com.apple.RAIDUtility\",\"bundle_name\":\"RAID Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0\",\"bundle_version\":\"404\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"RAID Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"RAID Utility 3.0 (404), Copyright \\\\xC2\\\\xA9 2007-2013 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7.0\",\"name\":\"RAID Utility.app\",\"path\":\"/System/Library/CoreServices/Applications/RAID Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Screen Sharing\",\"bundle_identifier\":\"com.apple.ScreenSharing\",\"bundle_name\":\"Screen Sharing\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.7.1\",\"bundle_version\":\"495.23\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Screen Sharing\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Screen Sharing.app\",\"path\":\"/System/Library/CoreServices/Applications/Screen Sharing.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/Screen Sharing.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "1.7.1", - "last_opened_time": "-1.0", + "bundle_executable": "Screen Sharing", + "bundle_identifier": "com.apple.ScreenSharing", "bundle_name": "Screen Sharing", - "display_name": "Screen Sharing", + "bundle_package_type": "APPL", + "bundle_short_version": "1.7.1", "bundle_version": "495.23", - "development_region": "English", - "path": "/System/Library/CoreServices/Applications/Screen Sharing.app", - "name": "Screen Sharing.app", - "bundle_identifier": "com.apple.ScreenSharing", - "minimum_system_version": "10.13", - "bundle_executable": "Screen Sharing", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "English", + "display_name": "Screen Sharing", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Screen Sharing.app", + "path": "/System/Library/CoreServices/Applications/Screen Sharing.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Screen Sharing\",\"bundle_identifier\":\"com.apple.ScreenSharing\",\"bundle_name\":\"Screen Sharing\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.7.1\",\"bundle_version\":\"495.23\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Screen Sharing\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Screen Sharing.app\",\"path\":\"/System/Library/CoreServices/Applications/Screen Sharing.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Storage Management\",\"bundle_identifier\":\"com.apple.StorageManagementLauncher\",\"bundle_name\":\"Storage Management\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Storage Management\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Storage Management.app\",\"path\":\"/System/Library/CoreServices/Applications/Storage Management.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/Storage Management.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Storage Management", + "bundle_identifier": "com.apple.StorageManagementLauncher", "bundle_name": "Storage Management", - "display_name": "Storage Management", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Applications/Storage Management.app", - "name": "Storage Management.app", - "bundle_identifier": "com.apple.StorageManagementLauncher", + "display_name": "Storage Management", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Storage Management", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Storage Management.app", + "path": "/System/Library/CoreServices/Applications/Storage Management.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Storage Management\",\"bundle_identifier\":\"com.apple.StorageManagementLauncher\",\"bundle_name\":\"Storage Management\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Storage Management\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Storage Management.app\",\"path\":\"/System/Library/CoreServices/Applications/Storage Management.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"System Image Utility\",\"bundle_identifier\":\"com.apple.SystemImageUtility\",\"bundle_name\":\"System Image Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"820\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"System Image Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13.0\",\"name\":\"System Image Utility.app\",\"path\":\"/System/Library/CoreServices/Applications/System Image Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/System Image Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "10.13", - "last_opened_time": "-1.0", + "bundle_executable": "System Image Utility", + "bundle_identifier": "com.apple.SystemImageUtility", "bundle_name": "System Image Utility", - "display_name": "System Image Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "10.13", "bundle_version": "820", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/Applications/System Image Utility.app", - "name": "System Image Utility.app", - "bundle_identifier": "com.apple.SystemImageUtility", + "display_name": "System Image Utility", + "last_opened_time": "-1.0", "minimum_system_version": "10.13.0", - "bundle_executable": "System Image Utility", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "System Image Utility.app", + "path": "/System/Library/CoreServices/Applications/System Image Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"System Image Utility\",\"bundle_identifier\":\"com.apple.SystemImageUtility\",\"bundle_name\":\"System Image Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"820\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"System Image Utility\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13.0\",\"name\":\"System Image Utility.app\",\"path\":\"/System/Library/CoreServices/Applications/System Image Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Wireless Diagnostics\",\"bundle_identifier\":\"com.apple.wifi.diagnostics\",\"bundle_name\":\"Wireless Diagnostics\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"805\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012-2016 Apple Inc.\\\\nAll rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Wireless Diagnostics\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Wireless Diagnostics.app\",\"path\":\"/System/Library/CoreServices/Applications/Wireless Diagnostics.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Applications/Wireless Diagnostics.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012-2016 Apple Inc.\\nAll rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Wireless Diagnostics", + "bundle_identifier": "com.apple.wifi.diagnostics", "bundle_name": "Wireless Diagnostics", - "display_name": "Wireless Diagnostics", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "805", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012-2016 Apple Inc.\\nAll rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Applications/Wireless Diagnostics.app", - "name": "Wireless Diagnostics.app", - "bundle_identifier": "com.apple.wifi.diagnostics", + "display_name": "Wireless Diagnostics", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Wireless Diagnostics", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Wireless Diagnostics.app", + "path": "/System/Library/CoreServices/Applications/Wireless Diagnostics.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Wireless Diagnostics\",\"bundle_identifier\":\"com.apple.wifi.diagnostics\",\"bundle_name\":\"Wireless Diagnostics\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"805\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012-2016 Apple Inc.\\\\nAll rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Wireless Diagnostics\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Wireless Diagnostics.app\",\"path\":\"/System/Library/CoreServices/Applications/Wireless Diagnostics.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Automator Runner\",\"bundle_identifier\":\"com.apple.AutomatorRunner\",\"bundle_name\":\"Automator Runner\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.8\",\"bundle_version\":\"444.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2006\\\\xE2\\\\x80\\\\x932015 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"Automator Runner.app\",\"path\":\"/System/Library/CoreServices/Automator Runner.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Automator Runner.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 2006\\xE2\\x80\\x932015 Apple Inc. All rights reserved.", - "bundle_short_version": "2.8", - "last_opened_time": "-1.0", + "bundle_executable": "Automator Runner", + "bundle_identifier": "com.apple.AutomatorRunner", "bundle_name": "Automator Runner", + "bundle_package_type": "APPL", + "bundle_short_version": "2.8", "bundle_version": "444.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2006\\xE2\\x80\\x932015 Apple Inc. All rights reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/Automator Runner.app", - "name": "Automator Runner.app", - "bundle_identifier": "com.apple.AutomatorRunner", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.7", - "bundle_executable": "Automator Runner", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Automator Runner.app", + "path": "/System/Library/CoreServices/Automator Runner.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Automator Runner\",\"bundle_identifier\":\"com.apple.AutomatorRunner\",\"bundle_name\":\"Automator Runner\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.8\",\"bundle_version\":\"444.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2006\\\\xE2\\\\x80\\\\x932015 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"Automator Runner.app\",\"path\":\"/System/Library/CoreServices/Automator Runner.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Bluetooth Setup Assistant\",\"bundle_identifier\":\"com.apple.BluetoothSetupAssistant\",\"bundle_name\":\"Bluetooth Setup Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.0.0\",\"bundle_version\":\"6.0.1f1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"6.0.0, Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Bluetooth Setup Assistant.app\",\"path\":\"/System/Library/CoreServices/Bluetooth Setup Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Bluetooth Setup Assistant.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "6.0.0, Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "6.0.0", - "last_opened_time": "-1.0", + "bundle_executable": "Bluetooth Setup Assistant", + "bundle_identifier": "com.apple.BluetoothSetupAssistant", "bundle_name": "Bluetooth Setup Assistant", + "bundle_package_type": "APPL", + "bundle_short_version": "6.0.0", "bundle_version": "6.0.1f1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/Bluetooth Setup Assistant.app", - "name": "Bluetooth Setup Assistant.app", - "bundle_identifier": "com.apple.BluetoothSetupAssistant", + "info_string": "6.0.0, Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Bluetooth Setup Assistant", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Bluetooth Setup Assistant.app", + "path": "/System/Library/CoreServices/Bluetooth Setup Assistant.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Bluetooth Setup Assistant\",\"bundle_identifier\":\"com.apple.BluetoothSetupAssistant\",\"bundle_name\":\"Bluetooth Setup Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.0.0\",\"bundle_version\":\"6.0.1f1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"6.0.0, Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Bluetooth Setup Assistant.app\",\"path\":\"/System/Library/CoreServices/Bluetooth Setup Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"BluetoothUIServer\",\"bundle_identifier\":\"com.apple.BluetoothUIServer\",\"bundle_name\":\"BluetoothUIServer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.0.0\",\"bundle_version\":\"6.0.1f1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"6.0.0, Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"BluetoothUIServer.app\",\"path\":\"/System/Library/CoreServices/BluetoothUIServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/BluetoothUIServer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", - "info_string": "6.0.0, Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "6.0.0", - "last_opened_time": "-1.0", + "bundle_executable": "BluetoothUIServer", + "bundle_identifier": "com.apple.BluetoothUIServer", "bundle_name": "BluetoothUIServer", + "bundle_package_type": "APPL", + "bundle_short_version": "6.0.0", "bundle_version": "6.0.1f1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/BluetoothUIServer.app", - "name": "BluetoothUIServer.app", - "bundle_identifier": "com.apple.BluetoothUIServer", + "element": "1", + "info_string": "6.0.0, Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "BluetoothUIServer", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "BluetoothUIServer.app", + "path": "/System/Library/CoreServices/BluetoothUIServer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"BluetoothUIServer\",\"bundle_identifier\":\"com.apple.BluetoothUIServer\",\"bundle_name\":\"BluetoothUIServer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.0.0\",\"bundle_version\":\"6.0.1f1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"6.0.0, Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"BluetoothUIServer.app\",\"path\":\"/System/Library/CoreServices/BluetoothUIServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CalendarFileHandler\",\"bundle_identifier\":\"com.apple.CalendarFileHandler\",\"bundle_name\":\"Calendar / Reminders\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.0\",\"bundle_version\":\"133\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"CalendarFileHandler.app\",\"path\":\"/System/Library/CoreServices/CalendarFileHandler.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/CalendarFileHandler.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012 Apple, Inc. All rights reserved.", - "bundle_short_version": "8.0", - "last_opened_time": "-1.0", + "bundle_executable": "CalendarFileHandler", + "bundle_identifier": "com.apple.CalendarFileHandler", "bundle_name": "Calendar / Reminders", + "bundle_package_type": "APPL", + "bundle_short_version": "8.0", "bundle_version": "133", - "development_region": "en", - "path": "/System/Library/CoreServices/CalendarFileHandler.app", - "name": "CalendarFileHandler.app", - "bundle_identifier": "com.apple.CalendarFileHandler", - "minimum_system_version": "10.13", - "bundle_executable": "CalendarFileHandler", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "copyright": "Copyright \\xC2\\xA9 2012 Apple, Inc. All rights reserved.", + "development_region": "en", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "CalendarFileHandler.app", + "path": "/System/Library/CoreServices/CalendarFileHandler.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CalendarFileHandler\",\"bundle_identifier\":\"com.apple.CalendarFileHandler\",\"bundle_name\":\"Calendar / Reminders\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.0\",\"bundle_version\":\"133\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"CalendarFileHandler.app\",\"path\":\"/System/Library/CoreServices/CalendarFileHandler.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Captive Network Assistant\",\"bundle_identifier\":\"com.apple.CaptiveNetworkAssistant\",\"bundle_name\":\"Captive Network Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"5.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Captive Network Assistant.app\",\"path\":\"/System/Library/CoreServices/Captive Network Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Captive Network Assistant.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "5.0", - "last_opened_time": "-1.0", + "bundle_executable": "Captive Network Assistant", + "bundle_identifier": "com.apple.CaptiveNetworkAssistant", "bundle_name": "Captive Network Assistant", + "bundle_package_type": "APPL", + "bundle_short_version": "5.0", "bundle_version": "5.0", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/Captive Network Assistant.app", - "name": "Captive Network Assistant.app", - "bundle_identifier": "com.apple.CaptiveNetworkAssistant", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Captive Network Assistant", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Captive Network Assistant.app", + "path": "/System/Library/CoreServices/Captive Network Assistant.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Captive Network Assistant\",\"bundle_identifier\":\"com.apple.CaptiveNetworkAssistant\",\"bundle_name\":\"Captive Network Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"5.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Captive Network Assistant.app\",\"path\":\"/System/Library/CoreServices/Captive Network Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Certificate Assistant\",\"bundle_identifier\":\"com.apple.CertificateAssistant\",\"bundle_name\":\"Certificate Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"55174\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Certificate Assistant\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Certificate Assistant.app\",\"path\":\"/System/Library/CoreServices/Certificate Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Certificate Assistant.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/Certificate Assistant.app", - "name": "Certificate Assistant.app", - "bundle_short_version": "5.0", + "bundle_executable": "Certificate Assistant", "bundle_identifier": "com.apple.CertificateAssistant", - "last_opened_time": "-1.0", "bundle_name": "Certificate Assistant", - "display_name": "Certificate Assistant", - "bundle_executable": "Certificate Assistant", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "55174" + "bundle_short_version": "5.0", + "bundle_version": "55174", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "display_name": "Certificate Assistant", + "last_opened_time": "-1.0", + "name": "Certificate Assistant.app", + "path": "/System/Library/CoreServices/Certificate Assistant.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Certificate Assistant\",\"bundle_identifier\":\"com.apple.CertificateAssistant\",\"bundle_name\":\"Certificate Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"55174\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Certificate Assistant\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Certificate Assistant.app\",\"path\":\"/System/Library/CoreServices/Certificate Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ControlStrip\",\"bundle_identifier\":\"com.apple.controlstrip\",\"bundle_name\":\"ControlStrip\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"173\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Control Strip\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"ControlStrip.app\",\"path\":\"/System/Library/CoreServices/ControlStrip.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/ControlStrip.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "ControlStrip", + "bundle_identifier": "com.apple.controlstrip", "bundle_name": "ControlStrip", - "display_name": "Control Strip", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "173", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/ControlStrip.app", - "name": "ControlStrip.app", - "bundle_identifier": "com.apple.controlstrip", + "display_name": "Control Strip", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "ControlStrip", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "ControlStrip.app", + "path": "/System/Library/CoreServices/ControlStrip.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ControlStrip\",\"bundle_identifier\":\"com.apple.controlstrip\",\"bundle_name\":\"ControlStrip\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"173\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Control Strip\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"ControlStrip.app\",\"path\":\"/System/Library/CoreServices/ControlStrip.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CoreLocationAgent\",\"bundle_identifier\":\"com.apple.CoreLocationAgent\",\"bundle_name\":\"CoreLocationAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1486.12\",\"bundle_version\":\"1486.12\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013 Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Copyright \\\\xC2\\\\xA9 2013 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"CoreLocationAgent.app\",\"path\":\"/System/Library/CoreServices/CoreLocationAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/CoreLocationAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2013 Apple Inc.", - "info_string": "Copyright \\xC2\\xA9 2013 Apple Inc.", - "bundle_short_version": "1486.12", - "last_opened_time": "-1.0", + "bundle_executable": "CoreLocationAgent", + "bundle_identifier": "com.apple.CoreLocationAgent", "bundle_name": "CoreLocationAgent", + "bundle_package_type": "APPL", + "bundle_short_version": "1486.12", "bundle_version": "1486.12", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2013 Apple Inc.", "development_region": "English", - "path": "/System/Library/CoreServices/CoreLocationAgent.app", - "name": "CoreLocationAgent.app", - "bundle_identifier": "com.apple.CoreLocationAgent", + "element": "1", + "info_string": "Copyright \\xC2\\xA9 2013 Apple Inc.", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "CoreLocationAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "CoreLocationAgent.app", + "path": "/System/Library/CoreServices/CoreLocationAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CoreLocationAgent\",\"bundle_identifier\":\"com.apple.CoreLocationAgent\",\"bundle_name\":\"CoreLocationAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1486.12\",\"bundle_version\":\"1486.12\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013 Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Copyright \\\\xC2\\\\xA9 2013 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"CoreLocationAgent.app\",\"path\":\"/System/Library/CoreServices/CoreLocationAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CoreServicesUIAgent\",\"bundle_identifier\":\"com.apple.coreservices.uiagent\",\"bundle_name\":\"CoreServicesUIAgent\",\"bundle_package_type\":\"\",\"bundle_short_version\":\"180\",\"bundle_version\":\"180\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2009 Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Copyright \\\\xC2\\\\xA9 2009 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"CoreServicesUIAgent.app\",\"path\":\"/System/Library/CoreServices/CoreServicesUIAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/CoreServicesUIAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2009 Apple Inc.", - "info_string": "Copyright \\xC2\\xA9 2009 Apple Inc.", - "bundle_short_version": "180", - "last_opened_time": "-1.0", + "bundle_executable": "CoreServicesUIAgent", + "bundle_identifier": "com.apple.coreservices.uiagent", "bundle_name": "CoreServicesUIAgent", + "bundle_short_version": "180", "bundle_version": "180", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2009 Apple Inc.", "development_region": "English", - "path": "/System/Library/CoreServices/CoreServicesUIAgent.app", + "element": "1", + "info_string": "Copyright \\xC2\\xA9 2009 Apple Inc.", + "last_opened_time": "-1.0", "name": "CoreServicesUIAgent.app", - "bundle_identifier": "com.apple.coreservices.uiagent", - "bundle_executable": "CoreServicesUIAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "element": "1" + "path": "/System/Library/CoreServices/CoreServicesUIAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CoreServicesUIAgent\",\"bundle_identifier\":\"com.apple.coreservices.uiagent\",\"bundle_name\":\"CoreServicesUIAgent\",\"bundle_package_type\":\"\",\"bundle_short_version\":\"180\",\"bundle_version\":\"180\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2009 Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Copyright \\\\xC2\\\\xA9 2009 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"CoreServicesUIAgent.app\",\"path\":\"/System/Library/CoreServices/CoreServicesUIAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Database Events\",\"bundle_identifier\":\"com.apple.databaseevents\",\"bundle_name\":\"Database Events\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0.6\",\"bundle_version\":\"1.0.6\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Database Events.app\",\"path\":\"/System/Library/CoreServices/Database Events.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Database Events.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "development_region": "English", - "path": "/System/Library/CoreServices/Database Events.app", - "name": "Database Events.app", - "bundle_short_version": "1.0.6", + "bundle_executable": "Database Events", "bundle_identifier": "com.apple.databaseevents", - "last_opened_time": "-1.0", "bundle_name": "Database Events", - "bundle_executable": "Database Events", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1.0.6" + "bundle_short_version": "1.0.6", + "bundle_version": "1.0.6", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "Database Events.app", + "path": "/System/Library/CoreServices/Database Events.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Database Events\",\"bundle_identifier\":\"com.apple.databaseevents\",\"bundle_name\":\"Database Events\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0.6\",\"bundle_version\":\"1.0.6\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Database Events.app\",\"path\":\"/System/Library/CoreServices/Database Events.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"DiscHelper\",\"bundle_identifier\":\"com.apple.DiscHelper\",\"bundle_name\":\"DiscHelper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"DiscHelper.app\",\"path\":\"/System/Library/CoreServices/DiscHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/DiscHelper.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "DiscHelper", + "bundle_identifier": "com.apple.DiscHelper", "bundle_name": "DiscHelper", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/DiscHelper.app", - "name": "DiscHelper.app", - "bundle_identifier": "com.apple.DiscHelper", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "DiscHelper", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "DiscHelper.app", + "path": "/System/Library/CoreServices/DiscHelper.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"DiscHelper\",\"bundle_identifier\":\"com.apple.DiscHelper\",\"bundle_name\":\"DiscHelper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"DiscHelper.app\",\"path\":\"/System/Library/CoreServices/DiscHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"DiskImageMounter\",\"bundle_identifier\":\"com.apple.DiskImageMounter\",\"bundle_name\":\"DiskImageMounter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"480.1.2\",\"bundle_version\":\"480.1.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2000-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514370626.983\",\"minimum_system_version\":\"10.7.0\",\"name\":\"DiskImageMounter.app\",\"path\":\"/System/Library/CoreServices/DiskImageMounter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/DiskImageMounter.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 2000-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "480.1.2", - "last_opened_time": "1514370626.983", + "bundle_executable": "DiskImageMounter", + "bundle_identifier": "com.apple.DiskImageMounter", "bundle_name": "DiskImageMounter", + "bundle_package_type": "APPL", + "bundle_short_version": "480.1.2", "bundle_version": "480.1.2", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2000-2017 Apple Inc. All rights reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/DiskImageMounter.app", - "name": "DiskImageMounter.app", - "bundle_identifier": "com.apple.DiskImageMounter", + "element": "1", + "last_opened_time": "1514370626.983", "minimum_system_version": "10.7.0", - "bundle_executable": "DiskImageMounter", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "DiskImageMounter.app", + "path": "/System/Library/CoreServices/DiskImageMounter.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"DiskImageMounter\",\"bundle_identifier\":\"com.apple.DiskImageMounter\",\"bundle_name\":\"DiskImageMounter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"480.1.2\",\"bundle_version\":\"480.1.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2000-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514370626.983\",\"minimum_system_version\":\"10.7.0\",\"name\":\"DiskImageMounter.app\",\"path\":\"/System/Library/CoreServices/DiskImageMounter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Dock\",\"bundle_identifier\":\"com.apple.dock\",\"bundle_name\":\"Dock\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.8\",\"bundle_version\":\"1849.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright 2000-2010, Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Dock 1.8\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Dock.app\",\"path\":\"/System/Library/CoreServices/Dock.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Dock.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright 2000-2010, Apple Inc.", - "info_string": "Dock 1.8", - "bundle_short_version": "1.8", - "last_opened_time": "-1.0", + "bundle_executable": "Dock", + "bundle_identifier": "com.apple.dock", "bundle_name": "Dock", + "bundle_package_type": "APPL", + "bundle_short_version": "1.8", "bundle_version": "1849.2", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright 2000-2010, Apple Inc.", "development_region": "English", - "path": "/System/Library/CoreServices/Dock.app", + "element": "1", + "info_string": "Dock 1.8", + "last_opened_time": "-1.0", "name": "Dock.app", - "bundle_identifier": "com.apple.dock", - "bundle_executable": "Dock", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/Dock.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Dock\",\"bundle_identifier\":\"com.apple.dock\",\"bundle_name\":\"Dock\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.8\",\"bundle_version\":\"1849.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright 2000-2010, Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Dock 1.8\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Dock.app\",\"path\":\"/System/Library/CoreServices/Dock.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Dwell Control\",\"bundle_identifier\":\"com.apple.DwellControl\",\"bundle_name\":\"Dwell Control\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"192.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015-2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Dwell Control.app\",\"path\":\"/System/Library/CoreServices/Dwell Control.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Dwell Control.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Dwell Control", + "bundle_identifier": "com.apple.DwellControl", "bundle_name": "Dwell Control", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "192.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2015-2017 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Dwell Control.app", - "name": "Dwell Control.app", - "bundle_identifier": "com.apple.DwellControl", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Dwell Control", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Dwell Control.app", + "path": "/System/Library/CoreServices/Dwell Control.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Dwell Control\",\"bundle_identifier\":\"com.apple.DwellControl\",\"bundle_name\":\"Dwell Control\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"192.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015-2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Dwell Control.app\",\"path\":\"/System/Library/CoreServices/Dwell Control.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"EscrowSecurityAlert\",\"bundle_identifier\":\"com.apple.EscrowSecurityAlert\",\"bundle_name\":\"EscrowSecurityAlert\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013 Apple, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"EscrowSecurityAlert.app\",\"path\":\"/System/Library/CoreServices/EscrowSecurityAlert.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/EscrowSecurityAlert.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2013 Apple, Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "EscrowSecurityAlert", + "bundle_identifier": "com.apple.EscrowSecurityAlert", "bundle_name": "EscrowSecurityAlert", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2013 Apple, Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/EscrowSecurityAlert.app", - "name": "EscrowSecurityAlert.app", - "bundle_identifier": "com.apple.EscrowSecurityAlert", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "EscrowSecurityAlert", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "EscrowSecurityAlert.app", + "path": "/System/Library/CoreServices/EscrowSecurityAlert.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"EscrowSecurityAlert\",\"bundle_identifier\":\"com.apple.EscrowSecurityAlert\",\"bundle_name\":\"EscrowSecurityAlert\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013 Apple, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"EscrowSecurityAlert.app\",\"path\":\"/System/Library/CoreServices/EscrowSecurityAlert.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Expansion Slot Utility\",\"bundle_identifier\":\"com.apple.ExpansionSlotUtility\",\"bundle_name\":\"Expansion Slot Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.5.2\",\"bundle_version\":\"1.5.2b1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Expansion Slot Utility\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Expansion Slot Utility.app\",\"path\":\"/System/Library/CoreServices/Expansion Slot Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Expansion Slot Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.5.2", - "last_opened_time": "-1.0", + "bundle_executable": "Expansion Slot Utility", + "bundle_identifier": "com.apple.ExpansionSlotUtility", "bundle_name": "Expansion Slot Utility", - "display_name": "Expansion Slot Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "1.5.2", "bundle_version": "1.5.2b1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/Expansion Slot Utility.app", + "display_name": "Expansion Slot Utility", + "element": "1", + "last_opened_time": "-1.0", "name": "Expansion Slot Utility.app", - "bundle_identifier": "com.apple.ExpansionSlotUtility", - "bundle_executable": "Expansion Slot Utility", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/Expansion Slot Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Expansion Slot Utility\",\"bundle_identifier\":\"com.apple.ExpansionSlotUtility\",\"bundle_name\":\"Expansion Slot Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.5.2\",\"bundle_version\":\"1.5.2b1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Expansion Slot Utility\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Expansion Slot Utility.app\",\"path\":\"/System/Library/CoreServices/Expansion Slot Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirDrop\",\"bundle_identifier\":\"com.apple.finder.Open-AirDrop\",\"bundle_name\":\"AirDrop\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AirDrop.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/AirDrop.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/AirDrop.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "AirDrop", + "bundle_identifier": "com.apple.finder.Open-AirDrop", "bundle_name": "AirDrop", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/AirDrop.app", - "name": "AirDrop.app", - "bundle_identifier": "com.apple.finder.Open-AirDrop", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AirDrop", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "AirDrop.app", + "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/AirDrop.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirDrop\",\"bundle_identifier\":\"com.apple.finder.Open-AirDrop\",\"bundle_name\":\"AirDrop\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AirDrop.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/AirDrop.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"All My Files\",\"bundle_identifier\":\"com.apple.finder.Open-AllMyFiles\",\"bundle_name\":\"All My Files\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"All My Files.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/All My Files.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/All My Files.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "All My Files", + "bundle_identifier": "com.apple.finder.Open-AllMyFiles", "bundle_name": "All My Files", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/All My Files.app", - "name": "All My Files.app", - "bundle_identifier": "com.apple.finder.Open-AllMyFiles", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "All My Files", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "All My Files.app", + "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/All My Files.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"All My Files\",\"bundle_identifier\":\"com.apple.finder.Open-AllMyFiles\",\"bundle_name\":\"All My Files\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"All My Files.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/All My Files.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Computer\",\"bundle_identifier\":\"com.apple.finder.Open-Computer\",\"bundle_name\":\"Computer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Computer.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/Computer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/Computer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Computer", + "bundle_identifier": "com.apple.finder.Open-Computer", "bundle_name": "Computer", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/Computer.app", - "name": "Computer.app", - "bundle_identifier": "com.apple.finder.Open-Computer", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Computer", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Computer.app", + "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/Computer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Computer\",\"bundle_identifier\":\"com.apple.finder.Open-Computer\",\"bundle_name\":\"Computer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Computer.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/Computer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Network\",\"bundle_identifier\":\"com.apple.finder.Open-Network\",\"bundle_name\":\"Network\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Network.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/Network.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/Network.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Network", + "bundle_identifier": "com.apple.finder.Open-Network", "bundle_name": "Network", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/Network.app", - "name": "Network.app", - "bundle_identifier": "com.apple.finder.Open-Network", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Network", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Network.app", + "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/Network.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Network\",\"bundle_identifier\":\"com.apple.finder.Open-Network\",\"bundle_name\":\"Network\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Network.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/Network.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Recents\",\"bundle_identifier\":\"com.apple.finder.Open-Recents\",\"bundle_name\":\"Recents\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Recents.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/Recents.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/Recents.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Recents", + "bundle_identifier": "com.apple.finder.Open-Recents", "bundle_name": "Recents", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/Recents.app", - "name": "Recents.app", - "bundle_identifier": "com.apple.finder.Open-Recents", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Recents", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Recents.app", + "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/Recents.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Recents\",\"bundle_identifier\":\"com.apple.finder.Open-Recents\",\"bundle_name\":\"Recents\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Recents.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/Recents.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"iCloud Drive\",\"bundle_identifier\":\"com.apple.finder.Open-iCloudDrive\",\"bundle_name\":\"iCloud Drive\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"iCloud Drive.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/iCloud Drive.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/iCloud Drive.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "iCloud Drive", + "bundle_identifier": "com.apple.finder.Open-iCloudDrive", "bundle_name": "iCloud Drive", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/iCloud Drive.app", - "name": "iCloud Drive.app", - "bundle_identifier": "com.apple.finder.Open-iCloudDrive", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "iCloud Drive", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "iCloud Drive.app", + "path": "/System/Library/CoreServices/Finder.app/Contents/Applications/iCloud Drive.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"iCloud Drive\",\"bundle_identifier\":\"com.apple.finder.Open-iCloudDrive\",\"bundle_name\":\"iCloud Drive\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"iCloud Drive.app\",\"path\":\"/System/Library/CoreServices/Finder.app/Contents/Applications/iCloud Drive.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Finder\",\"bundle_identifier\":\"com.apple.finder\",\"bundle_name\":\"Finder\",\"bundle_package_type\":\"FNDR\",\"bundle_short_version\":\"10.13.1\",\"bundle_version\":\"10.13.1\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"macOS Finder 10.13.1\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Finder.app\",\"path\":\"/System/Library/CoreServices/Finder.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Finder.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "macOS Finder 10.13.1", - "bundle_short_version": "10.13.1", - "last_opened_time": "-1.0", + "bundle_executable": "Finder", + "bundle_identifier": "com.apple.finder", "bundle_name": "Finder", + "bundle_package_type": "FNDR", + "bundle_short_version": "10.13.1", "bundle_version": "10.13.1", - "development_region": "English", - "path": "/System/Library/CoreServices/Finder.app", - "name": "Finder.app", - "bundle_identifier": "com.apple.finder", - "bundle_executable": "Finder", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "FNDR" + "development_region": "English", + "info_string": "macOS Finder 10.13.1", + "last_opened_time": "-1.0", + "name": "Finder.app", + "path": "/System/Library/CoreServices/Finder.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Finder\",\"bundle_identifier\":\"com.apple.finder\",\"bundle_name\":\"Finder\",\"bundle_package_type\":\"FNDR\",\"bundle_short_version\":\"10.13.1\",\"bundle_version\":\"10.13.1\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"macOS Finder 10.13.1\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Finder.app\",\"path\":\"/System/Library/CoreServices/Finder.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"FolderActionsDispatcher\",\"bundle_identifier\":\"com.apple.FolderActionsDispatcher\",\"bundle_name\":\"FolderActionsDispatcher\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"FolderActionsDispatcher.app\",\"path\":\"/System/Library/CoreServices/FolderActionsDispatcher.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/FolderActionsDispatcher.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "FolderActionsDispatcher", + "bundle_identifier": "com.apple.FolderActionsDispatcher", "bundle_name": "FolderActionsDispatcher", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/FolderActionsDispatcher.app", - "name": "FolderActionsDispatcher.app", - "bundle_identifier": "com.apple.FolderActionsDispatcher", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "FolderActionsDispatcher", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "FolderActionsDispatcher.app", + "path": "/System/Library/CoreServices/FolderActionsDispatcher.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"FolderActionsDispatcher\",\"bundle_identifier\":\"com.apple.FolderActionsDispatcher\",\"bundle_name\":\"FolderActionsDispatcher\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"FolderActionsDispatcher.app\",\"path\":\"/System/Library/CoreServices/FolderActionsDispatcher.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Games\",\"bundle_identifier\":\"com.apple.gamecenter\",\"bundle_name\":\"Games\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"public.app-category.games\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Games\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Games.app\",\"path\":\"/System/Library/CoreServices/Games.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Games.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Games", + "bundle_identifier": "com.apple.gamecenter", "bundle_name": "Games", - "display_name": "Games", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", - "development_region": "en", - "path": "/System/Library/CoreServices/Games.app", - "name": "Games.app", - "bundle_identifier": "com.apple.gamecenter", - "minimum_system_version": "10.13", - "bundle_executable": "Games", "category": "public.app-category.games", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", + "development_region": "en", + "display_name": "Games", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Games.app", + "path": "/System/Library/CoreServices/Games.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Games\",\"bundle_identifier\":\"com.apple.gamecenter\",\"bundle_name\":\"Games\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"public.app-category.games\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Games\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Games.app\",\"path\":\"/System/Library/CoreServices/Games.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"HelpViewer\",\"bundle_identifier\":\"com.apple.helpviewer\",\"bundle_name\":\"Help Viewer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.0\",\"bundle_version\":\"330\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Help Viewer\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.12\",\"name\":\"HelpViewer.app\",\"path\":\"/System/Library/CoreServices/HelpViewer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/HelpViewer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "6.0", - "last_opened_time": "-1.0", + "bundle_executable": "HelpViewer", + "bundle_identifier": "com.apple.helpviewer", "bundle_name": "Help Viewer", - "display_name": "Help Viewer", + "bundle_package_type": "APPL", + "bundle_short_version": "6.0", "bundle_version": "330", - "development_region": "English", - "path": "/System/Library/CoreServices/HelpViewer.app", - "name": "HelpViewer.app", - "bundle_identifier": "com.apple.helpviewer", - "minimum_system_version": "10.12", - "bundle_executable": "HelpViewer", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "development_region": "English", + "display_name": "Help Viewer", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.12", + "name": "HelpViewer.app", + "path": "/System/Library/CoreServices/HelpViewer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"HelpViewer\",\"bundle_identifier\":\"com.apple.helpviewer\",\"bundle_name\":\"Help Viewer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.0\",\"bundle_version\":\"330\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Help Viewer\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.12\",\"name\":\"HelpViewer.app\",\"path\":\"/System/Library/CoreServices/HelpViewer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Image Events\",\"bundle_identifier\":\"com.apple.imageevents\",\"bundle_name\":\"Image Events\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.1.6\",\"bundle_version\":\"1.1.6\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Image Events.app\",\"path\":\"/System/Library/CoreServices/Image Events.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Image Events.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "development_region": "English", - "path": "/System/Library/CoreServices/Image Events.app", - "name": "Image Events.app", - "bundle_short_version": "1.1.6", + "bundle_executable": "Image Events", "bundle_identifier": "com.apple.imageevents", - "last_opened_time": "-1.0", "bundle_name": "Image Events", - "bundle_executable": "Image Events", + "bundle_package_type": "APPL", + "bundle_short_version": "1.1.6", + "bundle_version": "1.1.6", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "bundle_version": "1.1.6" + "development_region": "English", + "last_opened_time": "-1.0", + "name": "Image Events.app", + "path": "/System/Library/CoreServices/Image Events.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Image Events\",\"bundle_identifier\":\"com.apple.imageevents\",\"bundle_name\":\"Image Events\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.1.6\",\"bundle_version\":\"1.1.6\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Image Events.app\",\"path\":\"/System/Library/CoreServices/Image Events.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Install Command Line Developer Tools\",\"bundle_identifier\":\"com.apple.dt.CommandLineTools.installondemand\",\"bundle_name\":\"Install Command Line Developer Tools\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Install Command Line Developer Tools.app\",\"path\":\"/System/Library/CoreServices/Install Command Line Developer Tools.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Install Command Line Developer Tools.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2013 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Install Command Line Developer Tools", + "bundle_identifier": "com.apple.dt.CommandLineTools.installondemand", "bundle_name": "Install Command Line Developer Tools", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", - "development_region": "en", - "path": "/System/Library/CoreServices/Install Command Line Developer Tools.app", - "name": "Install Command Line Developer Tools.app", - "bundle_identifier": "com.apple.dt.CommandLineTools.installondemand", - "minimum_system_version": "10.13", - "bundle_executable": "Install Command Line Developer Tools", "category": "public.app-category.developer-tools", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "copyright": "Copyright \\xC2\\xA9 2013 Apple Inc. All rights reserved.", + "development_region": "en", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Install Command Line Developer Tools.app", + "path": "/System/Library/CoreServices/Install Command Line Developer Tools.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Install Command Line Developer Tools\",\"bundle_identifier\":\"com.apple.dt.CommandLineTools.installondemand\",\"bundle_name\":\"Install Command Line Developer Tools\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"public.app-category.developer-tools\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Install Command Line Developer Tools.app\",\"path\":\"/System/Library/CoreServices/Install Command Line Developer Tools.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Install in Progress\",\"bundle_identifier\":\"com.apple.PackageKit.Install-in-Progress\",\"bundle_name\":\"Install in Progress\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.0\",\"bundle_version\":\"725\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Install in Progress.app\",\"path\":\"/System/Library/CoreServices/Install in Progress.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Install in Progress.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", - "bundle_short_version": "3.0", - "last_opened_time": "-1.0", + "bundle_executable": "Install in Progress", + "bundle_identifier": "com.apple.PackageKit.Install-in-Progress", "bundle_name": "Install in Progress", + "bundle_package_type": "APPL", + "bundle_short_version": "3.0", "bundle_version": "725", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Install in Progress.app", - "name": "Install in Progress.app", - "bundle_identifier": "com.apple.PackageKit.Install-in-Progress", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Install in Progress", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Install in Progress.app", + "path": "/System/Library/CoreServices/Install in Progress.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Install in Progress\",\"bundle_identifier\":\"com.apple.PackageKit.Install-in-Progress\",\"bundle_name\":\"Install in Progress\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.0\",\"bundle_version\":\"725\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Install in Progress.app\",\"path\":\"/System/Library/CoreServices/Install in Progress.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Installer Progress\",\"bundle_identifier\":\"com.apple.Installer-Progress\",\"bundle_name\":\"Installer Progress\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"442\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Installer Progress.app\",\"path\":\"/System/Library/CoreServices/Installer Progress.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Installer Progress.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Installer Progress", + "bundle_identifier": "com.apple.Installer-Progress", "bundle_name": "Installer Progress", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "442", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/Installer Progress.app", - "name": "Installer Progress.app", - "bundle_identifier": "com.apple.Installer-Progress", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Installer Progress", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Installer Progress.app", + "path": "/System/Library/CoreServices/Installer Progress.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Installer Progress\",\"bundle_identifier\":\"com.apple.Installer-Progress\",\"bundle_name\":\"Installer Progress\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"442\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Installer Progress.app\",\"path\":\"/System/Library/CoreServices/Installer Progress.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Installer\",\"bundle_identifier\":\"com.apple.installer\",\"bundle_name\":\"Installer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.2.0\",\"bundle_version\":\"920\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514455386.7405\",\"minimum_system_version\":\"10.13\",\"name\":\"Installer.app\",\"path\":\"/System/Library/CoreServices/Installer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Installer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/Installer.app", - "name": "Installer.app", - "bundle_short_version": "6.2.0", + "bundle_executable": "Installer", "bundle_identifier": "com.apple.installer", - "minimum_system_version": "10.13", - "last_opened_time": "1514455386.7405", "bundle_name": "Installer", - "bundle_executable": "Installer", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "920" + "bundle_short_version": "6.2.0", + "bundle_version": "920", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "1514455386.7405", + "minimum_system_version": "10.13", + "name": "Installer.app", + "path": "/System/Library/CoreServices/Installer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Installer\",\"bundle_identifier\":\"com.apple.installer\",\"bundle_name\":\"Installer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.2.0\",\"bundle_version\":\"920\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1514455386.7405\",\"minimum_system_version\":\"10.13\",\"name\":\"Installer.app\",\"path\":\"/System/Library/CoreServices/Installer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Jar Launcher\",\"bundle_identifier\":\"com.apple.JarLauncher\",\"bundle_name\":\"Jar Launcher\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"15.0.1\",\"bundle_version\":\"15.0.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2005-2013, Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Jar Launcher.app\",\"path\":\"/System/Library/CoreServices/Jar Launcher.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Jar Launcher.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2005-2013, Apple Inc. All Rights Reserved.", - "bundle_short_version": "15.0.1", - "last_opened_time": "-1.0", + "bundle_executable": "Jar Launcher", + "bundle_identifier": "com.apple.JarLauncher", "bundle_name": "Jar Launcher", + "bundle_package_type": "APPL", + "bundle_short_version": "15.0.1", "bundle_version": "15.0.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2005-2013, Apple Inc. All Rights Reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/Jar Launcher.app", + "element": "1", + "last_opened_time": "-1.0", "name": "Jar Launcher.app", - "bundle_identifier": "com.apple.JarLauncher", - "bundle_executable": "Jar Launcher", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/Jar Launcher.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Jar Launcher\",\"bundle_identifier\":\"com.apple.JarLauncher\",\"bundle_name\":\"Jar Launcher\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"15.0.1\",\"bundle_version\":\"15.0.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2005-2013, Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Jar Launcher.app\",\"path\":\"/System/Library/CoreServices/Jar Launcher.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Java Web Start\",\"bundle_identifier\":\"com.apple.JavaWebStart\",\"bundle_name\":\"Java Web Start\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"15.0.1\",\"bundle_version\":\"15.0.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2005-2013, Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"Java Web Start\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Java Web Start.app\",\"path\":\"/System/Library/CoreServices/Java Web Start.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Java Web Start.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2005-2013, Apple Inc. All Rights Reserved.", - "bundle_short_version": "15.0.1", - "last_opened_time": "-1.0", + "bundle_executable": "Java Web Start", + "bundle_identifier": "com.apple.JavaWebStart", "bundle_name": "Java Web Start", - "display_name": "Java Web Start", + "bundle_package_type": "APPL", + "bundle_short_version": "15.0.1", "bundle_version": "15.0.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2005-2013, Apple Inc. All Rights Reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/Java Web Start.app", + "display_name": "Java Web Start", + "element": "1", + "last_opened_time": "-1.0", "name": "Java Web Start.app", - "bundle_identifier": "com.apple.JavaWebStart", - "bundle_executable": "Java Web Start", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/Java Web Start.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Java Web Start\",\"bundle_identifier\":\"com.apple.JavaWebStart\",\"bundle_name\":\"Java Web Start\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"15.0.1\",\"bundle_version\":\"15.0.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2005-2013, Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"Java Web Start\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Java Web Start.app\",\"path\":\"/System/Library/CoreServices/Java Web Start.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"KeyboardSetupAssistant\",\"bundle_identifier\":\"com.apple.KeyboardSetupAssistant\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.7\",\"bundle_version\":\"100\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"KeyboardSetupAssistant.app\",\"path\":\"/System/Library/CoreServices/KeyboardSetupAssistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/KeyboardSetupAssistant.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/KeyboardSetupAssistant.app", - "name": "KeyboardSetupAssistant.app", - "bundle_short_version": "10.7", - "bundle_identifier": "com.apple.KeyboardSetupAssistant", - "last_opened_time": "-1.0", "bundle_executable": "KeyboardSetupAssistant", - "compiler": "com.apple.compilers.llvm.clang.1_0", + "bundle_identifier": "com.apple.KeyboardSetupAssistant", "bundle_package_type": "APPL", + "bundle_short_version": "10.7", "bundle_version": "100", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "KeyboardSetupAssistant.app", + "path": "/System/Library/CoreServices/KeyboardSetupAssistant.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"KeyboardSetupAssistant\",\"bundle_identifier\":\"com.apple.KeyboardSetupAssistant\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.7\",\"bundle_version\":\"100\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"KeyboardSetupAssistant.app\",\"path\":\"/System/Library/CoreServices/KeyboardSetupAssistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Keychain Circle Notification\",\"bundle_identifier\":\"com.apple.security.Keychain-Circle-Notification\",\"bundle_name\":\"Keychain Circle Notification\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Keychain Circle Notification.app\",\"path\":\"/System/Library/CoreServices/Keychain Circle Notification.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Keychain Circle Notification.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "en", - "path": "/System/Library/CoreServices/Keychain Circle Notification.app", - "name": "Keychain Circle Notification.app", - "bundle_short_version": "1.0", + "bundle_executable": "Keychain Circle Notification", "bundle_identifier": "com.apple.security.Keychain-Circle-Notification", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "Keychain Circle Notification", - "bundle_executable": "Keychain Circle Notification", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "element": "1" + "bundle_short_version": "1.0", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "en", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Keychain Circle Notification.app", + "path": "/System/Library/CoreServices/Keychain Circle Notification.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Keychain Circle Notification\",\"bundle_identifier\":\"com.apple.security.Keychain-Circle-Notification\",\"bundle_name\":\"Keychain Circle Notification\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Keychain Circle Notification.app\",\"path\":\"/System/Library/CoreServices/Keychain Circle Notification.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Language Chooser\",\"bundle_identifier\":\"com.apple.Language-Chooser\",\"bundle_name\":\"Language Chooser\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"549\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 com.apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Language Chooser.app\",\"path\":\"/System/Library/CoreServices/Language Chooser.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Language Chooser.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012 com.apple. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Language Chooser", + "bundle_identifier": "com.apple.Language-Chooser", "bundle_name": "Language Chooser", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "549", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012 com.apple. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Language Chooser.app", - "name": "Language Chooser.app", - "bundle_identifier": "com.apple.Language-Chooser", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Language Chooser", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Language Chooser.app", + "path": "/System/Library/CoreServices/Language Chooser.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, - "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "epoch": "0", + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Language Chooser\",\"bundle_identifier\":\"com.apple.Language-Chooser\",\"bundle_name\":\"Language Chooser\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"549\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 com.apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Language Chooser.app\",\"path\":\"/System/Library/CoreServices/Language Chooser.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"LocationMenu\",\"bundle_identifier\":\"com.apple.locationmenu\",\"bundle_name\":\"Location Menu\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"LocationMenu.app\",\"path\":\"/System/Library/CoreServices/LocationMenu.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/LocationMenu.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "LocationMenu", + "bundle_identifier": "com.apple.locationmenu", "bundle_name": "Location Menu", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/LocationMenu.app", - "name": "LocationMenu.app", - "bundle_identifier": "com.apple.locationmenu", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "LocationMenu", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "LocationMenu.app", + "path": "/System/Library/CoreServices/LocationMenu.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"LocationMenu\",\"bundle_identifier\":\"com.apple.locationmenu\",\"bundle_name\":\"Location Menu\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"LocationMenu.app\",\"path\":\"/System/Library/CoreServices/LocationMenu.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"MRT\",\"bundle_identifier\":\"com.apple.MRT\",\"bundle_name\":\"MRT\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.27\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10\",\"name\":\"MRT.app\",\"path\":\"/System/Library/CoreServices/MRT.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/MRT.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2017 Apple, Inc. All rights reserved.", - "bundle_short_version": "1.27", - "last_opened_time": "-1.0", + "bundle_executable": "MRT", + "bundle_identifier": "com.apple.MRT", "bundle_name": "MRT", + "bundle_package_type": "APPL", + "bundle_short_version": "1.27", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2017 Apple, Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/MRT.app", - "name": "MRT.app", - "bundle_identifier": "com.apple.MRT", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.10", - "bundle_executable": "MRT", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "MRT.app", + "path": "/System/Library/CoreServices/MRT.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"MRT\",\"bundle_identifier\":\"com.apple.MRT\",\"bundle_name\":\"MRT\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.27\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.10\",\"name\":\"MRT.app\",\"path\":\"/System/Library/CoreServices/MRT.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ManagedClient\",\"bundle_identifier\":\"com.apple.ManagedClient\",\"bundle_name\":\"ManagedClient\",\"bundle_package_type\":\"AAPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1042\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright 2004-2017 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ManagedClient.app\",\"path\":\"/System/Library/CoreServices/ManagedClient.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/ManagedClient.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright 2004-2017 Apple Inc. All Rights Reserved.", - "bundle_short_version": "10.0", - "last_opened_time": "-1.0", + "bundle_executable": "ManagedClient", + "bundle_identifier": "com.apple.ManagedClient", "bundle_name": "ManagedClient", + "bundle_package_type": "AAPL", + "bundle_short_version": "10.0", "bundle_version": "1042", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright 2004-2017 Apple Inc. All Rights Reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/ManagedClient.app", + "element": "1", + "last_opened_time": "-1.0", "name": "ManagedClient.app", - "bundle_identifier": "com.apple.ManagedClient", - "bundle_executable": "ManagedClient", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "AAPL", - "element": "1" + "path": "/System/Library/CoreServices/ManagedClient.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ManagedClient\",\"bundle_identifier\":\"com.apple.ManagedClient\",\"bundle_name\":\"ManagedClient\",\"bundle_package_type\":\"AAPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1042\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright 2004-2017 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ManagedClient.app\",\"path\":\"/System/Library/CoreServices/ManagedClient.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Memory Slot Utility\",\"bundle_identifier\":\"com.apple.MemorySlotUtility\",\"bundle_name\":\"Memory Slot Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.5.3\",\"bundle_version\":\"1.5.3b1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Memory Slot Utility\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Memory Slot Utility.app\",\"path\":\"/System/Library/CoreServices/Memory Slot Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Memory Slot Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.5.3", - "last_opened_time": "-1.0", + "bundle_executable": "Memory Slot Utility", + "bundle_identifier": "com.apple.MemorySlotUtility", "bundle_name": "Memory Slot Utility", - "display_name": "Memory Slot Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "1.5.3", "bundle_version": "1.5.3b1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/Memory Slot Utility.app", + "display_name": "Memory Slot Utility", + "element": "1", + "last_opened_time": "-1.0", "name": "Memory Slot Utility.app", - "bundle_identifier": "com.apple.MemorySlotUtility", - "bundle_executable": "Memory Slot Utility", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/Memory Slot Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Memory Slot Utility\",\"bundle_identifier\":\"com.apple.MemorySlotUtility\",\"bundle_name\":\"Memory Slot Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.5.3\",\"bundle_version\":\"1.5.3b1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Memory Slot Utility\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Memory Slot Utility.app\",\"path\":\"/System/Library/CoreServices/Memory Slot Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"NetAuthAgent\",\"bundle_identifier\":\"com.apple.NetAuthAgent\",\"bundle_name\":\"NetAuthAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.2\",\"bundle_version\":\"6.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"NetAuthAgent.app\",\"path\":\"/System/Library/CoreServices/NetAuthAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/NetAuthAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/NetAuthAgent.app", - "name": "NetAuthAgent.app", - "bundle_short_version": "6.2", + "bundle_executable": "NetAuthAgent", "bundle_identifier": "com.apple.NetAuthAgent", - "last_opened_time": "-1.0", "bundle_name": "NetAuthAgent", - "bundle_executable": "NetAuthAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", + "bundle_short_version": "6.2", "bundle_version": "6.2", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "NetAuthAgent.app", + "path": "/System/Library/CoreServices/NetAuthAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"NetAuthAgent\",\"bundle_identifier\":\"com.apple.NetAuthAgent\",\"bundle_name\":\"NetAuthAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.2\",\"bundle_version\":\"6.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"NetAuthAgent.app\",\"path\":\"/System/Library/CoreServices/NetAuthAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"NotificationCenter\",\"bundle_identifier\":\"com.apple.notificationcenterui\",\"bundle_name\":\"NotificationCenter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"639.2\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2011 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"NotificationCenter.app\",\"path\":\"/System/Library/CoreServices/NotificationCenter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/NotificationCenter.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2011 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "NotificationCenter", + "bundle_identifier": "com.apple.notificationcenterui", "bundle_name": "NotificationCenter", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "639.2", - "development_region": "en", - "path": "/System/Library/CoreServices/NotificationCenter.app", - "name": "NotificationCenter.app", - "bundle_identifier": "com.apple.notificationcenterui", - "minimum_system_version": "10.13", - "bundle_executable": "NotificationCenter", "category": "public.app-category.productivity", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "copyright": "Copyright \\xC2\\xA9 2011 Apple Inc. All rights reserved.", + "development_region": "en", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "NotificationCenter.app", + "path": "/System/Library/CoreServices/NotificationCenter.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"NotificationCenter\",\"bundle_identifier\":\"com.apple.notificationcenterui\",\"bundle_name\":\"NotificationCenter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"639.2\",\"category\":\"public.app-category.productivity\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2011 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"NotificationCenter.app\",\"path\":\"/System/Library/CoreServices/NotificationCenter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"NowPlayingTouchUI\",\"bundle_identifier\":\"com.apple.NowPlayingTouchUI\",\"bundle_name\":\"NowPlayingTouchUI\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"NowPlayingTouchUI.app\",\"path\":\"/System/Library/CoreServices/NowPlayingTouchUI.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/NowPlayingTouchUI.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "NowPlayingTouchUI", + "bundle_identifier": "com.apple.NowPlayingTouchUI", "bundle_name": "NowPlayingTouchUI", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/NowPlayingTouchUI.app", - "name": "NowPlayingTouchUI.app", - "bundle_identifier": "com.apple.NowPlayingTouchUI", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "NowPlayingTouchUI", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "NowPlayingTouchUI.app", + "path": "/System/Library/CoreServices/NowPlayingTouchUI.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"NowPlayingTouchUI\",\"bundle_identifier\":\"com.apple.NowPlayingTouchUI\",\"bundle_name\":\"NowPlayingTouchUI\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"NowPlayingTouchUI.app\",\"path\":\"/System/Library/CoreServices/NowPlayingTouchUI.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"NowPlayingWidgetContainer\",\"bundle_identifier\":\"com.apple..NowPlayingWidgetContainer\",\"bundle_name\":\"NowPlayingWidgetContainer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"NowPlayingWidgetContainer.app\",\"path\":\"/System/Library/CoreServices/NowPlayingWidgetContainer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/NowPlayingWidgetContainer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "NowPlayingWidgetContainer", + "bundle_identifier": "com.apple..NowPlayingWidgetContainer", "bundle_name": "NowPlayingWidgetContainer", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/NowPlayingWidgetContainer.app", - "name": "NowPlayingWidgetContainer.app", - "bundle_identifier": "com.apple..NowPlayingWidgetContainer", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "NowPlayingWidgetContainer", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "NowPlayingWidgetContainer.app", + "path": "/System/Library/CoreServices/NowPlayingWidgetContainer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"NowPlayingWidgetContainer\",\"bundle_identifier\":\"com.apple..NowPlayingWidgetContainer\",\"bundle_name\":\"NowPlayingWidgetContainer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"NowPlayingWidgetContainer.app\",\"path\":\"/System/Library/CoreServices/NowPlayingWidgetContainer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"OBEXAgent\",\"bundle_identifier\":\"com.apple.OBEXAgent\",\"bundle_name\":\"OBEXAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.0.0\",\"bundle_version\":\"6.0.1f1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"6.0.0, Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"OBEXAgent.app\",\"path\":\"/System/Library/CoreServices/OBEXAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/OBEXAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", - "info_string": "6.0.0, Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "6.0.0", - "last_opened_time": "-1.0", + "bundle_executable": "OBEXAgent", + "bundle_identifier": "com.apple.OBEXAgent", "bundle_name": "OBEXAgent", + "bundle_package_type": "APPL", + "bundle_short_version": "6.0.0", "bundle_version": "6.0.1f1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/OBEXAgent.app", - "name": "OBEXAgent.app", - "bundle_identifier": "com.apple.OBEXAgent", + "element": "1", + "info_string": "6.0.0, Copyright \\xC2\\xA9 2002-2017 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "OBEXAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "OBEXAgent.app", + "path": "/System/Library/CoreServices/OBEXAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, - "related": { - "user": [ - "tsg" - ], + "related": { "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"OBEXAgent\",\"bundle_identifier\":\"com.apple.OBEXAgent\",\"bundle_name\":\"OBEXAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.0.0\",\"bundle_version\":\"6.0.1f1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"6.0.0, Copyright \\\\xC2\\\\xA9 2002-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"OBEXAgent.app\",\"path\":\"/System/Library/CoreServices/OBEXAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ODSAgent\",\"bundle_identifier\":\"com.apple.ODSAgent\",\"bundle_name\":\"ODSAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.8\",\"bundle_version\":\"180.8\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"ODSAgent\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.8 (180.8), Copyright \\\\xC2\\\\xA9 2007-2009 Apple Inc. All Rights Reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ODSAgent.app\",\"path\":\"/System/Library/CoreServices/ODSAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/ODSAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "1.8 (180.8), Copyright \\xC2\\xA9 2007-2009 Apple Inc. All Rights Reserved.", - "bundle_short_version": "1.8", - "last_opened_time": "-1.0", + "bundle_executable": "ODSAgent", + "bundle_identifier": "com.apple.ODSAgent", "bundle_name": "ODSAgent", - "display_name": "ODSAgent", + "bundle_package_type": "APPL", + "bundle_short_version": "1.8", "bundle_version": "180.8", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/ODSAgent.app", + "display_name": "ODSAgent", + "element": "1", + "info_string": "1.8 (180.8), Copyright \\xC2\\xA9 2007-2009 Apple Inc. All Rights Reserved.", + "last_opened_time": "-1.0", "name": "ODSAgent.app", - "bundle_identifier": "com.apple.ODSAgent", - "bundle_executable": "ODSAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/ODSAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ODSAgent\",\"bundle_identifier\":\"com.apple.ODSAgent\",\"bundle_name\":\"ODSAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.8\",\"bundle_version\":\"180.8\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"ODSAgent\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.8 (180.8), Copyright \\\\xC2\\\\xA9 2007-2009 Apple Inc. All Rights Reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ODSAgent.app\",\"path\":\"/System/Library/CoreServices/ODSAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"OSDUIHelper\",\"bundle_identifier\":\"com.apple.OSDUIHelper\",\"bundle_name\":\"OSDUIHelper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"OSDUIHelper.app\",\"path\":\"/System/Library/CoreServices/OSDUIHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/OSDUIHelper.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "OSDUIHelper", + "bundle_identifier": "com.apple.OSDUIHelper", "bundle_name": "OSDUIHelper", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/OSDUIHelper.app", - "name": "OSDUIHelper.app", - "bundle_identifier": "com.apple.OSDUIHelper", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "OSDUIHelper", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "OSDUIHelper.app", + "path": "/System/Library/CoreServices/OSDUIHelper.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"OSDUIHelper\",\"bundle_identifier\":\"com.apple.OSDUIHelper\",\"bundle_name\":\"OSDUIHelper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"OSDUIHelper.app\",\"path\":\"/System/Library/CoreServices/OSDUIHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PIPAgent\",\"bundle_identifier\":\"com.apple.PIPAgent\",\"bundle_name\":\"PIPAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"83\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"PIPAgent.app\",\"path\":\"/System/Library/CoreServices/PIPAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/PIPAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "PIPAgent", + "bundle_identifier": "com.apple.PIPAgent", "bundle_name": "PIPAgent", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "83", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/PIPAgent.app", - "name": "PIPAgent.app", - "bundle_identifier": "com.apple.PIPAgent", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "PIPAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "PIPAgent.app", + "path": "/System/Library/CoreServices/PIPAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PIPAgent\",\"bundle_identifier\":\"com.apple.PIPAgent\",\"bundle_name\":\"PIPAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"83\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"PIPAgent.app\",\"path\":\"/System/Library/CoreServices/PIPAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Paired Devices\",\"bundle_identifier\":\"com.apple.PairedDevices\",\"bundle_name\":\"Paired Devices\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.1\",\"bundle_version\":\"110.8\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"Paired Devices\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Paired Devices.app\",\"path\":\"/System/Library/CoreServices/Paired Devices.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Paired Devices.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.1", - "last_opened_time": "-1.0", + "bundle_executable": "Paired Devices", + "bundle_identifier": "com.apple.PairedDevices", "bundle_name": "Paired Devices", - "display_name": "Paired Devices", + "bundle_package_type": "APPL", + "bundle_short_version": "1.1", "bundle_version": "110.8", - "development_region": "en", - "path": "/System/Library/CoreServices/Paired Devices.app", - "name": "Paired Devices.app", - "bundle_identifier": "com.apple.PairedDevices", - "minimum_system_version": "10.13", - "bundle_executable": "Paired Devices", "category": "public.app-category.utilities", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "development_region": "en", + "display_name": "Paired Devices", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Paired Devices.app", + "path": "/System/Library/CoreServices/Paired Devices.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Paired Devices\",\"bundle_identifier\":\"com.apple.PairedDevices\",\"bundle_name\":\"Paired Devices\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.1\",\"bundle_version\":\"110.8\",\"category\":\"public.app-category.utilities\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"Paired Devices\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Paired Devices.app\",\"path\":\"/System/Library/CoreServices/Paired Devices.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Pass Viewer\",\"bundle_identifier\":\"com.apple.Pass-Viewer\",\"bundle_name\":\"Pass Viewer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Pass Viewer.app\",\"path\":\"/System/Library/CoreServices/Pass Viewer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Pass Viewer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Pass Viewer", + "bundle_identifier": "com.apple.Pass-Viewer", "bundle_name": "Pass Viewer", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Pass Viewer.app", - "name": "Pass Viewer.app", - "bundle_identifier": "com.apple.Pass-Viewer", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Pass Viewer", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Pass Viewer.app", + "path": "/System/Library/CoreServices/Pass Viewer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Pass Viewer\",\"bundle_identifier\":\"com.apple.Pass-Viewer\",\"bundle_name\":\"Pass Viewer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Pass Viewer.app\",\"path\":\"/System/Library/CoreServices/Pass Viewer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Photo Library Migration Utility\",\"bundle_identifier\":\"com.apple.PhotoLibraryMigrationUtility\",\"bundle_name\":\"Photo Library Migration Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0\",\"bundle_version\":\"2001.20.100\",\"category\":\"public.app-category.photography\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2002-2015 Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9\",\"name\":\"Photo Library Migration Utility.app\",\"path\":\"/System/Library/CoreServices/Photo Library Migration Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Photo Library Migration Utility.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 2002-2015 Apple Inc.", - "bundle_short_version": "2.0", - "last_opened_time": "-1.0", + "bundle_executable": "Photo Library Migration Utility", + "bundle_identifier": "com.apple.PhotoLibraryMigrationUtility", "bundle_name": "Photo Library Migration Utility", + "bundle_package_type": "APPL", + "bundle_short_version": "2.0", "bundle_version": "2001.20.100", - "development_region": "English", - "path": "/System/Library/CoreServices/Photo Library Migration Utility.app", - "name": "Photo Library Migration Utility.app", - "bundle_identifier": "com.apple.PhotoLibraryMigrationUtility", - "minimum_system_version": "10.9", - "bundle_executable": "Photo Library Migration Utility", "category": "public.app-category.photography", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "copyright": "Copyright \\xC2\\xA9 2002-2015 Apple Inc.", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.9", + "name": "Photo Library Migration Utility.app", + "path": "/System/Library/CoreServices/Photo Library Migration Utility.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Photo Library Migration Utility\",\"bundle_identifier\":\"com.apple.PhotoLibraryMigrationUtility\",\"bundle_name\":\"Photo Library Migration Utility\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0\",\"bundle_version\":\"2001.20.100\",\"category\":\"public.app-category.photography\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2002-2015 Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9\",\"name\":\"Photo Library Migration Utility.app\",\"path\":\"/System/Library/CoreServices/Photo Library Migration Utility.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PowerChime\",\"bundle_identifier\":\"com.apple.PowerChime\",\"bundle_name\":\"PowerChime\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"PowerChime.app\",\"path\":\"/System/Library/CoreServices/PowerChime.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/PowerChime.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "PowerChime", + "bundle_identifier": "com.apple.PowerChime", "bundle_name": "PowerChime", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/PowerChime.app", - "name": "PowerChime.app", - "bundle_identifier": "com.apple.PowerChime", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "PowerChime", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "PowerChime.app", + "path": "/System/Library/CoreServices/PowerChime.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PowerChime\",\"bundle_identifier\":\"com.apple.PowerChime\",\"bundle_name\":\"PowerChime\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"PowerChime.app\",\"path\":\"/System/Library/CoreServices/PowerChime.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Problem Reporter\",\"bundle_identifier\":\"com.apple.ProblemReporter\",\"bundle_name\":\"Problem Reporter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Problem Reporter.app\",\"path\":\"/System/Library/CoreServices/Problem Reporter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Problem Reporter.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/Problem Reporter.app", - "name": "Problem Reporter.app", - "bundle_short_version": "10.13", + "bundle_executable": "Problem Reporter", "bundle_identifier": "com.apple.ProblemReporter", - "last_opened_time": "-1.0", "bundle_name": "Problem Reporter", - "bundle_executable": "Problem Reporter", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", + "bundle_short_version": "10.13", "bundle_version": "1", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "Problem Reporter.app", + "path": "/System/Library/CoreServices/Problem Reporter.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Problem Reporter\",\"bundle_identifier\":\"com.apple.ProblemReporter\",\"bundle_name\":\"Problem Reporter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Problem Reporter.app\",\"path\":\"/System/Library/CoreServices/Problem Reporter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"RapportUIAgent\",\"bundle_identifier\":\"com.apple.RapportUIAgent\",\"bundle_name\":\"RapportUIAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.1\",\"bundle_version\":\"110.8\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"RapportUIAgent.app\",\"path\":\"/System/Library/CoreServices/RapportUIAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/RapportUIAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.1", - "last_opened_time": "-1.0", + "bundle_executable": "RapportUIAgent", + "bundle_identifier": "com.apple.RapportUIAgent", "bundle_name": "RapportUIAgent", + "bundle_package_type": "APPL", + "bundle_short_version": "1.1", "bundle_version": "110.8", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/RapportUIAgent.app", - "name": "RapportUIAgent.app", - "bundle_identifier": "com.apple.RapportUIAgent", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "RapportUIAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "RapportUIAgent.app", + "path": "/System/Library/CoreServices/RapportUIAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"RapportUIAgent\",\"bundle_identifier\":\"com.apple.RapportUIAgent\",\"bundle_name\":\"RapportUIAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.1\",\"bundle_version\":\"110.8\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"RapportUIAgent.app\",\"path\":\"/System/Library/CoreServices/RapportUIAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"RegisterPluginIMApp\",\"bundle_identifier\":\"com.apple.pluginIM.pluginIMRegistrator\",\"bundle_name\":\"RegisterPluginIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"18\",\"bundle_version\":\"12\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"RegisterPluginIMApp.app\",\"path\":\"/System/Library/CoreServices/RegisterPluginIMApp.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/RegisterPluginIMApp.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "18", - "last_opened_time": "-1.0", + "bundle_executable": "RegisterPluginIMApp", + "bundle_identifier": "com.apple.pluginIM.pluginIMRegistrator", "bundle_name": "RegisterPluginIM", + "bundle_package_type": "APPL", + "bundle_short_version": "18", "bundle_version": "12", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/RegisterPluginIMApp.app", - "name": "RegisterPluginIMApp.app", - "bundle_identifier": "com.apple.pluginIM.pluginIMRegistrator", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "RegisterPluginIMApp", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "RegisterPluginIMApp.app", + "path": "/System/Library/CoreServices/RegisterPluginIMApp.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"RegisterPluginIMApp\",\"bundle_identifier\":\"com.apple.pluginIM.pluginIMRegistrator\",\"bundle_name\":\"RegisterPluginIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"18\",\"bundle_version\":\"12\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"RegisterPluginIMApp.app\",\"path\":\"/System/Library/CoreServices/RegisterPluginIMApp.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ARDAgent\",\"bundle_identifier\":\"com.apple.RemoteDesktopAgent\",\"bundle_name\":\"ARDAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.9.5\",\"bundle_version\":\"522.13\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ARDAgent.app\",\"path\":\"/System/Library/CoreServices/RemoteManagement/ARDAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/RemoteManagement/ARDAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/RemoteManagement/ARDAgent.app", - "name": "ARDAgent.app", - "bundle_short_version": "3.9.5", + "bundle_executable": "ARDAgent", "bundle_identifier": "com.apple.RemoteDesktopAgent", - "last_opened_time": "-1.0", "bundle_name": "ARDAgent", - "bundle_executable": "ARDAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", + "bundle_short_version": "3.9.5", "bundle_version": "522.13", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "ARDAgent.app", + "path": "/System/Library/CoreServices/RemoteManagement/ARDAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ARDAgent\",\"bundle_identifier\":\"com.apple.RemoteDesktopAgent\",\"bundle_name\":\"ARDAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.9.5\",\"bundle_version\":\"522.13\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ARDAgent.app\",\"path\":\"/System/Library/CoreServices/RemoteManagement/ARDAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ReportPanic\",\"bundle_identifier\":\"com.apple.ReportPanic\",\"bundle_name\":\"ReportPanic\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"ReportPanic.app\",\"path\":\"/System/Library/CoreServices/ReportPanic.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/ReportPanic.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "10.13", - "last_opened_time": "-1.0", + "bundle_executable": "ReportPanic", + "bundle_identifier": "com.apple.ReportPanic", "bundle_name": "ReportPanic", + "bundle_package_type": "APPL", + "bundle_short_version": "10.13", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/ReportPanic.app", - "name": "ReportPanic.app", - "bundle_identifier": "com.apple.ReportPanic", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "ReportPanic", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "ReportPanic.app", + "path": "/System/Library/CoreServices/ReportPanic.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ReportPanic\",\"bundle_identifier\":\"com.apple.ReportPanic\",\"bundle_name\":\"ReportPanic\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.13\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"ReportPanic.app\",\"path\":\"/System/Library/CoreServices/ReportPanic.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ScreenSaverEngine\",\"bundle_identifier\":\"com.apple.ScreenSaver.Engine\",\"bundle_name\":\"ScreenSaverEngine\",\"bundle_package_type\":\"\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"5.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ScreenSaverEngine.app\",\"path\":\"/System/Library/CoreServices/ScreenSaverEngine.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/ScreenSaverEngine.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/ScreenSaverEngine.app", - "name": "ScreenSaverEngine.app", - "bundle_short_version": "5.0", + "bundle_executable": "ScreenSaverEngine", "bundle_identifier": "com.apple.ScreenSaver.Engine", - "last_opened_time": "-1.0", "bundle_name": "ScreenSaverEngine", - "bundle_executable": "ScreenSaverEngine", - "compiler": "com.apple.compilers.llvm.clang.1_0", + "bundle_short_version": "5.0", "bundle_version": "5.0", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "ScreenSaverEngine.app", + "path": "/System/Library/CoreServices/ScreenSaverEngine.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ScreenSaverEngine\",\"bundle_identifier\":\"com.apple.ScreenSaver.Engine\",\"bundle_name\":\"ScreenSaverEngine\",\"bundle_package_type\":\"\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"5.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ScreenSaverEngine.app\",\"path\":\"/System/Library/CoreServices/ScreenSaverEngine.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ScriptMonitor\",\"bundle_identifier\":\"com.apple.ScriptMonitor\",\"bundle_name\":\"ScriptMonitor\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0.1\",\"bundle_version\":\"10\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ScriptMonitor.app\",\"path\":\"/System/Library/CoreServices/ScriptMonitor.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/ScriptMonitor.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0.1", - "last_opened_time": "-1.0", + "bundle_executable": "ScriptMonitor", + "bundle_identifier": "com.apple.ScriptMonitor", "bundle_name": "ScriptMonitor", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0.1", "bundle_version": "10", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/ScriptMonitor.app", + "element": "1", + "last_opened_time": "-1.0", "name": "ScriptMonitor.app", - "bundle_identifier": "com.apple.ScriptMonitor", - "bundle_executable": "ScriptMonitor", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/ScriptMonitor.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ScriptMonitor\",\"bundle_identifier\":\"com.apple.ScriptMonitor\",\"bundle_name\":\"ScriptMonitor\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0.1\",\"bundle_version\":\"10\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ScriptMonitor.app\",\"path\":\"/System/Library/CoreServices/ScriptMonitor.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Setup Assistant\",\"bundle_identifier\":\"com.apple.SetupAssistant\",\"bundle_name\":\"Setup Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.10\",\"bundle_version\":\"1972\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Setup Assistant.app\",\"path\":\"/System/Library/CoreServices/Setup Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Setup Assistant.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", - "bundle_short_version": "10.10", - "last_opened_time": "-1.0", + "bundle_executable": "Setup Assistant", + "bundle_identifier": "com.apple.SetupAssistant", "bundle_name": "Setup Assistant", + "bundle_package_type": "APPL", + "bundle_short_version": "10.10", "bundle_version": "1972", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Setup Assistant.app", - "name": "Setup Assistant.app", - "bundle_identifier": "com.apple.SetupAssistant", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Setup Assistant", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Setup Assistant.app", + "path": "/System/Library/CoreServices/Setup Assistant.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Setup Assistant\",\"bundle_identifier\":\"com.apple.SetupAssistant\",\"bundle_name\":\"Setup Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.10\",\"bundle_version\":\"1972\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Setup Assistant.app\",\"path\":\"/System/Library/CoreServices/Setup Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Siri\",\"bundle_identifier\":\"com.apple.Siri\",\"bundle_name\":\"Siri\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"146\",\"bundle_version\":\"146\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Siri.app\",\"path\":\"/System/Library/CoreServices/Siri.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Siri.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", - "bundle_short_version": "146", - "last_opened_time": "-1.0", + "bundle_executable": "Siri", + "bundle_identifier": "com.apple.Siri", "bundle_name": "Siri", + "bundle_package_type": "APPL", + "bundle_short_version": "146", "bundle_version": "146", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Siri.app", - "name": "Siri.app", - "bundle_identifier": "com.apple.Siri", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Siri", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Siri.app", + "path": "/System/Library/CoreServices/Siri.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Siri\",\"bundle_identifier\":\"com.apple.Siri\",\"bundle_name\":\"Siri\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"146\",\"bundle_version\":\"146\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Siri.app\",\"path\":\"/System/Library/CoreServices/Siri.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SocialPushAgent\",\"bundle_identifier\":\"com.apple.SocialPushAgent\",\"bundle_name\":\"SocialPushAgent\",\"bundle_package_type\":\"XPC!\",\"bundle_short_version\":\"60\",\"bundle_version\":\"60\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"SocialPushAgent\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SocialPushAgent.app\",\"path\":\"/System/Library/CoreServices/SocialPushAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/SocialPushAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", - "bundle_short_version": "60", - "last_opened_time": "-1.0", + "bundle_executable": "SocialPushAgent", + "bundle_identifier": "com.apple.SocialPushAgent", "bundle_name": "SocialPushAgent", - "display_name": "SocialPushAgent", + "bundle_package_type": "XPC!", + "bundle_short_version": "60", "bundle_version": "60", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/SocialPushAgent.app", + "display_name": "SocialPushAgent", + "last_opened_time": "-1.0", "name": "SocialPushAgent.app", - "bundle_identifier": "com.apple.SocialPushAgent", - "bundle_executable": "SocialPushAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "XPC!" + "path": "/System/Library/CoreServices/SocialPushAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SocialPushAgent\",\"bundle_identifier\":\"com.apple.SocialPushAgent\",\"bundle_name\":\"SocialPushAgent\",\"bundle_package_type\":\"XPC!\",\"bundle_short_version\":\"60\",\"bundle_version\":\"60\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"SocialPushAgent\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SocialPushAgent.app\",\"path\":\"/System/Library/CoreServices/SocialPushAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Software Update\",\"bundle_identifier\":\"com.apple.SoftwareUpdate\",\"bundle_name\":\"Software Update\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6\",\"bundle_version\":\"1068.9\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Software Update\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Software Update version 4.0, Copyright \\\\xC2\\\\xA9 2000-2009, Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Software Update.app\",\"path\":\"/System/Library/CoreServices/Software Update.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Software Update.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "Software Update version 4.0, Copyright \\xC2\\xA9 2000-2009, Apple Inc. All rights reserved.", - "bundle_short_version": "6", - "last_opened_time": "-1.0", + "bundle_executable": "Software Update", + "bundle_identifier": "com.apple.SoftwareUpdate", "bundle_name": "Software Update", - "display_name": "Software Update", + "bundle_package_type": "APPL", + "bundle_short_version": "6", "bundle_version": "1068.9", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/Software Update.app", + "display_name": "Software Update", + "element": "1", + "info_string": "Software Update version 4.0, Copyright \\xC2\\xA9 2000-2009, Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", "name": "Software Update.app", - "bundle_identifier": "com.apple.SoftwareUpdate", - "bundle_executable": "Software Update", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/Software Update.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Software Update\",\"bundle_identifier\":\"com.apple.SoftwareUpdate\",\"bundle_name\":\"Software Update\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6\",\"bundle_version\":\"1068.9\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Software Update\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Software Update version 4.0, Copyright \\\\xC2\\\\xA9 2000-2009, Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Software Update.app\",\"path\":\"/System/Library/CoreServices/Software Update.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SoftwareUpdateLauncher\",\"bundle_identifier\":\"com.apple.SoftwareUpdateLauncher\",\"bundle_name\":\"SoftwareUpdateLauncher\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6\",\"bundle_version\":\"1068.9\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1510411510.90011\",\"minimum_system_version\":\"10.13\",\"name\":\"SoftwareUpdateLauncher.app\",\"path\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateLauncher.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:54.000Z", "file": { "path": "/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateLauncher.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", - "bundle_short_version": "6", - "last_opened_time": "1510411510.90011", + "bundle_executable": "SoftwareUpdateLauncher", + "bundle_identifier": "com.apple.SoftwareUpdateLauncher", "bundle_name": "SoftwareUpdateLauncher", + "bundle_package_type": "APPL", + "bundle_short_version": "6", "bundle_version": "1068.9", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateLauncher.app", - "name": "SoftwareUpdateLauncher.app", - "bundle_identifier": "com.apple.SoftwareUpdateLauncher", + "last_opened_time": "1510411510.90011", "minimum_system_version": "10.13", - "bundle_executable": "SoftwareUpdateLauncher", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "SoftwareUpdateLauncher.app", + "path": "/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateLauncher.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SoftwareUpdateLauncher\",\"bundle_identifier\":\"com.apple.SoftwareUpdateLauncher\",\"bundle_name\":\"SoftwareUpdateLauncher\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6\",\"bundle_version\":\"1068.9\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1510411510.90011\",\"minimum_system_version\":\"10.13\",\"name\":\"SoftwareUpdateLauncher.app\",\"path\":\"/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateLauncher.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Spotlight\",\"bundle_identifier\":\"com.apple.Spotlight\",\"bundle_name\":\"Spotlight\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1191.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Spotlight.app\",\"path\":\"/System/Library/CoreServices/Spotlight.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Spotlight.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2013 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Spotlight", + "bundle_identifier": "com.apple.Spotlight", "bundle_name": "Spotlight", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1191.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2013 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/Spotlight.app", - "name": "Spotlight.app", - "bundle_identifier": "com.apple.Spotlight", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Spotlight", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "Spotlight.app", + "path": "/System/Library/CoreServices/Spotlight.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Spotlight\",\"bundle_identifier\":\"com.apple.Spotlight\",\"bundle_name\":\"Spotlight\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1191.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Spotlight.app\",\"path\":\"/System/Library/CoreServices/Spotlight.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Stocks\",\"bundle_identifier\":\"com.apple.stocks\",\"bundle_name\":\"Stocks\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"22\",\"category\":\"public.app-category.finance\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014-2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Stocks\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Stocks.app\",\"path\":\"/System/Library/CoreServices/Stocks.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Stocks.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014-2015 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Stocks", + "bundle_identifier": "com.apple.stocks", "bundle_name": "Stocks", - "display_name": "Stocks", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "22", - "development_region": "en", - "path": "/System/Library/CoreServices/Stocks.app", - "name": "Stocks.app", - "bundle_identifier": "com.apple.stocks", - "minimum_system_version": "10.13", - "bundle_executable": "Stocks", "category": "public.app-category.finance", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "copyright": "Copyright \\xC2\\xA9 2014-2015 Apple Inc. All rights reserved.", + "development_region": "en", + "display_name": "Stocks", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Stocks.app", + "path": "/System/Library/CoreServices/Stocks.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Stocks\",\"bundle_identifier\":\"com.apple.stocks\",\"bundle_name\":\"Stocks\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"22\",\"category\":\"public.app-category.finance\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014-2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Stocks\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Stocks.app\",\"path\":\"/System/Library/CoreServices/Stocks.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"System Events\",\"bundle_identifier\":\"com.apple.systemevents\",\"bundle_name\":\"System Events\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.3.6\",\"bundle_version\":\"1.3.6\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"System Events.app\",\"path\":\"/System/Library/CoreServices/System Events.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/System Events.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "bundle_short_version": "1.3.6", - "last_opened_time": "-1.0", + "bundle_executable": "System Events", + "bundle_identifier": "com.apple.systemevents", "bundle_name": "System Events", + "bundle_package_type": "APPL", + "bundle_short_version": "1.3.6", "bundle_version": "1.3.6", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/System Events.app", + "element": "1", + "last_opened_time": "-1.0", "name": "System Events.app", - "bundle_identifier": "com.apple.systemevents", - "bundle_executable": "System Events", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/System Events.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"System Events\",\"bundle_identifier\":\"com.apple.systemevents\",\"bundle_name\":\"System Events\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.3.6\",\"bundle_version\":\"1.3.6\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"System Events.app\",\"path\":\"/System/Library/CoreServices/System Events.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SystemUIServer\",\"bundle_identifier\":\"com.apple.systemuiserver\",\"bundle_name\":\"SystemUIServer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.7\",\"bundle_version\":\"462\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"SystemUIServer version 1.7, Copyright 2000-2010 Apple Computer, Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SystemUIServer.app\",\"path\":\"/System/Library/CoreServices/SystemUIServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/SystemUIServer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "SystemUIServer version 1.7, Copyright 2000-2010 Apple Computer, Inc.", - "bundle_short_version": "1.7", - "last_opened_time": "-1.0", + "bundle_executable": "SystemUIServer", + "bundle_identifier": "com.apple.systemuiserver", "bundle_name": "SystemUIServer", + "bundle_package_type": "APPL", + "bundle_short_version": "1.7", "bundle_version": "462", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/SystemUIServer.app", + "element": "1", + "info_string": "SystemUIServer version 1.7, Copyright 2000-2010 Apple Computer, Inc.", + "last_opened_time": "-1.0", "name": "SystemUIServer.app", - "bundle_identifier": "com.apple.systemuiserver", - "bundle_executable": "SystemUIServer", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/CoreServices/SystemUIServer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SystemUIServer\",\"bundle_identifier\":\"com.apple.systemuiserver\",\"bundle_name\":\"SystemUIServer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.7\",\"bundle_version\":\"462\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"SystemUIServer version 1.7, Copyright 2000-2010 Apple Computer, Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SystemUIServer.app\",\"path\":\"/System/Library/CoreServices/SystemUIServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ThermalTrap\",\"bundle_identifier\":\"com.apple.ThermalTrap\",\"bundle_name\":\"ThermalTrap\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"ThermalTrap.app\",\"path\":\"/System/Library/CoreServices/ThermalTrap.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/ThermalTrap.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014 Apple. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "ThermalTrap", + "bundle_identifier": "com.apple.ThermalTrap", "bundle_name": "ThermalTrap", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/ThermalTrap.app", - "name": "ThermalTrap.app", - "bundle_identifier": "com.apple.ThermalTrap", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "ThermalTrap", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "ThermalTrap.app", + "path": "/System/Library/CoreServices/ThermalTrap.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ThermalTrap\",\"bundle_identifier\":\"com.apple.ThermalTrap\",\"bundle_name\":\"ThermalTrap\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"ThermalTrap.app\",\"path\":\"/System/Library/CoreServices/ThermalTrap.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Ticket Viewer\",\"bundle_identifier\":\"com.apple.Ticket-Viewer\",\"bundle_name\":\"Ticket Viewer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0\",\"bundle_version\":\"36\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Ticket Viewer\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Ticket Viewer.app\",\"path\":\"/System/Library/CoreServices/Ticket Viewer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Ticket Viewer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/Ticket Viewer.app", - "name": "Ticket Viewer.app", - "bundle_short_version": "4.0", + "bundle_executable": "Ticket Viewer", "bundle_identifier": "com.apple.Ticket-Viewer", - "last_opened_time": "-1.0", "bundle_name": "Ticket Viewer", - "display_name": "Ticket Viewer", - "bundle_executable": "Ticket Viewer", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "36" + "bundle_short_version": "4.0", + "bundle_version": "36", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "display_name": "Ticket Viewer", + "last_opened_time": "-1.0", + "name": "Ticket Viewer.app", + "path": "/System/Library/CoreServices/Ticket Viewer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Ticket Viewer\",\"bundle_identifier\":\"com.apple.Ticket-Viewer\",\"bundle_name\":\"Ticket Viewer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0\",\"bundle_version\":\"36\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Ticket Viewer\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Ticket Viewer.app\",\"path\":\"/System/Library/CoreServices/Ticket Viewer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"UniversalAccessControl\",\"bundle_identifier\":\"com.apple.UniversalAccessControl\",\"bundle_name\":\"UniversalAccessControl\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0\",\"bundle_version\":\"360.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2011-2016 Apple Inc.. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"UniversalAccessControl.app\",\"path\":\"/System/Library/CoreServices/UniversalAccessControl.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/UniversalAccessControl.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2011-2016 Apple Inc.. All rights reserved.", - "bundle_short_version": "7.0", - "last_opened_time": "-1.0", + "bundle_executable": "UniversalAccessControl", + "bundle_identifier": "com.apple.UniversalAccessControl", "bundle_name": "UniversalAccessControl", + "bundle_package_type": "APPL", + "bundle_short_version": "7.0", "bundle_version": "360.2", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2011-2016 Apple Inc.. All rights reserved.", "development_region": "en", - "path": "/System/Library/CoreServices/UniversalAccessControl.app", - "name": "UniversalAccessControl.app", - "bundle_identifier": "com.apple.UniversalAccessControl", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "UniversalAccessControl", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "UniversalAccessControl.app", + "path": "/System/Library/CoreServices/UniversalAccessControl.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"UniversalAccessControl\",\"bundle_identifier\":\"com.apple.UniversalAccessControl\",\"bundle_name\":\"UniversalAccessControl\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0\",\"bundle_version\":\"360.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2011-2016 Apple Inc.. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"UniversalAccessControl.app\",\"path\":\"/System/Library/CoreServices/UniversalAccessControl.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"UnmountAssistantAgent\",\"bundle_identifier\":\"com.apple.UnmountAssistantAgent\",\"bundle_name\":\"UnmountAssistantAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"5.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"UnmountAssistantAgent.app\",\"path\":\"/System/Library/CoreServices/UnmountAssistantAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/UnmountAssistantAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/UnmountAssistantAgent.app", - "name": "UnmountAssistantAgent.app", - "bundle_short_version": "5.0", + "bundle_executable": "UnmountAssistantAgent", "bundle_identifier": "com.apple.UnmountAssistantAgent", - "last_opened_time": "-1.0", "bundle_name": "UnmountAssistantAgent", - "bundle_executable": "UnmountAssistantAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", + "bundle_short_version": "5.0", "bundle_version": "5.0", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "UnmountAssistantAgent.app", + "path": "/System/Library/CoreServices/UnmountAssistantAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"UnmountAssistantAgent\",\"bundle_identifier\":\"com.apple.UnmountAssistantAgent\",\"bundle_name\":\"UnmountAssistantAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"5.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"UnmountAssistantAgent.app\",\"path\":\"/System/Library/CoreServices/UnmountAssistantAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"UserNotificationCenter\",\"bundle_identifier\":\"com.apple.UserNotificationCenter\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.3.0\",\"bundle_version\":\"37\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"UserNotificationCenter.app\",\"path\":\"/System/Library/CoreServices/UserNotificationCenter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/UserNotificationCenter.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/CoreServices/UserNotificationCenter.app", - "name": "UserNotificationCenter.app", - "bundle_short_version": "3.3.0", - "bundle_identifier": "com.apple.UserNotificationCenter", - "last_opened_time": "-1.0", "bundle_executable": "UserNotificationCenter", - "compiler": "com.apple.compilers.llvm.clang.1_0", + "bundle_identifier": "com.apple.UserNotificationCenter", "bundle_package_type": "APPL", - "bundle_version": "37" + "bundle_short_version": "3.3.0", + "bundle_version": "37", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "UserNotificationCenter.app", + "path": "/System/Library/CoreServices/UserNotificationCenter.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"UserNotificationCenter\",\"bundle_identifier\":\"com.apple.UserNotificationCenter\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.3.0\",\"bundle_version\":\"37\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"UserNotificationCenter.app\",\"path\":\"/System/Library/CoreServices/UserNotificationCenter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"VoiceOverStarter\",\"bundle_identifier\":\"com.apple.VoiceOver\",\"bundle_name\":\"VoiceOver\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8\",\"bundle_version\":\"562.1.3\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2004-2017 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7.0\",\"name\":\"VoiceOver.app\",\"path\":\"/System/Library/CoreServices/VoiceOver.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/VoiceOver.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 2004-2017 Apple Inc. All Rights Reserved.", - "bundle_short_version": "8", - "last_opened_time": "-1.0", + "bundle_executable": "VoiceOverStarter", + "bundle_identifier": "com.apple.VoiceOver", "bundle_name": "VoiceOver", + "bundle_package_type": "APPL", + "bundle_short_version": "8", "bundle_version": "562.1.3", + "copyright": "Copyright \\xC2\\xA9 2004-2017 Apple Inc. All Rights Reserved.", "development_region": "English", - "path": "/System/Library/CoreServices/VoiceOver.app", - "name": "VoiceOver.app", - "bundle_identifier": "com.apple.VoiceOver", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.7.0", - "bundle_executable": "VoiceOverStarter", - "bundle_package_type": "APPL", - "element": "1" + "name": "VoiceOver.app", + "path": "/System/Library/CoreServices/VoiceOver.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"VoiceOverStarter\",\"bundle_identifier\":\"com.apple.VoiceOver\",\"bundle_name\":\"VoiceOver\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8\",\"bundle_version\":\"562.1.3\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2004-2017 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7.0\",\"name\":\"VoiceOver.app\",\"path\":\"/System/Library/CoreServices/VoiceOver.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Weather\",\"bundle_identifier\":\"com.apple.weather\",\"bundle_name\":\"Weather\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"51\",\"category\":\"public.app-category.weather\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014-2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Weather\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Weather.app\",\"path\":\"/System/Library/CoreServices/Weather.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/Weather.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014-2015 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Weather", + "bundle_identifier": "com.apple.weather", "bundle_name": "Weather", - "display_name": "Weather", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "51", - "development_region": "en", - "path": "/System/Library/CoreServices/Weather.app", - "name": "Weather.app", - "bundle_identifier": "com.apple.weather", - "minimum_system_version": "10.13", - "bundle_executable": "Weather", "category": "public.app-category.weather", "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "copyright": "Copyright \\xC2\\xA9 2014-2015 Apple Inc. All rights reserved.", + "development_region": "en", + "display_name": "Weather", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "Weather.app", + "path": "/System/Library/CoreServices/Weather.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Weather\",\"bundle_identifier\":\"com.apple.weather\",\"bundle_name\":\"Weather\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"51\",\"category\":\"public.app-category.weather\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014-2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Weather\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Weather.app\",\"path\":\"/System/Library/CoreServices/Weather.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"WiFiAgent\",\"bundle_identifier\":\"com.apple.wifi.WiFiAgent\",\"bundle_name\":\"WiFiAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13.0\",\"bundle_version\":\"1335\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"13.0, Copyright \\\\xC2\\\\xA9 2012-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"WiFiAgent.app\",\"path\":\"/System/Library/CoreServices/WiFiAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/WiFiAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "13.0, Copyright \\xC2\\xA9 2012-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "13.0", - "last_opened_time": "-1.0", + "bundle_executable": "WiFiAgent", + "bundle_identifier": "com.apple.wifi.WiFiAgent", "bundle_name": "WiFiAgent", + "bundle_package_type": "APPL", + "bundle_short_version": "13.0", "bundle_version": "1335", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/WiFiAgent.app", - "name": "WiFiAgent.app", - "bundle_identifier": "com.apple.wifi.WiFiAgent", + "element": "1", + "info_string": "13.0, Copyright \\xC2\\xA9 2012-2017 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "WiFiAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "WiFiAgent.app", + "path": "/System/Library/CoreServices/WiFiAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"WiFiAgent\",\"bundle_identifier\":\"com.apple.wifi.WiFiAgent\",\"bundle_name\":\"WiFiAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13.0\",\"bundle_version\":\"1335\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"13.0, Copyright \\\\xC2\\\\xA9 2012-2017 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"WiFiAgent.app\",\"path\":\"/System/Library/CoreServices/WiFiAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"cloudphotosd\",\"bundle_identifier\":\"com.apple.cloudphotosd\",\"bundle_name\":\"cloudphotosd\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.0\",\"bundle_version\":\"3231.11.210\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"cloudphotosd\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"cloudphotosd.app\",\"path\":\"/System/Library/CoreServices/cloudphotosd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/cloudphotosd.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "3.0", - "last_opened_time": "-1.0", + "bundle_executable": "cloudphotosd", + "bundle_identifier": "com.apple.cloudphotosd", "bundle_name": "cloudphotosd", - "display_name": "cloudphotosd", + "bundle_package_type": "APPL", + "bundle_short_version": "3.0", "bundle_version": "3231.11.210", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/cloudphotosd.app", - "name": "cloudphotosd.app", - "bundle_identifier": "com.apple.cloudphotosd", + "display_name": "cloudphotosd", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "cloudphotosd", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "cloudphotosd.app", + "path": "/System/Library/CoreServices/cloudphotosd.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"cloudphotosd\",\"bundle_identifier\":\"com.apple.cloudphotosd\",\"bundle_name\":\"cloudphotosd\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.0\",\"bundle_version\":\"3231.11.210\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"cloudphotosd\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"cloudphotosd.app\",\"path\":\"/System/Library/CoreServices/cloudphotosd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"iCloud\",\"bundle_identifier\":\"com.apple.CloudKit.ShareBear\",\"bundle_name\":\"iCloud\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"iCloud.app\",\"path\":\"/System/Library/CoreServices/iCloud.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/iCloud.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "iCloud", + "bundle_identifier": "com.apple.CloudKit.ShareBear", "bundle_name": "iCloud", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/CoreServices/iCloud.app", - "name": "iCloud.app", - "bundle_identifier": "com.apple.CloudKit.ShareBear", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "iCloud", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "iCloud.app", + "path": "/System/Library/CoreServices/iCloud.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"iCloud\",\"bundle_identifier\":\"com.apple.CloudKit.ShareBear\",\"bundle_name\":\"iCloud\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"iCloud.app\",\"path\":\"/System/Library/CoreServices/iCloud.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"loginwindow\",\"bundle_identifier\":\"com.apple.loginwindow\",\"bundle_name\":\"loginwindow\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"9.0\",\"bundle_version\":\"1791.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"loginwindow.app\",\"path\":\"/System/Library/CoreServices/loginwindow.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/loginwindow.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "9.0", - "last_opened_time": "-1.0", + "bundle_executable": "loginwindow", + "bundle_identifier": "com.apple.loginwindow", "bundle_name": "loginwindow", + "bundle_package_type": "APPL", + "bundle_short_version": "9.0", "bundle_version": "1791.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/CoreServices/loginwindow.app", - "name": "loginwindow.app", - "bundle_identifier": "com.apple.loginwindow", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.7", - "bundle_executable": "loginwindow", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "loginwindow.app", + "path": "/System/Library/CoreServices/loginwindow.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"loginwindow\",\"bundle_identifier\":\"com.apple.loginwindow\",\"bundle_name\":\"loginwindow\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"9.0\",\"bundle_version\":\"1791.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.7\",\"name\":\"loginwindow.app\",\"path\":\"/System/Library/CoreServices/loginwindow.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"rcd\",\"bundle_identifier\":\"com.apple.rcd\",\"bundle_name\":\"rcd\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"352\",\"bundle_version\":\"352\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Apple Inc., 2005-2009\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"352\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"rcd.app\",\"path\":\"/System/Library/CoreServices/rcd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/rcd.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Apple Inc., 2005-2009", - "info_string": "352", - "bundle_short_version": "352", - "last_opened_time": "-1.0", + "bundle_executable": "rcd", + "bundle_identifier": "com.apple.rcd", "bundle_name": "rcd", + "bundle_package_type": "APPL", + "bundle_short_version": "352", "bundle_version": "352", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Apple Inc., 2005-2009", "development_region": "English", - "path": "/System/Library/CoreServices/rcd.app", + "info_string": "352", + "last_opened_time": "-1.0", "name": "rcd.app", - "bundle_identifier": "com.apple.rcd", - "bundle_executable": "rcd", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/System/Library/CoreServices/rcd.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"rcd\",\"bundle_identifier\":\"com.apple.rcd\",\"bundle_name\":\"rcd\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"352\",\"bundle_version\":\"352\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Apple Inc., 2005-2009\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"352\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"rcd.app\",\"path\":\"/System/Library/CoreServices/rcd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"screencapturetb\",\"bundle_identifier\":\"com.apple.screencapturetb\",\"bundle_name\":\"screencapturetb\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"133\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"screencapturetb.app\",\"path\":\"/System/Library/CoreServices/screencapturetb.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/CoreServices/screencapturetb.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "en", - "path": "/System/Library/CoreServices/screencapturetb.app", - "name": "screencapturetb.app", - "bundle_short_version": "1.0", + "bundle_executable": "screencapturetb", "bundle_identifier": "com.apple.screencapturetb", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "screencapturetb", - "bundle_executable": "screencapturetb", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "133" + "bundle_short_version": "1.0", + "bundle_version": "133", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "en", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "screencapturetb.app", + "path": "/System/Library/CoreServices/screencapturetb.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"screencapturetb\",\"bundle_identifier\":\"com.apple.screencapturetb\",\"bundle_name\":\"screencapturetb\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"133\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"screencapturetb.app\",\"path\":\"/System/Library/CoreServices/screencapturetb.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"check_afp\",\"bundle_identifier\":\"com.apple.check_afp\",\"bundle_name\":\"Check AFP\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0\",\"bundle_version\":\"3.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"AFP Client Session Monitor, Copyright \\\\xC2\\\\xA9 2000 - 2007, Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"check_afp.app\",\"path\":\"/System/Library/Filesystems/AppleShare/check_afp.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Filesystems/AppleShare/check_afp.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Filesystems/AppleShare/check_afp.app", - "info_string": "AFP Client Session Monitor, Copyright \\xC2\\xA9 2000 - 2007, Apple Inc.", - "name": "check_afp.app", - "bundle_short_version": "4.0", + "bundle_executable": "check_afp", "bundle_identifier": "com.apple.check_afp", - "last_opened_time": "-1.0", "bundle_name": "Check AFP", - "bundle_executable": "check_afp", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "3.0" + "bundle_short_version": "4.0", + "bundle_version": "3.0", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "AFP Client Session Monitor, Copyright \\xC2\\xA9 2000 - 2007, Apple Inc.", + "last_opened_time": "-1.0", + "name": "check_afp.app", + "path": "/System/Library/Filesystems/AppleShare/check_afp.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"check_afp\",\"bundle_identifier\":\"com.apple.check_afp\",\"bundle_name\":\"Check AFP\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0\",\"bundle_version\":\"3.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"AFP Client Session Monitor, Copyright \\\\xC2\\\\xA9 2000 - 2007, Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"check_afp.app\",\"path\":\"/System/Library/Filesystems/AppleShare/check_afp.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ABAssistantService\",\"bundle_identifier\":\"com.apple.ABAssistantService\",\"bundle_name\":\"ABAssistantService\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2011-2017 Apple Inc.\\\\n All Rights Reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"ABAssistantService.app\",\"path\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/ABAssistantService.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/ABAssistantService.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2011-2017 Apple Inc.\\n All Rights Reserved.", - "bundle_short_version": "11.0", - "last_opened_time": "-1.0", + "bundle_executable": "ABAssistantService", + "bundle_identifier": "com.apple.ABAssistantService", "bundle_name": "ABAssistantService", + "bundle_package_type": "APPL", + "bundle_short_version": "11.0", "bundle_version": "1806", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2011-2017 Apple Inc.\\n All Rights Reserved.", "development_region": "en", - "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/ABAssistantService.app", - "name": "ABAssistantService.app", - "bundle_identifier": "com.apple.ABAssistantService", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "ABAssistantService", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "ABAssistantService.app", + "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/ABAssistantService.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ABAssistantService\",\"bundle_identifier\":\"com.apple.ABAssistantService\",\"bundle_name\":\"ABAssistantService\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2011-2017 Apple Inc.\\\\n All Rights Reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"ABAssistantService.app\",\"path\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/ABAssistantService.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AddressBookManager\",\"bundle_identifier\":\"com.apple.AddressBook.abd\",\"bundle_name\":\"AddressBookManager\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AddressBookManager.app\",\"path\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookManager.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookManager.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "11.0", - "last_opened_time": "-1.0", + "bundle_executable": "AddressBookManager", + "bundle_identifier": "com.apple.AddressBook.abd", "bundle_name": "AddressBookManager", + "bundle_package_type": "APPL", + "bundle_short_version": "11.0", "bundle_version": "1806", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookManager.app", - "name": "AddressBookManager.app", - "bundle_identifier": "com.apple.AddressBook.abd", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AddressBookManager", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "AddressBookManager.app", + "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookManager.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AddressBookManager\",\"bundle_identifier\":\"com.apple.AddressBook.abd\",\"bundle_name\":\"AddressBookManager\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AddressBookManager.app\",\"path\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookManager.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AddressBookSourceSync\",\"bundle_identifier\":\"com.apple.AddressBookSourceSync\",\"bundle_name\":\"AddressBookSourceSync\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AddressBookSourceSync.app\",\"path\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "11.0", - "last_opened_time": "-1.0", + "bundle_executable": "AddressBookSourceSync", + "bundle_identifier": "com.apple.AddressBookSourceSync", "bundle_name": "AddressBookSourceSync", + "bundle_package_type": "APPL", + "bundle_short_version": "11.0", "bundle_version": "1806", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app", - "name": "AddressBookSourceSync.app", - "bundle_identifier": "com.apple.AddressBookSourceSync", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AddressBookSourceSync", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "AddressBookSourceSync.app", + "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AddressBookSourceSync\",\"bundle_identifier\":\"com.apple.AddressBookSourceSync\",\"bundle_name\":\"AddressBookSourceSync\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AddressBookSourceSync.app\",\"path\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AddressBookSync\",\"bundle_identifier\":\"com.apple.AddressBook.sync\",\"bundle_name\":\"\",\"bundle_package_type\":\"BNDL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AddressBookSync.app\",\"path\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSync.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSync.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSync.app", - "name": "AddressBookSync.app", - "bundle_short_version": "11.0", - "bundle_identifier": "com.apple.AddressBook.sync", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_executable": "AddressBookSync", - "compiler": "com.apple.compilers.llvm.clang.1_0", + "bundle_identifier": "com.apple.AddressBook.sync", "bundle_package_type": "BNDL", + "bundle_short_version": "11.0", "bundle_version": "1806", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "AddressBookSync.app", + "path": "/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSync.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AddressBookSync\",\"bundle_identifier\":\"com.apple.AddressBook.sync\",\"bundle_name\":\"\",\"bundle_package_type\":\"BNDL\",\"bundle_short_version\":\"11.0\",\"bundle_version\":\"1806\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AddressBookSync.app\",\"path\":\"/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSync.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"FontRegistryUIAgent\",\"bundle_identifier\":\"com.apple.FontRegistryUIAgent\",\"bundle_name\":\"com.apple.FontRegistryUIAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"81.0\",\"bundle_version\":\"1.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2008-2016 Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Copyright \\\\xC2\\\\xA9 2008-2013 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"FontRegistryUIAgent.app\",\"path\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontRegistryUIAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontRegistryUIAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2008-2016 Apple Inc.", - "info_string": "Copyright \\xC2\\xA9 2008-2013 Apple Inc.", - "bundle_short_version": "81.0", - "last_opened_time": "-1.0", + "bundle_executable": "FontRegistryUIAgent", + "bundle_identifier": "com.apple.FontRegistryUIAgent", "bundle_name": "com.apple.FontRegistryUIAgent", + "bundle_package_type": "APPL", + "bundle_short_version": "81.0", "bundle_version": "1.0", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2008-2016 Apple Inc.", "development_region": "English", - "path": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontRegistryUIAgent.app", + "element": "1", + "info_string": "Copyright \\xC2\\xA9 2008-2013 Apple Inc.", + "last_opened_time": "-1.0", "name": "FontRegistryUIAgent.app", - "bundle_identifier": "com.apple.FontRegistryUIAgent", - "bundle_executable": "FontRegistryUIAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontRegistryUIAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"FontRegistryUIAgent\",\"bundle_identifier\":\"com.apple.FontRegistryUIAgent\",\"bundle_name\":\"com.apple.FontRegistryUIAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"81.0\",\"bundle_version\":\"1.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2008-2016 Apple Inc.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Copyright \\\\xC2\\\\xA9 2008-2013 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"FontRegistryUIAgent.app\",\"path\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/FontRegistryUIAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SpeechSynthesisServer\",\"bundle_identifier\":\"com.apple.speech.synthesis.SpeechSynthesisServer\",\"bundle_name\":\"Speech Synthesis Server\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0.14\",\"bundle_version\":\"7.0.14\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"7.0.14\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SpeechSynthesisServer.app\",\"path\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "7.0.14", - "bundle_short_version": "7.0.14", - "last_opened_time": "-1.0", + "bundle_executable": "SpeechSynthesisServer", + "bundle_identifier": "com.apple.speech.synthesis.SpeechSynthesisServer", "bundle_name": "Speech Synthesis Server", + "bundle_package_type": "APPL", + "bundle_short_version": "7.0.14", "bundle_version": "7.0.14", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app", + "element": "1", + "info_string": "7.0.14", + "last_opened_time": "-1.0", "name": "SpeechSynthesisServer.app", - "bundle_identifier": "com.apple.speech.synthesis.SpeechSynthesisServer", - "bundle_executable": "SpeechSynthesisServer", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SpeechSynthesisServer\",\"bundle_identifier\":\"com.apple.speech.synthesis.SpeechSynthesisServer\",\"bundle_name\":\"Speech Synthesis Server\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0.14\",\"bundle_version\":\"7.0.14\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"7.0.14\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SpeechSynthesisServer.app\",\"path\":\"/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"PrinterProxy\",\"bundle_identifier\":\"com.apple.print.PrinterProxy\",\"bundle_name\":\"PrinterProxy\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13\",\"bundle_version\":\"555\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2012, Apple Inc., All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"PrinterProxy.app\",\"path\":\"/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Plugins/PrinterProxy.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Plugins/PrinterProxy.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 1995-2012, Apple Inc., All Rights Reserved.", - "bundle_short_version": "13", - "last_opened_time": "-1.0", + "bundle_executable": "PrinterProxy", + "bundle_identifier": "com.apple.print.PrinterProxy", "bundle_name": "PrinterProxy", + "bundle_package_type": "APPL", + "bundle_short_version": "13", "bundle_version": "555", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 1995-2012, Apple Inc., All Rights Reserved.", "development_region": "English", - "path": "/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Plugins/PrinterProxy.app", + "last_opened_time": "-1.0", "name": "PrinterProxy.app", - "bundle_identifier": "com.apple.print.PrinterProxy", - "bundle_executable": "PrinterProxy", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Plugins/PrinterProxy.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"PrinterProxy\",\"bundle_identifier\":\"com.apple.print.PrinterProxy\",\"bundle_name\":\"PrinterProxy\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13\",\"bundle_version\":\"555\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2012, Apple Inc., All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"PrinterProxy.app\",\"path\":\"/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Plugins/PrinterProxy.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Widget Simulator\",\"bundle_identifier\":\"com.apple.notificationcenter.widgetsimulator\",\"bundle_name\":\"Widget Simulator\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"639.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Widget Simulator\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Widget Simulator.app\",\"path\":\"/System/Library/Frameworks/NotificationCenter.framework/Versions/A/Resources/Widget Simulator.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/NotificationCenter.framework/Versions/A/Resources/Widget Simulator.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Widget Simulator", + "bundle_identifier": "com.apple.notificationcenter.widgetsimulator", "bundle_name": "Widget Simulator", - "display_name": "Widget Simulator", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "639.2", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/Frameworks/NotificationCenter.framework/Versions/A/Resources/Widget Simulator.app", - "name": "Widget Simulator.app", - "bundle_identifier": "com.apple.notificationcenter.widgetsimulator", + "display_name": "Widget Simulator", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Widget Simulator", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Widget Simulator.app", + "path": "/System/Library/Frameworks/NotificationCenter.framework/Versions/A/Resources/Widget Simulator.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Widget Simulator\",\"bundle_identifier\":\"com.apple.notificationcenter.widgetsimulator\",\"bundle_name\":\"Widget Simulator\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"639.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Widget Simulator\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Widget Simulator.app\",\"path\":\"/System/Library/Frameworks/NotificationCenter.framework/Versions/A/Resources/Widget Simulator.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Python\",\"bundle_identifier\":\"org.python.python\",\"bundle_name\":\"Python\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.7.10\",\"bundle_version\":\"2.7.10\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"(c) 2001-2015 Python Software Foundation.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"2.7.10, (c) 2001-2015 Python Software Foundation.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Python.app\",\"path\":\"/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "(c) 2001-2015 Python Software Foundation.", - "info_string": "2.7.10, (c) 2001-2015 Python Software Foundation.", - "bundle_short_version": "2.7.10", - "last_opened_time": "-1.0", + "bundle_executable": "Python", + "bundle_identifier": "org.python.python", "bundle_name": "Python", + "bundle_package_type": "APPL", + "bundle_short_version": "2.7.10", "bundle_version": "2.7.10", + "copyright": "(c) 2001-2015 Python Software Foundation.", "development_region": "English", - "path": "/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app", + "info_string": "2.7.10, (c) 2001-2015 Python Software Foundation.", + "last_opened_time": "-1.0", "name": "Python.app", - "bundle_identifier": "org.python.python", - "bundle_executable": "Python", - "bundle_package_type": "APPL" + "path": "/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Python\",\"bundle_identifier\":\"org.python.python\",\"bundle_name\":\"Python\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.7.10\",\"bundle_version\":\"2.7.10\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"(c) 2001-2015 Python Software Foundation.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"2.7.10, (c) 2001-2015 Python Software Foundation.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Python.app\",\"path\":\"/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Quick Look Simulator\",\"bundle_identifier\":\"com.apple.quicklook.QuickLookSimulator\",\"bundle_name\":\"Quick Look Simulator\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Quick Look Simulator.app\",\"path\":\"/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/Resources/Quick Look Simulator.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/Resources/Quick Look Simulator.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Quick Look Simulator", + "bundle_identifier": "com.apple.quicklook.QuickLookSimulator", "bundle_name": "Quick Look Simulator", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/Resources/Quick Look Simulator.app", - "name": "Quick Look Simulator.app", - "bundle_identifier": "com.apple.quicklook.QuickLookSimulator", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Quick Look Simulator", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Quick Look Simulator.app", + "path": "/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/Resources/Quick Look Simulator.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Quick Look Simulator\",\"bundle_identifier\":\"com.apple.quicklook.QuickLookSimulator\",\"bundle_name\":\"Quick Look Simulator\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Quick Look Simulator.app\",\"path\":\"/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/Resources/Quick Look Simulator.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"QuickLookUIHelper\",\"bundle_identifier\":\"com.apple.quicklook.ui.helper\",\"bundle_name\":\"Quick Look UI Helper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"743.3\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.0, Copyright Apple Inc. 2007-2013\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"QuickLookUIHelper.app\",\"path\":\"/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/Resources/QuickLookUIHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/Resources/QuickLookUIHelper.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/Resources/QuickLookUIHelper.app", - "info_string": "5.0, Copyright Apple Inc. 2007-2013", - "name": "QuickLookUIHelper.app", - "bundle_short_version": "5.0", + "bundle_executable": "QuickLookUIHelper", "bundle_identifier": "com.apple.quicklook.ui.helper", - "last_opened_time": "-1.0", "bundle_name": "Quick Look UI Helper", - "bundle_executable": "QuickLookUIHelper", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "743.3" + "bundle_short_version": "5.0", + "bundle_version": "743.3", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "5.0, Copyright Apple Inc. 2007-2013", + "last_opened_time": "-1.0", + "name": "QuickLookUIHelper.app", + "path": "/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/Resources/QuickLookUIHelper.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"QuickLookUIHelper\",\"bundle_identifier\":\"com.apple.quicklook.ui.helper\",\"bundle_name\":\"Quick Look UI Helper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"743.3\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.0, Copyright Apple Inc. 2007-2013\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"QuickLookUIHelper.app\",\"path\":\"/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/Resources/QuickLookUIHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"quicklookd\",\"bundle_identifier\":\"com.apple.QuickLookDaemon\",\"bundle_name\":\"Quick Look Helper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"743.3\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.0, Copyright Apple Inc. 2007-2013\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"quicklookd.app\",\"path\":\"/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd.app", - "info_string": "5.0, Copyright Apple Inc. 2007-2013", - "name": "quicklookd.app", - "bundle_short_version": "5.0", + "bundle_executable": "quicklookd", "bundle_identifier": "com.apple.QuickLookDaemon", - "last_opened_time": "-1.0", "bundle_name": "Quick Look Helper", - "bundle_executable": "quicklookd", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "743.3" + "bundle_short_version": "5.0", + "bundle_version": "743.3", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "5.0, Copyright Apple Inc. 2007-2013", + "last_opened_time": "-1.0", + "name": "quicklookd.app", + "path": "/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"quicklookd\",\"bundle_identifier\":\"com.apple.QuickLookDaemon\",\"bundle_name\":\"Quick Look Helper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"743.3\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.0, Copyright Apple Inc. 2007-2013\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"quicklookd.app\",\"path\":\"/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"quicklookd32\",\"bundle_identifier\":\"com.apple.QuickLookDaemon32\",\"bundle_name\":\"Quick Look Helper (32bit)\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"743.3\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.0, Copyright Apple Inc. 2007-2013\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"quicklookd32.app\",\"path\":\"/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd32.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd32.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd32.app", - "info_string": "5.0, Copyright Apple Inc. 2007-2013", - "name": "quicklookd32.app", - "bundle_short_version": "5.0", + "bundle_executable": "quicklookd32", "bundle_identifier": "com.apple.QuickLookDaemon32", - "last_opened_time": "-1.0", "bundle_name": "Quick Look Helper (32bit)", - "bundle_executable": "quicklookd32", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "743.3" + "bundle_short_version": "5.0", + "bundle_version": "743.3", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "5.0, Copyright Apple Inc. 2007-2013", + "last_opened_time": "-1.0", + "name": "quicklookd32.app", + "path": "/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd32.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"quicklookd32\",\"bundle_identifier\":\"com.apple.QuickLookDaemon32\",\"bundle_name\":\"Quick Look Helper (32bit)\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"743.3\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"5.0, Copyright Apple Inc. 2007-2013\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"quicklookd32.app\",\"path\":\"/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd32.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SyncServer\",\"bundle_identifier\":\"com.apple.syncserver\",\"bundle_name\":\"Sync Server\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.1\",\"bundle_version\":\"727\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\\\\xC2\\\\xA9 2002-2003 Apple\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SyncServer.app\",\"path\":\"/System/Library/Frameworks/SyncServices.framework/Versions/A/Resources/SyncServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/SyncServices.framework/Versions/A/Resources/SyncServer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Frameworks/SyncServices.framework/Versions/A/Resources/SyncServer.app", - "info_string": "\\xC2\\xA9 2002-2003 Apple", - "name": "SyncServer.app", - "bundle_short_version": "8.1", + "bundle_executable": "SyncServer", "bundle_identifier": "com.apple.syncserver", - "last_opened_time": "-1.0", "bundle_name": "Sync Server", - "bundle_executable": "SyncServer", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "727" + "bundle_short_version": "8.1", + "bundle_version": "727", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "\\xC2\\xA9 2002-2003 Apple", + "last_opened_time": "-1.0", + "name": "SyncServer.app", + "path": "/System/Library/Frameworks/SyncServices.framework/Versions/A/Resources/SyncServer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SyncServer\",\"bundle_identifier\":\"com.apple.syncserver\",\"bundle_name\":\"Sync Server\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.1\",\"bundle_version\":\"727\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\\\\xC2\\\\xA9 2002-2003 Apple\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SyncServer.app\",\"path\":\"/System/Library/Frameworks/SyncServices.framework/Versions/A/Resources/SyncServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Wish\",\"bundle_identifier\":\"com.tcltk.wish\",\"bundle_name\":\"Wish\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.5.9\",\"bundle_version\":\"8.5.9\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Wish Shell 8.5.9,\\\\x0ACopyright \\\\xC2\\\\xA9 1989-2017 Tcl Core Team,\\\\x0ACopyright \\\\xC2\\\\xA9 2002-2017 Daniel A. Steffen,\\\\x0ACopyright \\\\xC2\\\\xA9 2001-2009 Apple Inc.,\\\\x0ACopyright \\\\xC2\\\\xA9 2001-2002 Jim Ingham \\u0026 Ian Reid\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.5.0\",\"name\":\"Wish.app\",\"path\":\"/System/Library/Frameworks/Tk.framework/Versions/8.5/Resources/Wish.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/Tk.framework/Versions/8.5/Resources/Wish.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "Wish Shell 8.5.9,\\x0ACopyright \\xC2\\xA9 1989-2017 Tcl Core Team,\\x0ACopyright \\xC2\\xA9 2002-2017 Daniel A. Steffen,\\x0ACopyright \\xC2\\xA9 2001-2009 Apple Inc.,\\x0ACopyright \\xC2\\xA9 2001-2002 Jim Ingham \u0026 Ian Reid", - "bundle_short_version": "8.5.9", - "last_opened_time": "-1.0", + "bundle_executable": "Wish", + "bundle_identifier": "com.tcltk.wish", "bundle_name": "Wish", + "bundle_package_type": "APPL", + "bundle_short_version": "8.5.9", "bundle_version": "8.5.9", "development_region": "English", - "path": "/System/Library/Frameworks/Tk.framework/Versions/8.5/Resources/Wish.app", - "name": "Wish.app", - "bundle_identifier": "com.tcltk.wish", + "info_string": "Wish Shell 8.5.9,\\x0ACopyright \\xC2\\xA9 1989-2017 Tcl Core Team,\\x0ACopyright \\xC2\\xA9 2002-2017 Daniel A. Steffen,\\x0ACopyright \\xC2\\xA9 2001-2009 Apple Inc.,\\x0ACopyright \\xC2\\xA9 2001-2002 Jim Ingham \u0026 Ian Reid", + "last_opened_time": "-1.0", "minimum_system_version": "10.5.0", - "bundle_executable": "Wish", - "bundle_package_type": "APPL" + "name": "Wish.app", + "path": "/System/Library/Frameworks/Tk.framework/Versions/8.5/Resources/Wish.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"Wish\",\"bundle_identifier\":\"com.tcltk.wish\",\"bundle_name\":\"Wish\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.5.9\",\"bundle_version\":\"8.5.9\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Wish Shell 8.5.9,\\\\x0ACopyright \\\\xC2\\\\xA9 1989-2017 Tcl Core Team,\\\\x0ACopyright \\\\xC2\\\\xA9 2002-2017 Daniel A. Steffen,\\\\x0ACopyright \\\\xC2\\\\xA9 2001-2009 Apple Inc.,\\\\x0ACopyright \\\\xC2\\\\xA9 2001-2002 Jim Ingham \\u0026 Ian Reid\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.5.0\",\"name\":\"Wish.app\",\"path\":\"/System/Library/Frameworks/Tk.framework/Versions/8.5/Resources/Wish.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"WebKitPluginHost\",\"bundle_identifier\":\"com.apple.WebKit.PluginHost\",\"bundle_name\":\"WebKitPluginHost\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13604\",\"bundle_version\":\"13604.3.5\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13.0\",\"name\":\"WebKitPluginHost.app\",\"path\":\"/System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebKitLegacy.framework/Versions/A/WebKitPluginHost.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebKitLegacy.framework/Versions/A/WebKitPluginHost.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "path": "/System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebKitLegacy.framework/Versions/A/WebKitPluginHost.app", - "name": "WebKitPluginHost.app", - "bundle_short_version": "13604", + "bundle_executable": "WebKitPluginHost", "bundle_identifier": "com.apple.WebKit.PluginHost", - "minimum_system_version": "10.13.0", - "last_opened_time": "-1.0", "bundle_name": "WebKitPluginHost", - "bundle_executable": "WebKitPluginHost", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", + "bundle_short_version": "13604", "bundle_version": "13604.3.5", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "element": "1", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13.0", + "name": "WebKitPluginHost.app", + "path": "/System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebKitLegacy.framework/Versions/A/WebKitPluginHost.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"WebKitPluginHost\",\"bundle_identifier\":\"com.apple.WebKit.PluginHost\",\"bundle_name\":\"WebKitPluginHost\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13604\",\"bundle_version\":\"13604.3.5\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13.0\",\"name\":\"WebKitPluginHost.app\",\"path\":\"/System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebKitLegacy.framework/Versions/A/WebKitPluginHost.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Build Web Page\",\"bundle_identifier\":\"com.apple.BuildWebPage\",\"bundle_name\":\"Build Web Page\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2003-2014 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Build Web Page.app\",\"path\":\"/System/Library/Image Capture/Automatic Tasks/Build Web Page.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Image Capture/Automatic Tasks/Build Web Page.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Image Capture/Automatic Tasks/Build Web Page.app", - "info_string": "10.1, \\xC2\\xA9 Copyright 2003-2014 Apple Inc. All rights reserved.", - "name": "Build Web Page.app", - "bundle_short_version": "10.1", + "bundle_executable": "Build Web Page", "bundle_identifier": "com.apple.BuildWebPage", - "last_opened_time": "-1.0", "bundle_name": "Build Web Page", - "bundle_executable": "Build Web Page", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "10.1" + "bundle_short_version": "10.1", + "bundle_version": "10.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "10.1, \\xC2\\xA9 Copyright 2003-2014 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", + "name": "Build Web Page.app", + "path": "/System/Library/Image Capture/Automatic Tasks/Build Web Page.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Build Web Page\",\"bundle_identifier\":\"com.apple.BuildWebPage\",\"bundle_name\":\"Build Web Page\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2003-2014 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Build Web Page.app\",\"path\":\"/System/Library/Image Capture/Automatic Tasks/Build Web Page.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"MakePDF\",\"bundle_identifier\":\"com.apple.MakePDF\",\"bundle_name\":\"MakePDF\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2003-2015 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"MakePDF.app\",\"path\":\"/System/Library/Image Capture/Automatic Tasks/MakePDF.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Image Capture/Automatic Tasks/MakePDF.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Image Capture/Automatic Tasks/MakePDF.app", - "info_string": "10.1, \\xC2\\xA9 Copyright 2003-2015 Apple Inc. All rights reserved.", - "name": "MakePDF.app", - "bundle_short_version": "10.1", + "bundle_executable": "MakePDF", "bundle_identifier": "com.apple.MakePDF", - "last_opened_time": "-1.0", "bundle_name": "MakePDF", - "bundle_executable": "MakePDF", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "10.1" + "bundle_short_version": "10.1", + "bundle_version": "10.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "10.1, \\xC2\\xA9 Copyright 2003-2015 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", + "name": "MakePDF.app", + "path": "/System/Library/Image Capture/Automatic Tasks/MakePDF.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"MakePDF\",\"bundle_identifier\":\"com.apple.MakePDF\",\"bundle_name\":\"MakePDF\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2003-2015 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"MakePDF.app\",\"path\":\"/System/Library/Image Capture/Automatic Tasks/MakePDF.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirScanScanner\",\"bundle_identifier\":\"com.apple.AirScanScanner\",\"bundle_name\":\"AirScanScanner\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13\",\"bundle_version\":\"51\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AirScanScanner.app\",\"path\":\"/System/Library/Image Capture/Devices/AirScanScanner.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Image Capture/Devices/AirScanScanner.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Image Capture/Devices/AirScanScanner.app", - "name": "AirScanScanner.app", - "bundle_short_version": "13", + "bundle_executable": "AirScanScanner", "bundle_identifier": "com.apple.AirScanScanner", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "AirScanScanner", - "bundle_executable": "AirScanScanner", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "51" + "bundle_short_version": "13", + "bundle_version": "51", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "AirScanScanner.app", + "path": "/System/Library/Image Capture/Devices/AirScanScanner.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AirScanScanner\",\"bundle_identifier\":\"com.apple.AirScanScanner\",\"bundle_name\":\"AirScanScanner\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13\",\"bundle_version\":\"51\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AirScanScanner.app\",\"path\":\"/System/Library/Image Capture/Devices/AirScanScanner.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"MassStorageCamera\",\"bundle_identifier\":\"com.apple.MassStorageCamera\",\"bundle_name\":\"MassStorageCamera\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2000-2014 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"MassStorageCamera.app\",\"path\":\"/System/Library/Image Capture/Devices/MassStorageCamera.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Image Capture/Devices/MassStorageCamera.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Image Capture/Devices/MassStorageCamera.app", - "info_string": "10.1, \\xC2\\xA9 Copyright 2000-2014 Apple Inc. All rights reserved.", - "name": "MassStorageCamera.app", - "bundle_short_version": "10.1", + "bundle_executable": "MassStorageCamera", "bundle_identifier": "com.apple.MassStorageCamera", - "last_opened_time": "-1.0", "bundle_name": "MassStorageCamera", - "bundle_executable": "MassStorageCamera", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "10.1" + "bundle_short_version": "10.1", + "bundle_version": "10.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "10.1, \\xC2\\xA9 Copyright 2000-2014 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", + "name": "MassStorageCamera.app", + "path": "/System/Library/Image Capture/Devices/MassStorageCamera.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"MassStorageCamera\",\"bundle_identifier\":\"com.apple.MassStorageCamera\",\"bundle_name\":\"MassStorageCamera\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2000-2014 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"MassStorageCamera.app\",\"path\":\"/System/Library/Image Capture/Devices/MassStorageCamera.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PTPCamera\",\"bundle_identifier\":\"com.apple.PTPCamera\",\"bundle_name\":\"PTPCamera\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2004-2014 Apple Inc., all rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"PTPCamera.app\",\"path\":\"/System/Library/Image Capture/Devices/PTPCamera.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Image Capture/Devices/PTPCamera.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Image Capture/Devices/PTPCamera.app", - "info_string": "10.1, \\xC2\\xA9 Copyright 2004-2014 Apple Inc., all rights reserved.", - "name": "PTPCamera.app", - "bundle_short_version": "10.1", + "bundle_executable": "PTPCamera", "bundle_identifier": "com.apple.PTPCamera", - "last_opened_time": "-1.0", "bundle_name": "PTPCamera", - "bundle_executable": "PTPCamera", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "10.1" + "bundle_short_version": "10.1", + "bundle_version": "10.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "10.1, \\xC2\\xA9 Copyright 2004-2014 Apple Inc., all rights reserved.", + "last_opened_time": "-1.0", + "name": "PTPCamera.app", + "path": "/System/Library/Image Capture/Devices/PTPCamera.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PTPCamera\",\"bundle_identifier\":\"com.apple.PTPCamera\",\"bundle_name\":\"PTPCamera\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2004-2014 Apple Inc., all rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"PTPCamera.app\",\"path\":\"/System/Library/Image Capture/Devices/PTPCamera.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Type4Camera\",\"bundle_identifier\":\"com.apple.Type4Camera\",\"bundle_name\":\"Type4Camera\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2001-2014 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Type4Camera.app\",\"path\":\"/System/Library/Image Capture/Devices/Type4Camera.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Image Capture/Devices/Type4Camera.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Image Capture/Devices/Type4Camera.app", - "info_string": "10.1, \\xC2\\xA9 Copyright 2001-2014 Apple Inc. All rights reserved.", - "name": "Type4Camera.app", - "bundle_short_version": "10.1", + "bundle_executable": "Type4Camera", "bundle_identifier": "com.apple.Type4Camera", - "last_opened_time": "-1.0", "bundle_name": "Type4Camera", - "bundle_executable": "Type4Camera", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "10.1" + "bundle_short_version": "10.1", + "bundle_version": "10.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "10.1, \\xC2\\xA9 Copyright 2001-2014 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", + "name": "Type4Camera.app", + "path": "/System/Library/Image Capture/Devices/Type4Camera.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Type4Camera\",\"bundle_identifier\":\"com.apple.Type4Camera\",\"bundle_name\":\"Type4Camera\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2001-2014 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Type4Camera.app\",\"path\":\"/System/Library/Image Capture/Devices/Type4Camera.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Type5Camera\",\"bundle_identifier\":\"com.apple.Type5Camera\",\"bundle_name\":\"Type5Camera\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2001-2014 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Type5Camera.app\",\"path\":\"/System/Library/Image Capture/Devices/Type5Camera.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Image Capture/Devices/Type5Camera.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Image Capture/Devices/Type5Camera.app", - "info_string": "10.1, \\xC2\\xA9 Copyright 2001-2014 Apple Inc. All rights reserved.", - "name": "Type5Camera.app", - "bundle_short_version": "10.1", + "bundle_executable": "Type5Camera", "bundle_identifier": "com.apple.Type5Camera", - "last_opened_time": "-1.0", "bundle_name": "Type5Camera", - "bundle_executable": "Type5Camera", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "10.1" + "bundle_short_version": "10.1", + "bundle_version": "10.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "10.1, \\xC2\\xA9 Copyright 2001-2014 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", + "name": "Type5Camera.app", + "path": "/System/Library/Image Capture/Devices/Type5Camera.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Type5Camera\",\"bundle_identifier\":\"com.apple.Type5Camera\",\"bundle_name\":\"Type5Camera\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2001-2014 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Type5Camera.app\",\"path\":\"/System/Library/Image Capture/Devices/Type5Camera.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Type8Camera\",\"bundle_identifier\":\"com.apple.Type8Camera\",\"bundle_name\":\"Type8Camera\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2002-2014 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Type8Camera.app\",\"path\":\"/System/Library/Image Capture/Devices/Type8Camera.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Image Capture/Devices/Type8Camera.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Image Capture/Devices/Type8Camera.app", - "info_string": "10.1, \\xC2\\xA9 Copyright 2002-2014 Apple Inc. All rights reserved.", - "name": "Type8Camera.app", - "bundle_short_version": "10.1", + "bundle_executable": "Type8Camera", "bundle_identifier": "com.apple.Type8Camera", - "last_opened_time": "-1.0", "bundle_name": "Type8Camera", - "bundle_executable": "Type8Camera", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "10.1" + "bundle_short_version": "10.1", + "bundle_version": "10.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "10.1, \\xC2\\xA9 Copyright 2002-2014 Apple Inc. All rights reserved.", + "last_opened_time": "-1.0", + "name": "Type8Camera.app", + "path": "/System/Library/Image Capture/Devices/Type8Camera.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Type8Camera\",\"bundle_identifier\":\"com.apple.Type8Camera\",\"bundle_name\":\"Type8Camera\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.1\",\"bundle_version\":\"10.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"10.1, \\\\xC2\\\\xA9 Copyright 2002-2014 Apple Inc. All rights reserved.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Type8Camera.app\",\"path\":\"/System/Library/Image Capture/Devices/Type8Camera.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"VirtualScanner\",\"bundle_identifier\":\"com.apple.VirtualScanner\",\"bundle_name\":\"VirtualScanner\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.1\",\"bundle_version\":\"4.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"VirtualScanner.app\",\"path\":\"/System/Library/Image Capture/Devices/VirtualScanner.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Image Capture/Devices/VirtualScanner.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Image Capture/Devices/VirtualScanner.app", - "name": "VirtualScanner.app", - "bundle_short_version": "4.1", + "bundle_executable": "VirtualScanner", "bundle_identifier": "com.apple.VirtualScanner", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "VirtualScanner", - "bundle_executable": "VirtualScanner", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "4.1" + "bundle_short_version": "4.1", + "bundle_version": "4.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "VirtualScanner.app", + "path": "/System/Library/Image Capture/Devices/VirtualScanner.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"VirtualScanner\",\"bundle_identifier\":\"com.apple.VirtualScanner\",\"bundle_name\":\"VirtualScanner\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.1\",\"bundle_version\":\"4.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"VirtualScanner.app\",\"path\":\"/System/Library/Image Capture/Devices/VirtualScanner.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AutoImporter\",\"bundle_identifier\":\"com.apple.AutoImporter\",\"bundle_name\":\"AutoImporter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.7\",\"bundle_version\":\"6.7\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2000-2014 Apple Inc.\\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AutoImporter.app\",\"path\":\"/System/Library/Image Capture/Support/Application/AutoImporter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Image Capture/Support/Application/AutoImporter.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Image Capture/Support/Application/AutoImporter.app", - "copyright": "Copyright \\xC2\\xA9 2000-2014 Apple Inc.\\x0AAll rights reserved.", - "name": "AutoImporter.app", - "bundle_short_version": "6.7", + "bundle_executable": "AutoImporter", "bundle_identifier": "com.apple.AutoImporter", - "last_opened_time": "-1.0", "bundle_name": "AutoImporter", - "bundle_executable": "AutoImporter", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "6.7" + "bundle_short_version": "6.7", + "bundle_version": "6.7", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2000-2014 Apple Inc.\\x0AAll rights reserved.", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "AutoImporter.app", + "path": "/System/Library/Image Capture/Support/Application/AutoImporter.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AutoImporter\",\"bundle_identifier\":\"com.apple.AutoImporter\",\"bundle_name\":\"AutoImporter\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.7\",\"bundle_version\":\"6.7\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2000-2014 Apple Inc.\\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AutoImporter.app\",\"path\":\"/System/Library/Image Capture/Support/Application/AutoImporter.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"50onPaletteServer\",\"bundle_identifier\":\"com.apple.50onPaletteIM\",\"bundle_name\":\"Japanese Kana Palette\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.1.0\",\"bundle_version\":\"1.1.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"50onPaletteServer.app\",\"path\":\"/System/Library/Input Methods/50onPaletteServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/50onPaletteServer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Input Methods/50onPaletteServer.app", - "name": "50onPaletteServer.app", - "bundle_short_version": "1.1.0", + "bundle_executable": "50onPaletteServer", "bundle_identifier": "com.apple.50onPaletteIM", - "last_opened_time": "-1.0", "bundle_name": "Japanese Kana Palette", - "bundle_executable": "50onPaletteServer", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", + "bundle_short_version": "1.1.0", "bundle_version": "1.1.0", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "50onPaletteServer.app", + "path": "/System/Library/Input Methods/50onPaletteServer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"50onPaletteServer\",\"bundle_identifier\":\"com.apple.50onPaletteIM\",\"bundle_name\":\"Japanese Kana Palette\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.1.0\",\"bundle_version\":\"1.1.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"50onPaletteServer.app\",\"path\":\"/System/Library/Input Methods/50onPaletteServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AinuIM\",\"bundle_identifier\":\"com.apple.inputmethod.Ainu\",\"bundle_name\":\"AinuIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Ainu Input Method\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AinuIM.app\",\"path\":\"/System/Library/Input Methods/AinuIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/AinuIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014 Apple. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "AinuIM", + "bundle_identifier": "com.apple.inputmethod.Ainu", "bundle_name": "AinuIM", - "display_name": "Ainu Input Method", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple. All rights reserved.", "development_region": "en", - "path": "/System/Library/Input Methods/AinuIM.app", - "name": "AinuIM.app", - "bundle_identifier": "com.apple.inputmethod.Ainu", + "display_name": "Ainu Input Method", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AinuIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "AinuIM.app", + "path": "/System/Library/Input Methods/AinuIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AinuIM\",\"bundle_identifier\":\"com.apple.inputmethod.Ainu\",\"bundle_name\":\"AinuIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Ainu Input Method\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AinuIM.app\",\"path\":\"/System/Library/Input Methods/AinuIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Assistive Control\",\"bundle_identifier\":\"com.apple.inputmethod.AssistiveControl\",\"bundle_name\":\"AssistiveControl\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0\",\"bundle_version\":\"192.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012-2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Assistive Control.app\",\"path\":\"/System/Library/Input Methods/Assistive Control.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/Assistive Control.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "2.0", - "last_opened_time": "-1.0", + "bundle_executable": "Assistive Control", + "bundle_identifier": "com.apple.inputmethod.AssistiveControl", "bundle_name": "AssistiveControl", + "bundle_package_type": "APPL", + "bundle_short_version": "2.0", "bundle_version": "192.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012-2017 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/Input Methods/Assistive Control.app", - "name": "Assistive Control.app", - "bundle_identifier": "com.apple.inputmethod.AssistiveControl", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Assistive Control", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Assistive Control.app", + "path": "/System/Library/Input Methods/Assistive Control.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Assistive Control\",\"bundle_identifier\":\"com.apple.inputmethod.AssistiveControl\",\"bundle_name\":\"AssistiveControl\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0\",\"bundle_version\":\"192.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012-2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Assistive Control.app\",\"path\":\"/System/Library/Input Methods/Assistive Control.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CharacterPalette\",\"bundle_identifier\":\"com.apple.CharacterPaletteIM\",\"bundle_name\":\"Emoji \\u0026 Symbols\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0.1\",\"bundle_version\":\"189\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"CharacterPalette.app\",\"path\":\"/System/Library/Input Methods/CharacterPalette.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/CharacterPalette.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "2.0.1", - "last_opened_time": "-1.0", + "bundle_executable": "CharacterPalette", + "bundle_identifier": "com.apple.CharacterPaletteIM", "bundle_name": "Emoji \u0026 Symbols", + "bundle_package_type": "APPL", + "bundle_short_version": "2.0.1", "bundle_version": "189", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/Input Methods/CharacterPalette.app", - "name": "CharacterPalette.app", - "bundle_identifier": "com.apple.CharacterPaletteIM", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "CharacterPalette", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "CharacterPalette.app", + "path": "/System/Library/Input Methods/CharacterPalette.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CharacterPalette\",\"bundle_identifier\":\"com.apple.CharacterPaletteIM\",\"bundle_name\":\"Emoji \\u0026 Symbols\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0.1\",\"bundle_version\":\"189\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"CharacterPalette.app\",\"path\":\"/System/Library/Input Methods/CharacterPalette.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"DictationIM\",\"bundle_identifier\":\"com.apple.inputmethod.ironwood\",\"bundle_name\":\"DictationIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0.9\",\"bundle_version\":\"4.0.9\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"DictationIM\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"DictationIM.app\",\"path\":\"/System/Library/Input Methods/DictationIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/DictationIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Input Methods/DictationIM.app", - "name": "DictationIM.app", - "bundle_short_version": "4.0.9", + "bundle_executable": "DictationIM", "bundle_identifier": "com.apple.inputmethod.ironwood", - "last_opened_time": "-1.0", "bundle_name": "DictationIM", - "display_name": "DictationIM", - "bundle_executable": "DictationIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "4.0.9" + "bundle_short_version": "4.0.9", + "bundle_version": "4.0.9", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "display_name": "DictationIM", + "last_opened_time": "-1.0", + "name": "DictationIM.app", + "path": "/System/Library/Input Methods/DictationIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"DictationIM\",\"bundle_identifier\":\"com.apple.inputmethod.ironwood\",\"bundle_name\":\"DictationIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.0.9\",\"bundle_version\":\"4.0.9\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"DictationIM\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"DictationIM.app\",\"path\":\"/System/Library/Input Methods/DictationIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"EmojiFunctionRowIM\",\"bundle_identifier\":\"com.apple.inputmethod.EmojiFunctionRowItem-Container\",\"bundle_name\":\"EmojiFunctionRowIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"EmojiFunctionRowIM.app\",\"path\":\"/System/Library/Input Methods/EmojiFunctionRowIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/EmojiFunctionRowIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "en", - "path": "/System/Library/Input Methods/EmojiFunctionRowIM.app", - "name": "EmojiFunctionRowIM.app", - "bundle_short_version": "1.0", + "bundle_executable": "EmojiFunctionRowIM", "bundle_identifier": "com.apple.inputmethod.EmojiFunctionRowItem-Container", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "EmojiFunctionRowIM", - "bundle_executable": "EmojiFunctionRowIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1" + "bundle_short_version": "1.0", + "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "en", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "EmojiFunctionRowIM.app", + "path": "/System/Library/Input Methods/EmojiFunctionRowIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"EmojiFunctionRowIM\",\"bundle_identifier\":\"com.apple.inputmethod.EmojiFunctionRowItem-Container\",\"bundle_name\":\"EmojiFunctionRowIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"EmojiFunctionRowIM.app\",\"path\":\"/System/Library/Input Methods/EmojiFunctionRowIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"HindiIM\",\"bundle_identifier\":\"com.apple.HIM-Container\",\"bundle_name\":\"HindiIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"HindiIM.app\",\"path\":\"/System/Library/Input Methods/HindiIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/HindiIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "HindiIM", + "bundle_identifier": "com.apple.HIM-Container", "bundle_name": "HindiIM", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/Input Methods/HindiIM.app", - "name": "HindiIM.app", - "bundle_identifier": "com.apple.HIM-Container", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "HindiIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "HindiIM.app", + "path": "/System/Library/Input Methods/HindiIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"HindiIM\",\"bundle_identifier\":\"com.apple.HIM-Container\",\"bundle_name\":\"HindiIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"HindiIM.app\",\"path\":\"/System/Library/Input Methods/HindiIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"InkServer\",\"bundle_identifier\":\"com.apple.ink.inkserver\",\"bundle_name\":\"InkServer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.9\",\"bundle_version\":\"214\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"10.9, Copyright 2012 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"InkServer.app\",\"path\":\"/System/Library/Input Methods/InkServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/InkServer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "10.9, Copyright 2012 Apple Inc.", - "bundle_short_version": "10.9", - "last_opened_time": "-1.0", + "bundle_executable": "InkServer", + "bundle_identifier": "com.apple.ink.inkserver", "bundle_name": "InkServer", + "bundle_package_type": "APPL", + "bundle_short_version": "10.9", "bundle_version": "214", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/Input Methods/InkServer.app", + "element": "1", + "info_string": "10.9, Copyright 2012 Apple Inc.", + "last_opened_time": "-1.0", "name": "InkServer.app", - "bundle_identifier": "com.apple.ink.inkserver", - "bundle_executable": "InkServer", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/Input Methods/InkServer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"InkServer\",\"bundle_identifier\":\"com.apple.ink.inkserver\",\"bundle_name\":\"InkServer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.9\",\"bundle_version\":\"214\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"10.9, Copyright 2012 Apple Inc.\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"InkServer.app\",\"path\":\"/System/Library/Input Methods/InkServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"JapaneseIM\",\"bundle_identifier\":\"com.apple.JapaneseIM-Container\",\"bundle_name\":\"JapaneseIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016\\\\xE5\\\\xB9\\\\xB4 Apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"JapaneseIM.app\",\"path\":\"/System/Library/Input Methods/JapaneseIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/JapaneseIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016\\xE5\\xB9\\xB4 Apple. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "JapaneseIM", + "bundle_identifier": "com.apple.JapaneseIM-Container", "bundle_name": "JapaneseIM", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016\\xE5\\xB9\\xB4 Apple. All rights reserved.", "development_region": "en", - "path": "/System/Library/Input Methods/JapaneseIM.app", - "name": "JapaneseIM.app", - "bundle_identifier": "com.apple.JapaneseIM-Container", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "JapaneseIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "JapaneseIM.app", + "path": "/System/Library/Input Methods/JapaneseIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"JapaneseIM\",\"bundle_identifier\":\"com.apple.JapaneseIM-Container\",\"bundle_name\":\"JapaneseIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016\\\\xE5\\\\xB9\\\\xB4 Apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"JapaneseIM.app\",\"path\":\"/System/Library/Input Methods/JapaneseIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"KeyboardViewer\",\"bundle_identifier\":\"com.apple.KeyboardViewer\",\"bundle_name\":\"Keyboard Viewer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.2\",\"bundle_version\":\"127\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA92004-2009, Apple Inc., All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"Keyboard Viewer\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"2.0, Copyright \\\\xC2\\\\xA9 2004-2009 Apple Inc., All Rights Reserved\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"KeyboardViewer.app\",\"path\":\"/System/Library/Input Methods/KeyboardViewer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/KeyboardViewer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA92004-2009, Apple Inc., All Rights Reserved.", - "info_string": "2.0, Copyright \\xC2\\xA9 2004-2009 Apple Inc., All Rights Reserved", - "bundle_short_version": "3.2", - "last_opened_time": "-1.0", + "bundle_executable": "KeyboardViewer", + "bundle_identifier": "com.apple.KeyboardViewer", "bundle_name": "Keyboard Viewer", - "display_name": "Keyboard Viewer", + "bundle_package_type": "APPL", + "bundle_short_version": "3.2", "bundle_version": "127", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA92004-2009, Apple Inc., All Rights Reserved.", "development_region": "English", - "path": "/System/Library/Input Methods/KeyboardViewer.app", + "display_name": "Keyboard Viewer", + "info_string": "2.0, Copyright \\xC2\\xA9 2004-2009 Apple Inc., All Rights Reserved", + "last_opened_time": "-1.0", "name": "KeyboardViewer.app", - "bundle_identifier": "com.apple.KeyboardViewer", - "bundle_executable": "KeyboardViewer", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/System/Library/Input Methods/KeyboardViewer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"KeyboardViewer\",\"bundle_identifier\":\"com.apple.KeyboardViewer\",\"bundle_name\":\"Keyboard Viewer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.2\",\"bundle_version\":\"127\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA92004-2009, Apple Inc., All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"Keyboard Viewer\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"2.0, Copyright \\\\xC2\\\\xA9 2004-2009 Apple Inc., All Rights Reserved\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"KeyboardViewer.app\",\"path\":\"/System/Library/Input Methods/KeyboardViewer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"KoreanIM\",\"bundle_identifier\":\"com.apple.KIM-Container\",\"bundle_name\":\"KoreanIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"KoreanIM.app\",\"path\":\"/System/Library/Input Methods/KoreanIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/KoreanIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "en", - "path": "/System/Library/Input Methods/KoreanIM.app", - "name": "KoreanIM.app", - "bundle_short_version": "1.0", + "bundle_executable": "KoreanIM", "bundle_identifier": "com.apple.KIM-Container", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "KoreanIM", - "bundle_executable": "KoreanIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1" + "bundle_short_version": "1.0", + "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "en", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "KoreanIM.app", + "path": "/System/Library/Input Methods/KoreanIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"KoreanIM\",\"bundle_identifier\":\"com.apple.KIM-Container\",\"bundle_name\":\"KoreanIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"KoreanIM.app\",\"path\":\"/System/Library/Input Methods/KoreanIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PluginIM\",\"bundle_identifier\":\"com.apple.inputmethod.PluginIM\",\"bundle_name\":\"PluginIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"18\",\"bundle_version\":\"12\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"PluginIM.app\",\"path\":\"/System/Library/Input Methods/PluginIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/PluginIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Input Methods/PluginIM.app", - "name": "PluginIM.app", - "bundle_short_version": "18", + "bundle_executable": "PluginIM", "bundle_identifier": "com.apple.inputmethod.PluginIM", - "last_opened_time": "-1.0", "bundle_name": "PluginIM", - "bundle_executable": "PluginIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", + "bundle_short_version": "18", "bundle_version": "12", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "PluginIM.app", + "path": "/System/Library/Input Methods/PluginIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PluginIM\",\"bundle_identifier\":\"com.apple.inputmethod.PluginIM\",\"bundle_name\":\"PluginIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"18\",\"bundle_version\":\"12\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"PluginIM.app\",\"path\":\"/System/Library/Input Methods/PluginIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PressAndHold\",\"bundle_identifier\":\"com.apple.PAH-Container\",\"bundle_name\":\"PressAndHold\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"PressAndHold.app\",\"path\":\"/System/Library/Input Methods/PressAndHold.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/PressAndHold.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "en", - "path": "/System/Library/Input Methods/PressAndHold.app", - "name": "PressAndHold.app", - "bundle_short_version": "1.0", + "bundle_executable": "PressAndHold", "bundle_identifier": "com.apple.PAH-Container", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "PressAndHold", - "bundle_executable": "PressAndHold", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1" + "bundle_short_version": "1.0", + "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "en", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "PressAndHold.app", + "path": "/System/Library/Input Methods/PressAndHold.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PressAndHold\",\"bundle_identifier\":\"com.apple.PAH-Container\",\"bundle_name\":\"PressAndHold\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"PressAndHold.app\",\"path\":\"/System/Library/Input Methods/PressAndHold.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SCIM\",\"bundle_identifier\":\"com.apple.SCIM-Container\",\"bundle_name\":\"SCIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"SCIM.app\",\"path\":\"/System/Library/Input Methods/SCIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/SCIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "SCIM", + "bundle_identifier": "com.apple.SCIM-Container", "bundle_name": "SCIM", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/Input Methods/SCIM.app", - "name": "SCIM.app", - "bundle_identifier": "com.apple.SCIM-Container", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "SCIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "SCIM.app", + "path": "/System/Library/Input Methods/SCIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SCIM\",\"bundle_identifier\":\"com.apple.SCIM-Container\",\"bundle_name\":\"SCIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"SCIM.app\",\"path\":\"/System/Library/Input Methods/SCIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"TCIM\",\"bundle_identifier\":\"com.apple.TCIM-Container\",\"bundle_name\":\"TCIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"TCIM.app\",\"path\":\"/System/Library/Input Methods/TCIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/TCIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "TCIM", + "bundle_identifier": "com.apple.TCIM-Container", "bundle_name": "TCIM", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/Input Methods/TCIM.app", - "name": "TCIM.app", - "bundle_identifier": "com.apple.TCIM-Container", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "TCIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "TCIM.app", + "path": "/System/Library/Input Methods/TCIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"TCIM\",\"bundle_identifier\":\"com.apple.TCIM-Container\",\"bundle_name\":\"TCIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"TCIM.app\",\"path\":\"/System/Library/Input Methods/TCIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"TamilIM\",\"bundle_identifier\":\"com.apple.inputmethod.Tamil\",\"bundle_name\":\"Tamil\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.6\",\"bundle_version\":\"28\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Tamil Input Method 1.5\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"TamilIM.app\",\"path\":\"/System/Library/Input Methods/TamilIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/TamilIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "Tamil Input Method 1.5", - "bundle_short_version": "1.6", - "last_opened_time": "-1.0", + "bundle_executable": "TamilIM", + "bundle_identifier": "com.apple.inputmethod.Tamil", "bundle_name": "Tamil", + "bundle_package_type": "APPL", + "bundle_short_version": "1.6", "bundle_version": "28", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/Input Methods/TamilIM.app", + "element": "1", + "info_string": "Tamil Input Method 1.5", + "last_opened_time": "-1.0", "name": "TamilIM.app", - "bundle_identifier": "com.apple.inputmethod.Tamil", - "bundle_executable": "TamilIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/Input Methods/TamilIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"TamilIM\",\"bundle_identifier\":\"com.apple.inputmethod.Tamil\",\"bundle_name\":\"Tamil\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.6\",\"bundle_version\":\"28\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Tamil Input Method 1.5\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"TamilIM.app\",\"path\":\"/System/Library/Input Methods/TamilIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"TrackpadIM\",\"bundle_identifier\":\"com.apple.TrackpadIM-Container\",\"bundle_name\":\"TrackpadIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"TrackpadIM.app\",\"path\":\"/System/Library/Input Methods/TrackpadIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/TrackpadIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "en", - "path": "/System/Library/Input Methods/TrackpadIM.app", - "name": "TrackpadIM.app", - "bundle_short_version": "1.0", + "bundle_executable": "TrackpadIM", "bundle_identifier": "com.apple.TrackpadIM-Container", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "TrackpadIM", - "bundle_executable": "TrackpadIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1" + "bundle_short_version": "1.0", + "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "en", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "TrackpadIM.app", + "path": "/System/Library/Input Methods/TrackpadIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"TrackpadIM\",\"bundle_identifier\":\"com.apple.TrackpadIM-Container\",\"bundle_name\":\"TrackpadIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"TrackpadIM.app\",\"path\":\"/System/Library/Input Methods/TrackpadIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"VietnameseIM\",\"bundle_identifier\":\"com.apple.VIM-Container\",\"bundle_name\":\"VietnameseIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"VietnameseIM.app\",\"path\":\"/System/Library/Input Methods/VietnameseIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Input Methods/VietnameseIM.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "en", - "path": "/System/Library/Input Methods/VietnameseIM.app", - "name": "VietnameseIM.app", - "bundle_short_version": "1.0", + "bundle_executable": "VietnameseIM", "bundle_identifier": "com.apple.VIM-Container", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "VietnameseIM", - "bundle_executable": "VietnameseIM", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1" + "bundle_short_version": "1.0", + "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "en", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "VietnameseIM.app", + "path": "/System/Library/Input Methods/VietnameseIM.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"VietnameseIM\",\"bundle_identifier\":\"com.apple.VIM-Container\",\"bundle_name\":\"VietnameseIM\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"VietnameseIM.app\",\"path\":\"/System/Library/Input Methods/VietnameseIM.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"MirrorDisplays\",\"bundle_identifier\":\"com.apple.preference.displays.MirrorDisplays\",\"bundle_name\":\"MirrorDisplays\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1501114136.0\",\"minimum_system_version\":\"10.13\",\"name\":\"MirrorDisplays.app\",\"path\":\"/System/Library/PreferencePanes/Displays.prefPane/Contents/Resources/MirrorDisplays.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PreferencePanes/Displays.prefPane/Contents/Resources/MirrorDisplays.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.0", - "last_opened_time": "1501114136.0", + "bundle_executable": "MirrorDisplays", + "bundle_identifier": "com.apple.preference.displays.MirrorDisplays", "bundle_name": "MirrorDisplays", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/PreferencePanes/Displays.prefPane/Contents/Resources/MirrorDisplays.app", - "name": "MirrorDisplays.app", - "bundle_identifier": "com.apple.preference.displays.MirrorDisplays", + "element": "1", + "last_opened_time": "1501114136.0", "minimum_system_version": "10.13", - "bundle_executable": "MirrorDisplays", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "MirrorDisplays.app", + "path": "/System/Library/PreferencePanes/Displays.prefPane/Contents/Resources/MirrorDisplays.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"MirrorDisplays\",\"bundle_identifier\":\"com.apple.preference.displays.MirrorDisplays\",\"bundle_name\":\"MirrorDisplays\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1501114136.0\",\"minimum_system_version\":\"10.13\",\"name\":\"MirrorDisplays.app\",\"path\":\"/System/Library/PreferencePanes/Displays.prefPane/Contents/Resources/MirrorDisplays.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"iCloudUserNotificationsd\",\"bundle_identifier\":\"com.apple.iCloudUserNotificationsd\",\"bundle_name\":\"iCloudUserNotificationsd\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"87\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"iCloudUserNotificationsd.app\",\"path\":\"/System/Library/PrivateFrameworks/AOSAccounts.framework/Versions/A/Resources/iCloudUserNotificationsd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/AOSAccounts.framework/Versions/A/Resources/iCloudUserNotificationsd.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "en", - "path": "/System/Library/PrivateFrameworks/AOSAccounts.framework/Versions/A/Resources/iCloudUserNotificationsd.app", - "name": "iCloudUserNotificationsd.app", - "bundle_short_version": "1.0", - "bundle_identifier": "com.apple.iCloudUserNotificationsd", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", - "bundle_name": "iCloudUserNotificationsd", "bundle_executable": "iCloudUserNotificationsd", - "compiler": "com.apple.compilers.llvm.clang.1_0", + "bundle_identifier": "com.apple.iCloudUserNotificationsd", + "bundle_name": "iCloudUserNotificationsd", "bundle_package_type": "APPL", - "bundle_version": "87" + "bundle_short_version": "1.0", + "bundle_version": "87", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "en", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "iCloudUserNotificationsd.app", + "path": "/System/Library/PrivateFrameworks/AOSAccounts.framework/Versions/A/Resources/iCloudUserNotificationsd.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"iCloudUserNotificationsd\",\"bundle_identifier\":\"com.apple.iCloudUserNotificationsd\",\"bundle_name\":\"iCloudUserNotificationsd\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"87\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"iCloudUserNotificationsd.app\",\"path\":\"/System/Library/PrivateFrameworks/AOSAccounts.framework/Versions/A/Resources/iCloudUserNotificationsd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AOSAlertManager\",\"bundle_identifier\":\"com.apple.AOSAlertManager\",\"bundle_name\":\"AOSAlertManager\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.07\",\"bundle_version\":\"261\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2011 Apple, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AOSAlertManager.app\",\"path\":\"/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSAlertManager.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSAlertManager.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2011 Apple, Inc. All rights reserved.", - "bundle_short_version": "1.07", - "last_opened_time": "-1.0", + "bundle_executable": "AOSAlertManager", + "bundle_identifier": "com.apple.AOSAlertManager", "bundle_name": "AOSAlertManager", + "bundle_package_type": "APPL", + "bundle_short_version": "1.07", "bundle_version": "261", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2011 Apple, Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSAlertManager.app", - "name": "AOSAlertManager.app", - "bundle_identifier": "com.apple.AOSAlertManager", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AOSAlertManager", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "AOSAlertManager.app", + "path": "/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSAlertManager.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AOSAlertManager\",\"bundle_identifier\":\"com.apple.AOSAlertManager\",\"bundle_name\":\"AOSAlertManager\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.07\",\"bundle_version\":\"261\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2011 Apple, Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AOSAlertManager.app\",\"path\":\"/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSAlertManager.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AOSHeartbeat\",\"bundle_identifier\":\"com.apple.AOSHeartbeat\",\"bundle_name\":\"AOSHeartbeat\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.07\",\"bundle_version\":\"261\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AOSHeartbeat.app\",\"path\":\"/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSHeartbeat.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSHeartbeat.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.07", - "last_opened_time": "-1.0", + "bundle_executable": "AOSHeartbeat", + "bundle_identifier": "com.apple.AOSHeartbeat", "bundle_name": "AOSHeartbeat", + "bundle_package_type": "APPL", + "bundle_short_version": "1.07", "bundle_version": "261", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSHeartbeat.app", - "name": "AOSHeartbeat.app", - "bundle_identifier": "com.apple.AOSHeartbeat", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AOSHeartbeat", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "AOSHeartbeat.app", + "path": "/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSHeartbeat.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AOSHeartbeat\",\"bundle_identifier\":\"com.apple.AOSHeartbeat\",\"bundle_name\":\"AOSHeartbeat\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.07\",\"bundle_version\":\"261\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AOSHeartbeat.app\",\"path\":\"/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSHeartbeat.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AOSPushRelay\",\"bundle_identifier\":\"com.apple.AOSPushRelay\",\"bundle_name\":\"AOSPushRelay\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.07\",\"bundle_version\":\"261\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AOSPushRelay.app\",\"path\":\"/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSPushRelay.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSPushRelay.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "1.07", - "last_opened_time": "-1.0", + "bundle_executable": "AOSPushRelay", + "bundle_identifier": "com.apple.AOSPushRelay", "bundle_name": "AOSPushRelay", + "bundle_package_type": "APPL", + "bundle_short_version": "1.07", "bundle_version": "261", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSPushRelay.app", - "name": "AOSPushRelay.app", - "bundle_identifier": "com.apple.AOSPushRelay", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AOSPushRelay", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "AOSPushRelay.app", + "path": "/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSPushRelay.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AOSPushRelay\",\"bundle_identifier\":\"com.apple.AOSPushRelay\",\"bundle_name\":\"AOSPushRelay\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.07\",\"bundle_version\":\"261\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AOSPushRelay.app\",\"path\":\"/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/Helpers/AOSPushRelay.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AccessibilityVisualsAgent\",\"bundle_identifier\":\"com.apple.AccessibilityVisualsAgent\",\"bundle_name\":\"AccessibilityVisualsAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"91\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AccessibilityVisualsAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "AccessibilityVisualsAgent", + "bundle_identifier": "com.apple.AccessibilityVisualsAgent", "bundle_name": "AccessibilityVisualsAgent", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "91", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2017 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app", - "name": "AccessibilityVisualsAgent.app", - "bundle_identifier": "com.apple.AccessibilityVisualsAgent", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AccessibilityVisualsAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "AccessibilityVisualsAgent.app", + "path": "/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AccessibilityVisualsAgent\",\"bundle_identifier\":\"com.apple.AccessibilityVisualsAgent\",\"bundle_name\":\"AccessibilityVisualsAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"91\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2017 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AccessibilityVisualsAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Calibration Assistant\",\"bundle_identifier\":\"com.apple.Calibration-Assistant\",\"bundle_name\":\"Calibration Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"110\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Calibration Assistant.app\",\"path\":\"/System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/Resources/Calibration Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/Resources/Calibration Assistant.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Calibration Assistant", + "bundle_identifier": "com.apple.Calibration-Assistant", "bundle_name": "Calibration Assistant", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "110", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/Resources/Calibration Assistant.app", - "name": "Calibration Assistant.app", - "bundle_identifier": "com.apple.Calibration-Assistant", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Calibration Assistant", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Calibration Assistant.app", + "path": "/System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/Resources/Calibration Assistant.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Calibration Assistant\",\"bundle_identifier\":\"com.apple.Calibration-Assistant\",\"bundle_name\":\"Calibration Assistant\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"110\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Calibration Assistant.app\",\"path\":\"/System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/Resources/Calibration Assistant.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AskPermissionUI\",\"bundle_identifier\":\"com.apple.AskPermissionUI\",\"bundle_name\":\"AskPermissionUI\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AskPermissionUI.app\",\"path\":\"/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/AskPermissionUI.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/AskPermissionUI.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "AskPermissionUI", + "bundle_identifier": "com.apple.AskPermissionUI", "bundle_name": "AskPermissionUI", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/AskPermissionUI.app", - "name": "AskPermissionUI.app", - "bundle_identifier": "com.apple.AskPermissionUI", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "AskPermissionUI", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "AskPermissionUI.app", + "path": "/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/AskPermissionUI.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AskPermissionUI\",\"bundle_identifier\":\"com.apple.AskPermissionUI\",\"bundle_name\":\"AskPermissionUI\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"AskPermissionUI.app\",\"path\":\"/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/AskPermissionUI.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"iCloud Drive\",\"bundle_identifier\":\"com.apple.bird\",\"bundle_name\":\"iCloud Drive\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"559\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"iCloud Drive\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"iCloud Drive.app\",\"path\":\"/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Resources/iCloud Drive.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Resources/iCloud Drive.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014 Apple. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "iCloud Drive", + "bundle_identifier": "com.apple.bird", "bundle_name": "iCloud Drive", - "display_name": "iCloud Drive", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "559", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Resources/iCloud Drive.app", - "name": "iCloud Drive.app", - "bundle_identifier": "com.apple.bird", + "display_name": "iCloud Drive", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "iCloud Drive", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "iCloud Drive.app", + "path": "/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Resources/iCloud Drive.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"iCloud Drive\",\"bundle_identifier\":\"com.apple.bird\",\"bundle_name\":\"iCloud Drive\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"559\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"iCloud Drive\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"iCloud Drive.app\",\"path\":\"/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Resources/iCloud Drive.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"LaterAgent\",\"bundle_identifier\":\"com.apple.lateragent\",\"bundle_name\":\"LaterAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"652\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"LaterAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/LaterAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/LaterAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "LaterAgent", + "bundle_identifier": "com.apple.lateragent", "bundle_name": "LaterAgent", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "652", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/LaterAgent.app", - "name": "LaterAgent.app", - "bundle_identifier": "com.apple.lateragent", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "LaterAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "LaterAgent.app", + "path": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/LaterAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"LaterAgent\",\"bundle_identifier\":\"com.apple.lateragent\",\"bundle_name\":\"LaterAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"652\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"LaterAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/LaterAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"storeuid\",\"bundle_identifier\":\"com.apple.storeuid\",\"bundle_name\":\"storeuid\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"652\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"storeuid.app\",\"path\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app", - "name": "storeuid.app", - "bundle_short_version": "1.0", + "bundle_executable": "storeuid", "bundle_identifier": "com.apple.storeuid", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_name": "storeuid", - "bundle_executable": "storeuid", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "652" + "bundle_short_version": "1.0", + "bundle_version": "652", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "storeuid.app", + "path": "/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"storeuid\",\"bundle_identifier\":\"com.apple.storeuid\",\"bundle_name\":\"storeuid\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"652\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"storeuid.app\",\"path\":\"/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CMFSyncAgent\",\"bundle_identifier\":\"com.apple.cmfsyncagent\",\"bundle_name\":\"CMFSyncAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"CMFSyncAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app", - "name": "CMFSyncAgent.app", - "bundle_short_version": "10.0", + "bundle_executable": "CMFSyncAgent", "bundle_identifier": "com.apple.cmfsyncagent", - "last_opened_time": "-1.0", "bundle_name": "CMFSyncAgent", - "bundle_executable": "CMFSyncAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1000" + "bundle_short_version": "10.0", + "bundle_version": "1000", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "CMFSyncAgent.app", + "path": "/System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CMFSyncAgent\",\"bundle_identifier\":\"com.apple.cmfsyncagent\",\"bundle_name\":\"CMFSyncAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"CMFSyncAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CIMFindInputCodeTool\",\"bundle_identifier\":\"com.apple.CCE.CIMFindInputCode\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"102\",\"bundle_version\":\"389\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"CIMFindInputCodeTool.app\",\"path\":\"/System/Library/PrivateFrameworks/CoreChineseEngine.framework/Versions/A/SharedSupport/CIMFindInputCodeTool.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/CoreChineseEngine.framework/Versions/A/SharedSupport/CIMFindInputCodeTool.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "en", - "path": "/System/Library/PrivateFrameworks/CoreChineseEngine.framework/Versions/A/SharedSupport/CIMFindInputCodeTool.app", - "name": "CIMFindInputCodeTool.app", - "bundle_short_version": "102", - "bundle_identifier": "com.apple.CCE.CIMFindInputCode", - "minimum_system_version": "10.13", - "last_opened_time": "-1.0", "bundle_executable": "CIMFindInputCodeTool", - "compiler": "com.apple.compilers.llvm.clang.1_0", + "bundle_identifier": "com.apple.CCE.CIMFindInputCode", "bundle_package_type": "APPL", - "bundle_version": "389" + "bundle_short_version": "102", + "bundle_version": "389", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "en", + "last_opened_time": "-1.0", + "minimum_system_version": "10.13", + "name": "CIMFindInputCodeTool.app", + "path": "/System/Library/PrivateFrameworks/CoreChineseEngine.framework/Versions/A/SharedSupport/CIMFindInputCodeTool.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"CIMFindInputCodeTool\",\"bundle_identifier\":\"com.apple.CCE.CIMFindInputCode\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"102\",\"bundle_version\":\"389\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"CIMFindInputCodeTool.app\",\"path\":\"/System/Library/PrivateFrameworks/CoreChineseEngine.framework/Versions/A/SharedSupport/CIMFindInputCodeTool.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"FollowUpUI\",\"bundle_identifier\":\"com.apple.FollowUpUI\",\"bundle_name\":\"FollowUpUI\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"FollowUpUI.app\",\"path\":\"/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Resources/FollowUpUI.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Resources/FollowUpUI.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "FollowUpUI", + "bundle_identifier": "com.apple.FollowUpUI", "bundle_name": "FollowUpUI", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Resources/FollowUpUI.app", - "name": "FollowUpUI.app", - "bundle_identifier": "com.apple.FollowUpUI", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "FollowUpUI", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "FollowUpUI.app", + "path": "/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Resources/FollowUpUI.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"FollowUpUI\",\"bundle_identifier\":\"com.apple.FollowUpUI\",\"bundle_name\":\"FollowUpUI\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"FollowUpUI.app\",\"path\":\"/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Resources/FollowUpUI.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"DiskImages UI Agent\",\"bundle_identifier\":\"com.apple.frameworks.diskimages.diuiagent\",\"bundle_name\":\"DiskImages UI Agent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"480.1.2\",\"bundle_version\":\"480.1.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2000-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"DiskImages UI Agent.app\",\"path\":\"/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2000-2017 Apple Inc. All rights reserved.", - "bundle_short_version": "480.1.2", - "last_opened_time": "-1.0", + "bundle_executable": "DiskImages UI Agent", + "bundle_identifier": "com.apple.frameworks.diskimages.diuiagent", "bundle_name": "DiskImages UI Agent", + "bundle_package_type": "APPL", + "bundle_short_version": "480.1.2", "bundle_version": "480.1.2", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2000-2017 Apple Inc. All rights reserved.", "development_region": "English", - "path": "/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app", + "element": "1", + "last_opened_time": "-1.0", "name": "DiskImages UI Agent.app", - "bundle_identifier": "com.apple.frameworks.diskimages.diuiagent", - "bundle_executable": "DiskImages UI Agent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"DiskImages UI Agent\",\"bundle_identifier\":\"com.apple.frameworks.diskimages.diuiagent\",\"bundle_name\":\"DiskImages UI Agent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"480.1.2\",\"bundle_version\":\"480.1.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2000-2017 Apple Inc. All rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"DiskImages UI Agent.app\",\"path\":\"/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"eaptlstrust\",\"bundle_identifier\":\"com.apple.eap8021x.eaptlstrust\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13.0\",\"bundle_version\":\"13.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"eaptlstrust.app\",\"path\":\"/System/Library/PrivateFrameworks/EAP8021X.framework/Support/eaptlstrust.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/EAP8021X.framework/Support/eaptlstrust.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/EAP8021X.framework/Support/eaptlstrust.app", - "name": "eaptlstrust.app", - "bundle_short_version": "13.0", - "bundle_identifier": "com.apple.eap8021x.eaptlstrust", - "last_opened_time": "-1.0", "bundle_executable": "eaptlstrust", - "compiler": "com.apple.compilers.llvm.clang.1_0", + "bundle_identifier": "com.apple.eap8021x.eaptlstrust", "bundle_package_type": "APPL", + "bundle_short_version": "13.0", "bundle_version": "13.0", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "eaptlstrust.app", + "path": "/System/Library/PrivateFrameworks/EAP8021X.framework/Support/eaptlstrust.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"eaptlstrust\",\"bundle_identifier\":\"com.apple.eap8021x.eaptlstrust\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13.0\",\"bundle_version\":\"13.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"eaptlstrust.app\",\"path\":\"/System/Library/PrivateFrameworks/EAP8021X.framework/Support/eaptlstrust.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ParentalControls\",\"bundle_identifier\":\"com.apple.familycontrols.useragent\",\"bundle_name\":\"Parental Controls\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.1\",\"bundle_version\":\"410\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Parental Controls\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"2.0, Copyright Apple Inc. 2007-2009\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ParentalControls.app\",\"path\":\"/System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/Resources/ParentalControls.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/Resources/ParentalControls.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "2.0, Copyright Apple Inc. 2007-2009", - "bundle_short_version": "4.1", - "last_opened_time": "-1.0", + "bundle_executable": "ParentalControls", + "bundle_identifier": "com.apple.familycontrols.useragent", "bundle_name": "Parental Controls", - "display_name": "Parental Controls", + "bundle_package_type": "APPL", + "bundle_short_version": "4.1", "bundle_version": "410", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/Resources/ParentalControls.app", + "display_name": "Parental Controls", + "element": "1", + "info_string": "2.0, Copyright Apple Inc. 2007-2009", + "last_opened_time": "-1.0", "name": "ParentalControls.app", - "bundle_identifier": "com.apple.familycontrols.useragent", - "bundle_executable": "ParentalControls", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/Resources/ParentalControls.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ParentalControls\",\"bundle_identifier\":\"com.apple.familycontrols.useragent\",\"bundle_name\":\"Parental Controls\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.1\",\"bundle_version\":\"410\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Parental Controls\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"2.0, Copyright Apple Inc. 2007-2009\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ParentalControls.app\",\"path\":\"/System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/Resources/ParentalControls.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Family\",\"bundle_identifier\":\"com.apple.Family\",\"bundle_name\":\"Family\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Family\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Family.app\",\"path\":\"/System/Library/PrivateFrameworks/FamilyNotification.framework/Versions/A/Resources/Family.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/FamilyNotification.framework/Versions/A/Resources/Family.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "Family", + "bundle_identifier": "com.apple.Family", "bundle_name": "Family", - "display_name": "Family", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/FamilyNotification.framework/Versions/A/Resources/Family.app", - "name": "Family.app", - "bundle_identifier": "com.apple.Family", + "display_name": "Family", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "Family", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "Family.app", + "path": "/System/Library/PrivateFrameworks/FamilyNotification.framework/Versions/A/Resources/Family.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Family\",\"bundle_identifier\":\"com.apple.Family\",\"bundle_name\":\"Family\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"Family\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"Family.app\",\"path\":\"/System/Library/PrivateFrameworks/FamilyNotification.framework/Versions/A/Resources/Family.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"FindMyMacMessenger\",\"bundle_identifier\":\"com.apple.FindMyMacMessenger\",\"bundle_name\":\"FindMyMacMessenger\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.1\",\"bundle_version\":\"55.9\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"FindMyMacMessenger.app\",\"path\":\"/System/Library/PrivateFrameworks/FindMyMac.framework/Versions/A/Resources/FindMyMacMessenger.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/FindMyMac.framework/Versions/A/Resources/FindMyMacMessenger.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "4.1", - "last_opened_time": "-1.0", + "bundle_executable": "FindMyMacMessenger", + "bundle_identifier": "com.apple.FindMyMacMessenger", "bundle_name": "FindMyMacMessenger", + "bundle_package_type": "APPL", + "bundle_short_version": "4.1", "bundle_version": "55.9", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/FindMyMac.framework/Versions/A/Resources/FindMyMacMessenger.app", - "name": "FindMyMacMessenger.app", - "bundle_identifier": "com.apple.FindMyMacMessenger", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "FindMyMacMessenger", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "FindMyMacMessenger.app", + "path": "/System/Library/PrivateFrameworks/FindMyMac.framework/Versions/A/Resources/FindMyMacMessenger.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"FindMyMacMessenger\",\"bundle_identifier\":\"com.apple.FindMyMacMessenger\",\"bundle_name\":\"FindMyMacMessenger\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"4.1\",\"bundle_version\":\"55.9\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"FindMyMacMessenger.app\",\"path\":\"/System/Library/PrivateFrameworks/FindMyMac.framework/Versions/A/Resources/FindMyMacMessenger.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"identityservicesd\",\"bundle_identifier\":\"com.apple.identityservicesd\",\"bundle_name\":\"identityservicesd\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"identityservicesd.app\",\"path\":\"/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app", - "name": "identityservicesd.app", - "bundle_short_version": "10.0", + "bundle_executable": "identityservicesd", "bundle_identifier": "com.apple.identityservicesd", - "last_opened_time": "-1.0", "bundle_name": "identityservicesd", - "bundle_executable": "identityservicesd", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1000" + "bundle_short_version": "10.0", + "bundle_version": "1000", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "identityservicesd.app", + "path": "/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } - }, - "related": { - "user": [ - "tsg" - ], + }, + "related": { "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"identityservicesd\",\"bundle_identifier\":\"com.apple.identityservicesd\",\"bundle_name\":\"identityservicesd\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"identityservicesd.app\",\"path\":\"/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"IDSRemoteURLConnectionAgent\",\"bundle_identifier\":\"com.apple.idsfoundation.IDSRemoteURLConnectionAgent\",\"bundle_name\":\"IDSRemoteURLConnectionAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"IDSRemoteURLConnectionAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app", - "name": "IDSRemoteURLConnectionAgent.app", - "bundle_short_version": "10.0", + "bundle_executable": "IDSRemoteURLConnectionAgent", "bundle_identifier": "com.apple.idsfoundation.IDSRemoteURLConnectionAgent", - "last_opened_time": "-1.0", "bundle_name": "IDSRemoteURLConnectionAgent", - "bundle_executable": "IDSRemoteURLConnectionAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1000" + "bundle_short_version": "10.0", + "bundle_version": "1000", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "IDSRemoteURLConnectionAgent.app", + "path": "/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"IDSRemoteURLConnectionAgent\",\"bundle_identifier\":\"com.apple.idsfoundation.IDSRemoteURLConnectionAgent\",\"bundle_name\":\"IDSRemoteURLConnectionAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"IDSRemoteURLConnectionAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"imavagent\",\"bundle_identifier\":\"com.apple.imavagent\",\"bundle_name\":\"imavagent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"imavagent.app\",\"path\":\"/System/Library/PrivateFrameworks/IMAVCore.framework/imavagent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/IMAVCore.framework/imavagent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/IMAVCore.framework/imavagent.app", - "name": "imavagent.app", - "bundle_short_version": "10.0", + "bundle_executable": "imavagent", "bundle_identifier": "com.apple.imavagent", - "last_opened_time": "-1.0", "bundle_name": "imavagent", - "bundle_executable": "imavagent", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1000" + "bundle_short_version": "10.0", + "bundle_version": "1000", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "imavagent.app", + "path": "/System/Library/PrivateFrameworks/IMAVCore.framework/imavagent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"imavagent\",\"bundle_identifier\":\"com.apple.imavagent\",\"bundle_name\":\"imavagent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"imavagent.app\",\"path\":\"/System/Library/PrivateFrameworks/IMAVCore.framework/imavagent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"imagent\",\"bundle_identifier\":\"com.apple.imagent\",\"bundle_name\":\"imagent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"imagent.app\",\"path\":\"/System/Library/PrivateFrameworks/IMCore.framework/imagent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/IMCore.framework/imagent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/IMCore.framework/imagent.app", - "name": "imagent.app", - "bundle_short_version": "10.0", + "bundle_executable": "imagent", "bundle_identifier": "com.apple.imagent", - "last_opened_time": "-1.0", "bundle_name": "imagent", - "bundle_executable": "imagent", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", + "bundle_short_version": "10.0", "bundle_version": "1000", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "imagent.app", + "path": "/System/Library/PrivateFrameworks/IMCore.framework/imagent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"imagent\",\"bundle_identifier\":\"com.apple.imagent\",\"bundle_name\":\"imagent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"imagent.app\",\"path\":\"/System/Library/PrivateFrameworks/IMCore.framework/imagent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"IMAutomaticHistoryDeletionAgent\",\"bundle_identifier\":\"com.apple.IMAutomaticHistoryDeletionAgent\",\"bundle_name\":\"IMAutomaticHistoryDeletionAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"IMAutomaticHistoryDeletionAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/IMDPersistence.framework/IMAutomaticHistoryDeletionAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/IMDPersistence.framework/IMAutomaticHistoryDeletionAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/IMDPersistence.framework/IMAutomaticHistoryDeletionAgent.app", - "name": "IMAutomaticHistoryDeletionAgent.app", - "bundle_short_version": "10.0", + "bundle_executable": "IMAutomaticHistoryDeletionAgent", "bundle_identifier": "com.apple.IMAutomaticHistoryDeletionAgent", - "last_opened_time": "-1.0", "bundle_name": "IMAutomaticHistoryDeletionAgent", - "bundle_executable": "IMAutomaticHistoryDeletionAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1000" + "bundle_short_version": "10.0", + "bundle_version": "1000", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "IMAutomaticHistoryDeletionAgent.app", + "path": "/System/Library/PrivateFrameworks/IMDPersistence.framework/IMAutomaticHistoryDeletionAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"IMAutomaticHistoryDeletionAgent\",\"bundle_identifier\":\"com.apple.IMAutomaticHistoryDeletionAgent\",\"bundle_name\":\"IMAutomaticHistoryDeletionAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"IMAutomaticHistoryDeletionAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/IMDPersistence.framework/IMAutomaticHistoryDeletionAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"IMTransferAgent\",\"bundle_identifier\":\"com.apple.imtransferservices.IMTransferAgent\",\"bundle_name\":\"IMTransferAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"IMTransferAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app", - "name": "IMTransferAgent.app", - "bundle_short_version": "10.0", + "bundle_executable": "IMTransferAgent", "bundle_identifier": "com.apple.imtransferservices.IMTransferAgent", - "last_opened_time": "-1.0", "bundle_name": "IMTransferAgent", - "bundle_executable": "IMTransferAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1000" + "bundle_short_version": "10.0", + "bundle_version": "1000", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "IMTransferAgent.app", + "path": "/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"IMTransferAgent\",\"bundle_identifier\":\"com.apple.imtransferservices.IMTransferAgent\",\"bundle_name\":\"IMTransferAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"10.0\",\"bundle_version\":\"1000\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"IMTransferAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"soagent\",\"bundle_identifier\":\"com.apple.soagent\",\"bundle_name\":\"soagent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0\",\"bundle_version\":\"5500\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"soagent\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9\",\"name\":\"soagent.app\",\"path\":\"/System/Library/PrivateFrameworks/MessagesKit.framework/Versions/A/Resources/soagent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/MessagesKit.framework/Versions/A/Resources/soagent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "7.0", - "last_opened_time": "-1.0", + "bundle_executable": "soagent", + "bundle_identifier": "com.apple.soagent", "bundle_name": "soagent", - "display_name": "soagent", + "bundle_package_type": "APPL", + "bundle_short_version": "7.0", "bundle_version": "5500", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/PrivateFrameworks/MessagesKit.framework/Versions/A/Resources/soagent.app", - "name": "soagent.app", - "bundle_identifier": "com.apple.soagent", + "display_name": "soagent", + "last_opened_time": "-1.0", "minimum_system_version": "10.9", - "bundle_executable": "soagent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "soagent.app", + "path": "/System/Library/PrivateFrameworks/MessagesKit.framework/Versions/A/Resources/soagent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"soagent\",\"bundle_identifier\":\"com.apple.soagent\",\"bundle_name\":\"soagent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0\",\"bundle_version\":\"5500\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"soagent\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.9\",\"name\":\"soagent.app\",\"path\":\"/System/Library/PrivateFrameworks/MessagesKit.framework/Versions/A/Resources/soagent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AppleMobileDeviceHelper\",\"bundle_identifier\":\"com.apple.SyncServices.AppleMobileDeviceHelper\",\"bundle_name\":\"AppleMobileDeviceHelper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"932\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AppleMobileDeviceHelper.app\",\"path\":\"/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/AppleMobileDeviceHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/AppleMobileDeviceHelper.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/AppleMobileDeviceHelper.app", - "name": "AppleMobileDeviceHelper.app", - "bundle_short_version": "5.0", + "bundle_executable": "AppleMobileDeviceHelper", "bundle_identifier": "com.apple.SyncServices.AppleMobileDeviceHelper", - "last_opened_time": "-1.0", "bundle_name": "AppleMobileDeviceHelper", - "bundle_executable": "AppleMobileDeviceHelper", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "932" + "bundle_short_version": "5.0", + "bundle_version": "932", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "AppleMobileDeviceHelper.app", + "path": "/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/AppleMobileDeviceHelper.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AppleMobileDeviceHelper\",\"bundle_identifier\":\"com.apple.SyncServices.AppleMobileDeviceHelper\",\"bundle_name\":\"AppleMobileDeviceHelper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"932\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AppleMobileDeviceHelper.app\",\"path\":\"/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/AppleMobileDeviceHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AppleMobileSync\",\"bundle_identifier\":\"com.apple.SyncServices.AppleMobileSync\",\"bundle_name\":\"AppleMobileSync\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"932\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AppleMobileSync.app\",\"path\":\"/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/AppleMobileSync.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/AppleMobileSync.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/AppleMobileSync.app", - "name": "AppleMobileSync.app", - "bundle_short_version": "5.0", + "bundle_executable": "AppleMobileSync", "bundle_identifier": "com.apple.SyncServices.AppleMobileSync", - "last_opened_time": "-1.0", "bundle_name": "AppleMobileSync", - "bundle_executable": "AppleMobileSync", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "932" + "bundle_short_version": "5.0", + "bundle_version": "932", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "AppleMobileSync.app", + "path": "/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/AppleMobileSync.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AppleMobileSync\",\"bundle_identifier\":\"com.apple.SyncServices.AppleMobileSync\",\"bundle_name\":\"AppleMobileSync\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"5.0\",\"bundle_version\":\"932\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"AppleMobileSync.app\",\"path\":\"/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/AppleMobileSync.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"nbagent\",\"bundle_identifier\":\"com.apple.nbagent\",\"bundle_name\":\"nbagent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"nbagent.app\",\"path\":\"/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "nbagent", + "bundle_identifier": "com.apple.nbagent", "bundle_name": "nbagent", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app", - "name": "nbagent.app", - "bundle_identifier": "com.apple.nbagent", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "nbagent", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "nbagent.app", + "path": "/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"nbagent\",\"bundle_identifier\":\"com.apple.nbagent\",\"bundle_name\":\"nbagent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"nbagent.app\",\"path\":\"/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PubSubAgent\",\"bundle_identifier\":\"com.apple.PubSubAgent\",\"bundle_name\":\"PubSubAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0.5\",\"bundle_version\":\"65.47\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.5\",\"name\":\"PubSubAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app", - "name": "PubSubAgent.app", - "bundle_short_version": "1.0.5", + "bundle_executable": "PubSubAgent", "bundle_identifier": "com.apple.PubSubAgent", - "minimum_system_version": "10.5", - "last_opened_time": "-1.0", "bundle_name": "PubSubAgent", - "bundle_executable": "PubSubAgent", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "65.47" + "bundle_short_version": "1.0.5", + "bundle_version": "65.47", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "minimum_system_version": "10.5", + "name": "PubSubAgent.app", + "path": "/System/Library/PrivateFrameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"PubSubAgent\",\"bundle_identifier\":\"com.apple.PubSubAgent\",\"bundle_name\":\"PubSubAgent\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0.5\",\"bundle_version\":\"65.47\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.5\",\"name\":\"PubSubAgent.app\",\"path\":\"/System/Library/PrivateFrameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ScreenReaderUIServer\",\"bundle_identifier\":\"com.apple.ScreenReaderUIServer\",\"bundle_name\":\"ScreenReaderUIServer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8\",\"bundle_version\":\"562.1.3\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2008-2017 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ScreenReaderUIServer.app\",\"path\":\"/System/Library/PrivateFrameworks/ScreenReader.framework/Versions/A/Resources/ScreenReaderUIServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/ScreenReader.framework/Versions/A/Resources/ScreenReaderUIServer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2008-2017 Apple Inc. All Rights Reserved.", - "bundle_short_version": "8", - "last_opened_time": "-1.0", + "bundle_executable": "ScreenReaderUIServer", + "bundle_identifier": "com.apple.ScreenReaderUIServer", "bundle_name": "ScreenReaderUIServer", + "bundle_package_type": "APPL", + "bundle_short_version": "8", "bundle_version": "562.1.3", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2008-2017 Apple Inc. All Rights Reserved.", "development_region": "English", - "path": "/System/Library/PrivateFrameworks/ScreenReader.framework/Versions/A/Resources/ScreenReaderUIServer.app", + "element": "1", + "last_opened_time": "-1.0", "name": "ScreenReaderUIServer.app", - "bundle_identifier": "com.apple.ScreenReaderUIServer", - "bundle_executable": "ScreenReaderUIServer", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/PrivateFrameworks/ScreenReader.framework/Versions/A/Resources/ScreenReaderUIServer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ScreenReaderUIServer\",\"bundle_identifier\":\"com.apple.ScreenReaderUIServer\",\"bundle_name\":\"ScreenReaderUIServer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8\",\"bundle_version\":\"562.1.3\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2008-2017 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ScreenReaderUIServer.app\",\"path\":\"/System/Library/PrivateFrameworks/ScreenReader.framework/Versions/A/Resources/ScreenReaderUIServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"VoiceOver Quickstart\",\"bundle_identifier\":\"com.apple.VoiceOverQuickstart\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8\",\"bundle_version\":\"562.1.3\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2004-2017 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"VoiceOver Quickstart.app\",\"path\":\"/System/Library/PrivateFrameworks/ScreenReader.framework/Versions/A/Resources/VoiceOver Quickstart.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/ScreenReader.framework/Versions/A/Resources/VoiceOver Quickstart.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/PrivateFrameworks/ScreenReader.framework/Versions/A/Resources/VoiceOver Quickstart.app", - "copyright": "Copyright \\xC2\\xA9 2004-2017 Apple Inc. All Rights Reserved.", - "name": "VoiceOver Quickstart.app", - "bundle_short_version": "8", - "bundle_identifier": "com.apple.VoiceOverQuickstart", - "last_opened_time": "-1.0", "bundle_executable": "VoiceOver Quickstart", - "compiler": "com.apple.compilers.llvm.clang.1_0", + "bundle_identifier": "com.apple.VoiceOverQuickstart", "bundle_package_type": "APPL", + "bundle_short_version": "8", "bundle_version": "562.1.3", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2004-2017 Apple Inc. All Rights Reserved.", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "VoiceOver Quickstart.app", + "path": "/System/Library/PrivateFrameworks/ScreenReader.framework/Versions/A/Resources/VoiceOver Quickstart.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"VoiceOver Quickstart\",\"bundle_identifier\":\"com.apple.VoiceOverQuickstart\",\"bundle_name\":\"\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8\",\"bundle_version\":\"562.1.3\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2004-2017 Apple Inc. All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"VoiceOver Quickstart.app\",\"path\":\"/System/Library/PrivateFrameworks/ScreenReader.framework/Versions/A/Resources/VoiceOver Quickstart.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SpeechDataInstallerd\",\"bundle_identifier\":\"com.apple.speech.SpeechDataInstallerd\",\"bundle_name\":\"SpeechDataInstallerd\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0.15\",\"bundle_version\":\"7.0.15\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"SpeechDataInstallerd\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"SpeechDataInstallerd.app\",\"path\":\"/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "7.0.15", - "last_opened_time": "-1.0", + "bundle_executable": "SpeechDataInstallerd", + "bundle_identifier": "com.apple.speech.SpeechDataInstallerd", "bundle_name": "SpeechDataInstallerd", - "display_name": "SpeechDataInstallerd", + "bundle_package_type": "APPL", + "bundle_short_version": "7.0.15", "bundle_version": "7.0.15", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app", - "name": "SpeechDataInstallerd.app", - "bundle_identifier": "com.apple.speech.SpeechDataInstallerd", + "display_name": "SpeechDataInstallerd", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "SpeechDataInstallerd", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "name": "SpeechDataInstallerd.app", + "path": "/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SpeechDataInstallerd\",\"bundle_identifier\":\"com.apple.speech.SpeechDataInstallerd\",\"bundle_name\":\"SpeechDataInstallerd\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0.15\",\"bundle_version\":\"7.0.15\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"SpeechDataInstallerd\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"SpeechDataInstallerd.app\",\"path\":\"/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"SpeechRecognitionServer\",\"bundle_identifier\":\"com.apple.speech.SpeechRecognitionServer\",\"bundle_name\":\"SpeechRecognitionServer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0.15\",\"bundle_version\":\"7.0.15\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"SpeechRecognitionServer.app\",\"path\":\"/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechRecognitionServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechRecognitionServer.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 2014 Apple. All rights reserved.", - "bundle_short_version": "7.0.15", - "last_opened_time": "-1.0", + "bundle_executable": "SpeechRecognitionServer", + "bundle_identifier": "com.apple.speech.SpeechRecognitionServer", "bundle_name": "SpeechRecognitionServer", + "bundle_package_type": "APPL", + "bundle_short_version": "7.0.15", "bundle_version": "7.0.15", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2014 Apple. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechRecognitionServer.app", - "name": "SpeechRecognitionServer.app", - "bundle_identifier": "com.apple.speech.SpeechRecognitionServer", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "SpeechRecognitionServer", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "SpeechRecognitionServer.app", + "path": "/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechRecognitionServer.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"SpeechRecognitionServer\",\"bundle_identifier\":\"com.apple.speech.SpeechRecognitionServer\",\"bundle_name\":\"SpeechRecognitionServer\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0.15\",\"bundle_version\":\"7.0.15\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2014 Apple. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"SpeechRecognitionServer.app\",\"path\":\"/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechRecognitionServer.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"STMUIHelper\",\"bundle_identifier\":\"com.apple.STMFramework.UIHelper\",\"bundle_name\":\"STMUIHelper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"STMUIHelper.app\",\"path\":\"/System/Library/PrivateFrameworks/StorageManagement.framework/Versions/A/Resources/STMUIHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/StorageManagement.framework/Versions/A/Resources/STMUIHelper.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "STMUIHelper", + "bundle_identifier": "com.apple.STMFramework.UIHelper", "bundle_name": "STMUIHelper", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2015 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/StorageManagement.framework/Versions/A/Resources/STMUIHelper.app", - "name": "STMUIHelper.app", - "bundle_identifier": "com.apple.STMFramework.UIHelper", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "STMUIHelper", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "STMUIHelper.app", + "path": "/System/Library/PrivateFrameworks/StorageManagement.framework/Versions/A/Resources/STMUIHelper.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"STMUIHelper\",\"bundle_identifier\":\"com.apple.STMFramework.UIHelper\",\"bundle_name\":\"STMUIHelper\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"STMUIHelper.app\",\"path\":\"/System/Library/PrivateFrameworks/StorageManagement.framework/Versions/A/Resources/STMUIHelper.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Conflict Resolver\",\"bundle_identifier\":\"com.apple.syncservices.ConflictResolver\",\"bundle_name\":\"Conflict Resolver\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.1\",\"bundle_version\":\"727\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Conflict Resolver\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.0, Copyright Apple Computer Inc. 2004\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Conflict Resolver.app\",\"path\":\"/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/A/Resources/Conflict Resolver.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/A/Resources/Conflict Resolver.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "1.0, Copyright Apple Computer Inc. 2004", - "bundle_short_version": "8.1", - "last_opened_time": "-1.0", + "bundle_executable": "Conflict Resolver", + "bundle_identifier": "com.apple.syncservices.ConflictResolver", "bundle_name": "Conflict Resolver", - "display_name": "Conflict Resolver", + "bundle_package_type": "APPL", + "bundle_short_version": "8.1", "bundle_version": "727", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/A/Resources/Conflict Resolver.app", + "display_name": "Conflict Resolver", + "element": "1", + "info_string": "1.0, Copyright Apple Computer Inc. 2004", + "last_opened_time": "-1.0", "name": "Conflict Resolver.app", - "bundle_identifier": "com.apple.syncservices.ConflictResolver", - "bundle_executable": "Conflict Resolver", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/A/Resources/Conflict Resolver.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Conflict Resolver\",\"bundle_identifier\":\"com.apple.syncservices.ConflictResolver\",\"bundle_name\":\"Conflict Resolver\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.1\",\"bundle_version\":\"727\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Conflict Resolver\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"1.0, Copyright Apple Computer Inc. 2004\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Conflict Resolver.app\",\"path\":\"/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/A/Resources/Conflict Resolver.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"syncuid\",\"bundle_identifier\":\"com.apple.syncservices.syncuid\",\"bundle_name\":\"syncuid\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.1\",\"bundle_version\":\"727\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Sync Services UI Daemon\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"4.0, Copyright Apple Computer Inc. 2004\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"syncuid.app\",\"path\":\"/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/A/Resources/syncuid.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/A/Resources/syncuid.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "info_string": "4.0, Copyright Apple Computer Inc. 2004", - "bundle_short_version": "8.1", - "last_opened_time": "-1.0", + "bundle_executable": "syncuid", + "bundle_identifier": "com.apple.syncservices.syncuid", "bundle_name": "syncuid", - "display_name": "Sync Services UI Daemon", + "bundle_package_type": "APPL", + "bundle_short_version": "8.1", "bundle_version": "727", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/A/Resources/syncuid.app", + "display_name": "Sync Services UI Daemon", + "element": "1", + "info_string": "4.0, Copyright Apple Computer Inc. 2004", + "last_opened_time": "-1.0", "name": "syncuid.app", - "bundle_identifier": "com.apple.syncservices.syncuid", - "bundle_executable": "syncuid", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/A/Resources/syncuid.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"syncuid\",\"bundle_identifier\":\"com.apple.syncservices.syncuid\",\"bundle_name\":\"syncuid\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"8.1\",\"bundle_version\":\"727\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"Sync Services UI Daemon\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"4.0, Copyright Apple Computer Inc. 2004\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"syncuid.app\",\"path\":\"/System/Library/PrivateFrameworks/SyncServicesUI.framework/Versions/A/Resources/syncuid.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"DFRHUD\",\"bundle_identifier\":\"com.apple.accessibility.DFRHUD\",\"bundle_name\":\"DFRHUD\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"360.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016\\\\xE5\\\\xB9\\\\xB4 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"DFRHUD.app\",\"path\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/DFRHUD.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/DFRHUD.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2016\\xE5\\xB9\\xB4 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "DFRHUD", + "bundle_identifier": "com.apple.accessibility.DFRHUD", "bundle_name": "DFRHUD", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "360.2", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2016\\xE5\\xB9\\xB4 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/DFRHUD.app", - "name": "DFRHUD.app", - "bundle_identifier": "com.apple.accessibility.DFRHUD", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "DFRHUD", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "DFRHUD.app", + "path": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/DFRHUD.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"DFRHUD\",\"bundle_identifier\":\"com.apple.accessibility.DFRHUD\",\"bundle_name\":\"DFRHUD\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"360.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2016\\\\xE5\\\\xB9\\\\xB4 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"DFRHUD.app\",\"path\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/DFRHUD.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"UniversalAccessHUD\",\"bundle_identifier\":\"com.apple.accessibility.universalAccessHUD\",\"bundle_name\":\"UniversalAccessHUD\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"360.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015-2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"UniversalAccessHUD.app\",\"path\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/UniversalAccessHUD.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/UniversalAccessHUD.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2015-2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "UniversalAccessHUD", + "bundle_identifier": "com.apple.accessibility.universalAccessHUD", "bundle_name": "UniversalAccessHUD", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "360.2", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2015-2016 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/UniversalAccessHUD.app", - "name": "UniversalAccessHUD.app", - "bundle_identifier": "com.apple.accessibility.universalAccessHUD", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "UniversalAccessHUD", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "UniversalAccessHUD.app", + "path": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/UniversalAccessHUD.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"UniversalAccessHUD\",\"bundle_identifier\":\"com.apple.accessibility.universalAccessHUD\",\"bundle_name\":\"UniversalAccessHUD\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"360.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2015-2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"UniversalAccessHUD.app\",\"path\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/UniversalAccessHUD.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"universalAccessAuthWarn\",\"bundle_identifier\":\"com.apple.accessibility.universalAccessAuthWarn\",\"bundle_name\":\"universalAccessAuthWarn\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"360.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013-2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"universalAccessAuthWarn.app\",\"path\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/universalAccessAuthWarn.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/universalAccessAuthWarn.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2013-2016 Apple Inc. All rights reserved.", - "bundle_short_version": "1.0", - "last_opened_time": "-1.0", + "bundle_executable": "universalAccessAuthWarn", + "bundle_identifier": "com.apple.accessibility.universalAccessAuthWarn", "bundle_name": "universalAccessAuthWarn", + "bundle_package_type": "APPL", + "bundle_short_version": "1.0", "bundle_version": "360.2", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2013-2016 Apple Inc. All rights reserved.", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/universalAccessAuthWarn.app", - "name": "universalAccessAuthWarn.app", - "bundle_identifier": "com.apple.accessibility.universalAccessAuthWarn", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "universalAccessAuthWarn", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "universalAccessAuthWarn.app", + "path": "/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/universalAccessAuthWarn.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"universalAccessAuthWarn\",\"bundle_identifier\":\"com.apple.accessibility.universalAccessAuthWarn\",\"bundle_name\":\"universalAccessAuthWarn\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"360.2\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2013-2016 Apple Inc. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"universalAccessAuthWarn.app\",\"path\":\"/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/universalAccessAuthWarn.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"UASharedPasteboardProgressUI\",\"bundle_identifier\":\"com.apple.coreservices.UASharedPasteboardProgressUI\",\"bundle_name\":\"UASharedPasteboardProgressUI\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"54.1\",\"bundle_version\":\"54.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"UASharedPasteboardProgressUI.app\",\"path\":\"/System/Library/PrivateFrameworks/UserActivity.framework/Agents/UASharedPasteboardProgressUI.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrivateFrameworks/UserActivity.framework/Agents/UASharedPasteboardProgressUI.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "bundle_short_version": "54.1", - "last_opened_time": "-1.0", + "bundle_executable": "UASharedPasteboardProgressUI", + "bundle_identifier": "com.apple.coreservices.UASharedPasteboardProgressUI", "bundle_name": "UASharedPasteboardProgressUI", + "bundle_package_type": "APPL", + "bundle_short_version": "54.1", "bundle_version": "54.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "en", - "path": "/System/Library/PrivateFrameworks/UserActivity.framework/Agents/UASharedPasteboardProgressUI.app", - "name": "UASharedPasteboardProgressUI.app", - "bundle_identifier": "com.apple.coreservices.UASharedPasteboardProgressUI", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.13", - "bundle_executable": "UASharedPasteboardProgressUI", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "UASharedPasteboardProgressUI.app", + "path": "/System/Library/PrivateFrameworks/UserActivity.framework/Agents/UASharedPasteboardProgressUI.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"UASharedPasteboardProgressUI\",\"bundle_identifier\":\"com.apple.coreservices.UASharedPasteboardProgressUI\",\"bundle_name\":\"UASharedPasteboardProgressUI\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"54.1\",\"bundle_version\":\"54.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.13\",\"name\":\"UASharedPasteboardProgressUI.app\",\"path\":\"/System/Library/PrivateFrameworks/UserActivity.framework/Agents/UASharedPasteboardProgressUI.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AppleSpell\",\"bundle_identifier\":\"com.apple.AppleSpell\",\"bundle_name\":\"AppleSpell\",\"bundle_package_type\":\"BNDL\",\"bundle_short_version\":\"2.4\",\"bundle_version\":\"430\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1511081519.06327\",\"minimum_system_version\":\"\",\"name\":\"AppleSpell.service\",\"path\":\"/System/Library/Services/AppleSpell.service\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Services/AppleSpell.service" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Services/AppleSpell.service", - "name": "AppleSpell.service", - "bundle_short_version": "2.4", + "bundle_executable": "AppleSpell", "bundle_identifier": "com.apple.AppleSpell", - "last_opened_time": "1511081519.06327", "bundle_name": "AppleSpell", - "bundle_executable": "AppleSpell", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "BNDL", - "bundle_version": "430" + "bundle_short_version": "2.4", + "bundle_version": "430", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "1511081519.06327", + "name": "AppleSpell.service", + "path": "/System/Library/Services/AppleSpell.service" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"AppleSpell\",\"bundle_identifier\":\"com.apple.AppleSpell\",\"bundle_name\":\"AppleSpell\",\"bundle_package_type\":\"BNDL\",\"bundle_short_version\":\"2.4\",\"bundle_version\":\"430\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1511081519.06327\",\"minimum_system_version\":\"\",\"name\":\"AppleSpell.service\",\"path\":\"/System/Library/Services/AppleSpell.service\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ChineseTextConverterService\",\"bundle_identifier\":\"com.apple.ChineseTextConverterService\",\"bundle_name\":\"ChineseTextConverterService\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.1\",\"bundle_version\":\"61\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Chinese Text Converter 1.1\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ChineseTextConverterService.app\",\"path\":\"/System/Library/Services/ChineseTextConverterService.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Services/ChineseTextConverterService.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "info_string": "Chinese Text Converter 1.1", - "bundle_short_version": "2.1", - "last_opened_time": "-1.0", + "bundle_executable": "ChineseTextConverterService", + "bundle_identifier": "com.apple.ChineseTextConverterService", "bundle_name": "ChineseTextConverterService", + "bundle_package_type": "APPL", + "bundle_short_version": "2.1", "bundle_version": "61", + "compiler": "com.apple.compilers.llvm.clang.1_0", "development_region": "English", - "path": "/System/Library/Services/ChineseTextConverterService.app", + "element": "1", + "info_string": "Chinese Text Converter 1.1", + "last_opened_time": "-1.0", "name": "ChineseTextConverterService.app", - "bundle_identifier": "com.apple.ChineseTextConverterService", - "bundle_executable": "ChineseTextConverterService", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/Services/ChineseTextConverterService.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ChineseTextConverterService\",\"bundle_identifier\":\"com.apple.ChineseTextConverterService\",\"bundle_name\":\"ChineseTextConverterService\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.1\",\"bundle_version\":\"61\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Chinese Text Converter 1.1\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ChineseTextConverterService.app\",\"path\":\"/System/Library/Services/ChineseTextConverterService.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ImageCaptureService\",\"bundle_identifier\":\"com.apple.ImageCaptureService\",\"bundle_name\":\"ImageCaptureService\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.7\",\"bundle_version\":\"6.7\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2000-2014 Apple Inc. \\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ImageCaptureService.app\",\"path\":\"/System/Library/Services/ImageCaptureService.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Services/ImageCaptureService.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2000-2014 Apple Inc. \\x0AAll rights reserved.", - "bundle_short_version": "6.7", - "last_opened_time": "-1.0", + "bundle_executable": "ImageCaptureService", + "bundle_identifier": "com.apple.ImageCaptureService", "bundle_name": "ImageCaptureService", + "bundle_package_type": "APPL", + "bundle_short_version": "6.7", "bundle_version": "6.7", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2000-2014 Apple Inc. \\x0AAll rights reserved.", "development_region": "English", - "path": "/System/Library/Services/ImageCaptureService.app", + "element": "1", + "last_opened_time": "-1.0", "name": "ImageCaptureService.app", - "bundle_identifier": "com.apple.ImageCaptureService", - "bundle_executable": "ImageCaptureService", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "path": "/System/Library/Services/ImageCaptureService.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"ImageCaptureService\",\"bundle_identifier\":\"com.apple.ImageCaptureService\",\"bundle_name\":\"ImageCaptureService\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"6.7\",\"bundle_version\":\"6.7\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2000-2014 Apple Inc. \\\\x0AAll rights reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"ImageCaptureService.app\",\"path\":\"/System/Library/Services/ImageCaptureService.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"OpenSpell\",\"bundle_identifier\":\"com.apple.OpenSpell\",\"bundle_name\":\"OpenSpell\",\"bundle_package_type\":\"BNDL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"8\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"OpenSpell.service\",\"path\":\"/System/Library/Services/OpenSpell.service\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Services/OpenSpell.service" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Services/OpenSpell.service", - "name": "OpenSpell.service", - "bundle_short_version": "1.0", + "bundle_executable": "OpenSpell", "bundle_identifier": "com.apple.OpenSpell", - "last_opened_time": "-1.0", "bundle_name": "OpenSpell", - "bundle_executable": "OpenSpell", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "BNDL", - "bundle_version": "8" + "bundle_short_version": "1.0", + "bundle_version": "8", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "OpenSpell.service", + "path": "/System/Library/Services/OpenSpell.service" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"OpenSpell\",\"bundle_identifier\":\"com.apple.OpenSpell\",\"bundle_name\":\"OpenSpell\",\"bundle_package_type\":\"BNDL\",\"bundle_short_version\":\"1.0\",\"bundle_version\":\"8\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"OpenSpell.service\",\"path\":\"/System/Library/Services/OpenSpell.service\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SpeechService\",\"bundle_identifier\":\"com.apple.speech.SpeechService\",\"bundle_name\":\"Speech Service\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0.14\",\"bundle_version\":\"7.0.14\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"7.0.14\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SpeechService.service\",\"path\":\"/System/Library/Services/SpeechService.service\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Services/SpeechService.service" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Services/SpeechService.service", - "info_string": "7.0.14", - "name": "SpeechService.service", - "bundle_short_version": "7.0.14", + "bundle_executable": "SpeechService", "bundle_identifier": "com.apple.speech.SpeechService", - "last_opened_time": "-1.0", "bundle_name": "Speech Service", - "bundle_executable": "SpeechService", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "7.0.14" + "bundle_short_version": "7.0.14", + "bundle_version": "7.0.14", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "info_string": "7.0.14", + "last_opened_time": "-1.0", + "name": "SpeechService.service", + "path": "/System/Library/Services/SpeechService.service" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SpeechService\",\"bundle_identifier\":\"com.apple.speech.SpeechService\",\"bundle_name\":\"Speech Service\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"7.0.14\",\"bundle_version\":\"7.0.14\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"7.0.14\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SpeechService.service\",\"path\":\"/System/Library/Services/SpeechService.service\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Spotlight\",\"bundle_identifier\":\"com.apple.SpotlightService\",\"bundle_name\":\"SpotlightService\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.0\",\"bundle_version\":\"1191.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Spotlight.service\",\"path\":\"/System/Library/Services/Spotlight.service\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Services/Spotlight.service" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/System/Library/Services/Spotlight.service", - "name": "Spotlight.service", - "bundle_short_version": "3.0", + "bundle_executable": "Spotlight", "bundle_identifier": "com.apple.SpotlightService", - "last_opened_time": "-1.0", "bundle_name": "SpotlightService", - "bundle_executable": "Spotlight", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", - "bundle_version": "1191.1" + "bundle_short_version": "3.0", + "bundle_version": "1191.1", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "last_opened_time": "-1.0", + "name": "Spotlight.service", + "path": "/System/Library/Services/Spotlight.service" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"Spotlight\",\"bundle_identifier\":\"com.apple.SpotlightService\",\"bundle_name\":\"SpotlightService\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"3.0\",\"bundle_version\":\"1191.1\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"Spotlight.service\",\"path\":\"/System/Library/Services/Spotlight.service\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SummaryService\",\"bundle_identifier\":\"com.apple.SummaryService\",\"bundle_name\":\"SummaryService\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0\",\"bundle_version\":\"2.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2016, Apple Inc.\\\\x0AAll Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"SummaryService\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Summary Service Version 2\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SummaryService.app\",\"path\":\"/System/Library/Services/SummaryService.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/System/Library/Services/SummaryService.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 1995-2016, Apple Inc.\\x0AAll Rights Reserved.", - "info_string": "Summary Service Version 2", - "bundle_short_version": "2.0", - "last_opened_time": "-1.0", + "bundle_executable": "SummaryService", + "bundle_identifier": "com.apple.SummaryService", "bundle_name": "SummaryService", - "display_name": "SummaryService", + "bundle_package_type": "APPL", + "bundle_short_version": "2.0", "bundle_version": "2.0", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 1995-2016, Apple Inc.\\x0AAll Rights Reserved.", "development_region": "English", - "path": "/System/Library/Services/SummaryService.app", + "display_name": "SummaryService", + "info_string": "Summary Service Version 2", + "last_opened_time": "-1.0", "name": "SummaryService.app", - "bundle_identifier": "com.apple.SummaryService", - "bundle_executable": "SummaryService", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/System/Library/Services/SummaryService.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"SummaryService\",\"bundle_identifier\":\"com.apple.SummaryService\",\"bundle_name\":\"SummaryService\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"2.0\",\"bundle_version\":\"2.0\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2016, Apple Inc.\\\\x0AAll Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"SummaryService\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"Summary Service Version 2\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"SummaryService.app\",\"path\":\"/System/Library/Services/SummaryService.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"PrinterProxy\",\"bundle_identifier\":\"com.apple.print.PrinterProxy\",\"bundle_name\":\"PrinterProxy\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13\",\"bundle_version\":\"555\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2012, Apple Inc., All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1513759642.59259\",\"minimum_system_version\":\"\",\"name\":\"Brother DCP-7055W.app\",\"path\":\"/Users/tsg/Library/Printers/Brother DCP-7055W.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/Library/Printers/Brother DCP-7055W.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { "applescript_enabled": "1", - "copyright": "Copyright \\xC2\\xA9 1995-2012, Apple Inc., All Rights Reserved.", - "bundle_short_version": "13", - "last_opened_time": "1513759642.59259", + "bundle_executable": "PrinterProxy", + "bundle_identifier": "com.apple.print.PrinterProxy", "bundle_name": "PrinterProxy", + "bundle_package_type": "APPL", + "bundle_short_version": "13", "bundle_version": "555", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 1995-2012, Apple Inc., All Rights Reserved.", "development_region": "English", - "path": "/Users/tsg/Library/Printers/Brother DCP-7055W.app", + "last_opened_time": "1513759642.59259", "name": "Brother DCP-7055W.app", - "bundle_identifier": "com.apple.print.PrinterProxy", - "bundle_executable": "PrinterProxy", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL" + "path": "/Users/tsg/Library/Printers/Brother DCP-7055W.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"1\",\"bundle_executable\":\"PrinterProxy\",\"bundle_identifier\":\"com.apple.print.PrinterProxy\",\"bundle_name\":\"PrinterProxy\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"13\",\"bundle_version\":\"555\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 1995-2012, Apple Inc., All Rights Reserved.\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"1513759642.59259\",\"minimum_system_version\":\"\",\"name\":\"Brother DCP-7055W.app\",\"path\":\"/Users/tsg/Library/Printers/Brother DCP-7055W.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"terminal-notifier\",\"bundle_identifier\":\"nl.superalloy.oss.terminal-notifier\",\"bundle_name\":\"terminal-notifier\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.7.1\",\"bundle_version\":\"16\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012-2016 Eloy Dur\\\\xC3\\\\xA1n, Julien Blanchard. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.8\",\"name\":\"terminal-notifier.app\",\"path\":\"/Users/tsg/src/github.com/elastic/kibana/node_modules/node-notifier/vendor/terminal-notifier.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/src/github.com/elastic/kibana/node_modules/node-notifier/vendor/terminal-notifier.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012-2016 Eloy Dur\\xC3\\xA1n, Julien Blanchard. All rights reserved.", - "bundle_short_version": "1.7.1", - "last_opened_time": "-1.0", + "bundle_executable": "terminal-notifier", + "bundle_identifier": "nl.superalloy.oss.terminal-notifier", "bundle_name": "terminal-notifier", + "bundle_package_type": "APPL", + "bundle_short_version": "1.7.1", "bundle_version": "16", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012-2016 Eloy Dur\\xC3\\xA1n, Julien Blanchard. All rights reserved.", "development_region": "en", - "path": "/Users/tsg/src/github.com/elastic/kibana/node_modules/node-notifier/vendor/terminal-notifier.app", - "name": "terminal-notifier.app", - "bundle_identifier": "nl.superalloy.oss.terminal-notifier", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.8", - "bundle_executable": "terminal-notifier", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "terminal-notifier.app", + "path": "/Users/tsg/src/github.com/elastic/kibana/node_modules/node-notifier/vendor/terminal-notifier.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"terminal-notifier\",\"bundle_identifier\":\"nl.superalloy.oss.terminal-notifier\",\"bundle_name\":\"terminal-notifier\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.7.1\",\"bundle_version\":\"16\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012-2016 Eloy Dur\\\\xC3\\\\xA1n, Julien Blanchard. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.8\",\"name\":\"terminal-notifier.app\",\"path\":\"/Users/tsg/src/github.com/elastic/kibana/node_modules/node-notifier/vendor/terminal-notifier.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"terminal-notifier\",\"bundle_identifier\":\"nl.superalloy.oss.terminal-notifier\",\"bundle_name\":\"terminal-notifier\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.7.1\",\"bundle_version\":\"16\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012-2016 Eloy Dur\\\\xC3\\\\xA1n, Julien Blanchard. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.8\",\"name\":\"terminal-notifier.app\",\"path\":\"/Users/tsg/src/github.com/elastic/x-pack-kibana/node_modules/node-notifier/vendor/terminal-notifier.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/Users/tsg/src/github.com/elastic/x-pack-kibana/node_modules/node-notifier/vendor/terminal-notifier.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "copyright": "Copyright \\xC2\\xA9 2012-2016 Eloy Dur\\xC3\\xA1n, Julien Blanchard. All rights reserved.", - "bundle_short_version": "1.7.1", - "last_opened_time": "-1.0", + "bundle_executable": "terminal-notifier", + "bundle_identifier": "nl.superalloy.oss.terminal-notifier", "bundle_name": "terminal-notifier", + "bundle_package_type": "APPL", + "bundle_short_version": "1.7.1", "bundle_version": "16", + "compiler": "com.apple.compilers.llvm.clang.1_0", + "copyright": "Copyright \\xC2\\xA9 2012-2016 Eloy Dur\\xC3\\xA1n, Julien Blanchard. All rights reserved.", "development_region": "en", - "path": "/Users/tsg/src/github.com/elastic/x-pack-kibana/node_modules/node-notifier/vendor/terminal-notifier.app", - "name": "terminal-notifier.app", - "bundle_identifier": "nl.superalloy.oss.terminal-notifier", + "element": "1", + "last_opened_time": "-1.0", "minimum_system_version": "10.8", - "bundle_executable": "terminal-notifier", - "compiler": "com.apple.compilers.llvm.clang.1_0", - "bundle_package_type": "APPL", - "element": "1" + "name": "terminal-notifier.app", + "path": "/Users/tsg/src/github.com/elastic/x-pack-kibana/node_modules/node-notifier/vendor/terminal-notifier.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"terminal-notifier\",\"bundle_identifier\":\"nl.superalloy.oss.terminal-notifier\",\"bundle_name\":\"terminal-notifier\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.7.1\",\"bundle_version\":\"16\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"Copyright \\\\xC2\\\\xA9 2012-2016 Eloy Dur\\\\xC3\\\\xA1n, Julien Blanchard. All rights reserved.\",\"development_region\":\"en\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"10.8\",\"name\":\"terminal-notifier.app\",\"path\":\"/Users/tsg/src/github.com/elastic/x-pack-kibana/node_modules/node-notifier/vendor/terminal-notifier.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"\",\"bundle_identifier\":\"com.apple.pppminiterm\",\"bundle_name\":\"PPP MiniTerm\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.9\",\"bundle_version\":\"1.9\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Terminal window application for PPP\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"MiniTerm.app\",\"path\":\"/usr/libexec/MiniTerm.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/usr/libexec/MiniTerm.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/usr/libexec/MiniTerm.app", - "info_string": "Terminal window application for PPP", - "name": "MiniTerm.app", - "bundle_short_version": "1.9", "bundle_identifier": "com.apple.pppminiterm", - "last_opened_time": "-1.0", "bundle_name": "PPP MiniTerm", - "compiler": "com.apple.compilers.llvm.clang.1_0", "bundle_package_type": "APPL", + "bundle_short_version": "1.9", "bundle_version": "1.9", - "element": "1" + "compiler": "com.apple.compilers.llvm.clang.1_0", + "development_region": "English", + "element": "1", + "info_string": "Terminal window application for PPP", + "last_opened_time": "-1.0", + "name": "MiniTerm.app", + "path": "/usr/libexec/MiniTerm.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"\",\"bundle_identifier\":\"com.apple.pppminiterm\",\"bundle_name\":\"PPP MiniTerm\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"1.9\",\"bundle_version\":\"1.9\",\"category\":\"\",\"compiler\":\"com.apple.compilers.llvm.clang.1_0\",\"copyright\":\"\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"Terminal window application for PPP\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"MiniTerm.app\",\"path\":\"/usr/libexec/MiniTerm.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:54.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"pinentry-mac\",\"bundle_identifier\":\"org.gpgtools.pinentry-mac\",\"bundle_name\":\"pinentry-mac\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"0.9.7.1\",\"bundle_version\":\"9\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"Released under GPL - see COPYING\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"pinentry-mac.app\",\"path\":\"/usr/local/MacGPG2/libexec/pinentry-mac.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", + "type": "info" + }, "file": { "path": "/usr/local/MacGPG2/libexec/pinentry-mac.app" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", "columns": { - "development_region": "English", - "path": "/usr/local/MacGPG2/libexec/pinentry-mac.app", - "copyright": "Released under GPL - see COPYING", - "name": "pinentry-mac.app", - "bundle_short_version": "0.9.7.1", + "bundle_executable": "pinentry-mac", "bundle_identifier": "org.gpgtools.pinentry-mac", - "last_opened_time": "-1.0", "bundle_name": "pinentry-mac", - "bundle_executable": "pinentry-mac", "bundle_package_type": "APPL", + "bundle_short_version": "0.9.7.1", "bundle_version": "9", - "element": "1" + "copyright": "Released under GPL - see COPYING", + "development_region": "English", + "element": "1", + "last_opened_time": "-1.0", + "name": "pinentry-mac.app", + "path": "/usr/local/MacGPG2/libexec/pinentry-mac.app" }, - "name": "pack_it-compliance_installed_applications", - "unix_time": "1514471994", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:54 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_installed_applications", + "unix_time": "1514471994" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_installed_applications" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:54 2017 UTC\",\"columns\":{\"applescript_enabled\":\"\",\"bundle_executable\":\"pinentry-mac\",\"bundle_identifier\":\"org.gpgtools.pinentry-mac\",\"bundle_name\":\"pinentry-mac\",\"bundle_package_type\":\"APPL\",\"bundle_short_version\":\"0.9.7.1\",\"bundle_version\":\"9\",\"category\":\"\",\"compiler\":\"\",\"copyright\":\"Released under GPL - see COPYING\",\"development_region\":\"English\",\"display_name\":\"\",\"element\":\"1\",\"environment\":\"\",\"info_string\":\"\",\"last_opened_time\":\"-1.0\",\"minimum_system_version\":\"\",\"name\":\"pinentry-mac.app\",\"path\":\"/usr/local/MacGPG2/libexec/pinentry-mac.app\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_installed_applications\",\"unixTime\":\"1514471994\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090325Z\",\"description\":\"AirPort network password\",\"label\":\"Torx\",\"modified\":\"20170823090325Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/System.keychain", + "created": "20170823090325Z", "description": "AirPort network password", - "modified": "20170823090325Z", "label": "Torx", - "type": "password", - "created": "20170823090325Z" + "modified": "20170823090325Z", + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090325Z\",\"description\":\"AirPort network password\",\"label\":\"Torx\",\"modified\":\"20170823090325Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090958Z\",\"description\":\"\",\"label\":\"com.apple.loginwindow.guest-account\",\"modified\":\"20170823090958Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/System.keychain", - "modified": "20170823090958Z", + "created": "20170823090958Z", "label": "com.apple.loginwindow.guest-account", - "type": "password", - "created": "20170823090958Z" + "modified": "20170823090958Z", + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090958Z\",\"description\":\"\",\"label\":\"com.apple.loginwindow.guest-account\",\"modified\":\"20170823090958Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171010115451Z\",\"description\":\"AirPort network password\",\"label\":\"dontforgetthetowel\",\"modified\":\"20171010115451Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/System.keychain", + "created": "20171010115451Z", "description": "AirPort network password", - "modified": "20171010115451Z", "label": "dontforgetthetowel", - "type": "password", - "created": "20171010115451Z" + "modified": "20171010115451Z", + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171010115451Z\",\"description\":\"AirPort network password\",\"label\":\"dontforgetthetowel\",\"modified\":\"20171010115451Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171013115343Z\",\"description\":\"AirPort network password\",\"label\":\"Codemotion2017\",\"modified\":\"20171013115343Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/System.keychain", + "created": "20171013115343Z", "description": "AirPort network password", - "modified": "20171013115343Z", "label": "Codemotion2017", - "type": "password", - "created": "20171013115343Z" + "modified": "20171013115343Z", + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171013115343Z\",\"description\":\"AirPort network password\",\"label\":\"Codemotion2017\",\"modified\":\"20171013115343Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171023110027Z\",\"description\":\"AirPort network password\",\"label\":\"Tudor\\\\xE2\\\\x80\\\\x99s iPhone\",\"modified\":\"20171023110027Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/System.keychain", + "created": "20171023110027Z", "description": "AirPort network password", - "modified": "20171023110027Z", "label": "Tudor\\xE2\\x80\\x99s iPhone", - "type": "password", - "created": "20171023110027Z" + "modified": "20171023110027Z", + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171023110027Z\",\"description\":\"AirPort network password\",\"label\":\"Tudor\\\\xE2\\\\x80\\\\x99s iPhone\",\"modified\":\"20171023110027Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171221140434Z\",\"description\":\"AirPort network password\",\"label\":\"homenet\",\"modified\":\"20171221140434Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/System.keychain", + "created": "20171221140434Z", "description": "AirPort network password", - "modified": "20171221140434Z", "label": "homenet", - "type": "password", - "created": "20171221140434Z" + "modified": "20171221140434Z", + "path": "/Library/Keychains/System.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171221140434Z\",\"description\":\"AirPort network password\",\"label\":\"homenet\",\"modified\":\"20171221140434Z\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090342Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090342Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/apsd.keychain", - "modified": "20170823090342Z", + "created": "20170823090342Z", "label": "APSPublicTokens", - "type": "password", - "created": "20170823090342Z" + "modified": "20170823090342Z", + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090342Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090342Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090342Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090342Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/apsd.keychain", - "modified": "20170823090342Z", + "created": "20170823090342Z", "label": "APSPublicTokens", - "type": "password", - "created": "20170823090342Z" + "modified": "20170823090342Z", + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090342Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090342Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090342Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090342Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/apsd.keychain", - "modified": "20170823090342Z", + "created": "20170823090342Z", "label": "APSPublicTokens", - "type": "password", - "created": "20170823090342Z" + "modified": "20170823090342Z", + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090342Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090342Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090519Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090519Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/apsd.keychain", - "modified": "20170823090519Z", + "created": "20170823090519Z", "label": "APSPublicTokens", - "type": "password", - "created": "20170823090519Z" + "modified": "20170823090519Z", + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090519Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090519Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090610Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090610Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/apsd.keychain", - "modified": "20170823090610Z", + "created": "20170823090610Z", "label": "APSPublicTokens", - "type": "password", - "created": "20170823090610Z" + "modified": "20170823090610Z", + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090610Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090610Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090611Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090611Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/apsd.keychain", - "modified": "20170823090611Z", + "created": "20170823090611Z", "label": "APSPublicTokens", - "type": "password", - "created": "20170823090611Z" + "modified": "20170823090611Z", + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090611Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823090611Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091832Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823091832Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/apsd.keychain", - "modified": "20170823091832Z", + "created": "20170823091832Z", "label": "APSPublicTokens", - "type": "password", - "created": "20170823091832Z" + "modified": "20170823091832Z", + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091832Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823091832Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091833Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823091833Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/apsd.keychain", - "modified": "20170823091833Z", + "created": "20170823091833Z", "label": "APSPublicTokens", - "type": "password", - "created": "20170823091833Z" + "modified": "20170823091833Z", + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091833Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20170823091833Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171227120241Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20171227120241Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Library/Keychains/apsd.keychain", - "modified": "20171227120241Z", + "created": "20171227120241Z", "label": "APSPublicTokens", - "type": "password", - "created": "20171227120241Z" + "modified": "20171227120241Z", + "path": "/Library/Keychains/apsd.keychain", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171227120241Z\",\"description\":\"\",\"label\":\"APSPublicTokens\",\"modified\":\"20171227120241Z\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090548Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823090548Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090548Z", + "created": "20170823090548Z", "label": "CommCenter", - "type": "password", - "created": "20170823090548Z" + "modified": "20170823090548Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, - "rule": { - "name": "pack_it-compliance_keychain_items" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090548Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823090548Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "rule": { + "name": "pack_it-compliance_keychain_items" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090549Z\",\"description\":\"\",\"label\":\"ids: identity-rsa-public-key\",\"modified\":\"20170823090549Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090549Z", + "created": "20170823090549Z", "label": "ids: identity-rsa-public-key", - "type": "password", - "created": "20170823090549Z" + "modified": "20170823090549Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090549Z\",\"description\":\"\",\"label\":\"ids: identity-rsa-public-key\",\"modified\":\"20170823090549Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090549Z\",\"description\":\"\",\"label\":\"com.apple.ids: localdevice4ab2906d-5516-5794-af54-86d1d7f533f3-AuthToken\",\"modified\":\"20170823090549Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090549Z", + "created": "20170823090549Z", "label": "com.apple.ids: localdevice4ab2906d-5516-5794-af54-86d1d7f533f3-AuthToken", - "type": "password", - "created": "20170823090549Z" + "modified": "20170823090549Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090549Z\",\"description\":\"\",\"label\":\"com.apple.ids: localdevice4ab2906d-5516-5794-af54-86d1d7f533f3-AuthToken\",\"modified\":\"20170823090549Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090549Z\",\"description\":\"\",\"label\":\"ids: identity-rsa-private-key\",\"modified\":\"20170823090549Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090549Z", + "created": "20170823090549Z", "label": "ids: identity-rsa-private-key", - "type": "password", - "created": "20170823090549Z" + "modified": "20170823090549Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090549Z\",\"description\":\"\",\"label\":\"ids: identity-rsa-private-key\",\"modified\":\"20170823090549Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090549Z\",\"description\":\"\",\"label\":\"ids: identity-rsa-key-pair-signature-v1\",\"modified\":\"20170823090549Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090549Z", + "created": "20170823090549Z", "label": "ids: identity-rsa-key-pair-signature-v1", - "type": "password", - "created": "20170823090549Z" + "modified": "20170823090549Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090549Z\",\"description\":\"\",\"label\":\"ids: identity-rsa-key-pair-signature-v1\",\"modified\":\"20170823090549Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.account.idms.continuation-key\",\"modified\":\"20170823090553Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090553Z", + "created": "20170823090553Z", "label": "com.apple.account.idms.continuation-key", - "type": "password", - "created": "20170823090553Z" + "modified": "20170823090553Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.account.idms.continuation-key\",\"modified\":\"20170823090553Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.account.idms.password-reset-token\",\"modified\":\"20170823090553Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090553Z", + "created": "20170823090553Z", "label": "com.apple.account.idms.password-reset-token", - "type": "password", - "created": "20170823090553Z" + "modified": "20170823090553Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.account.idms.password-reset-token\",\"modified\":\"20170823090553Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.account.idms.password-reset-token-backup\",\"modified\":\"20170823090553Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090553Z", + "created": "20170823090553Z", "label": "com.apple.account.idms.password-reset-token-backup", - "type": "password", - "created": "20170823090553Z" + "modified": "20170823090553Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.account.idms.password-reset-token-backup\",\"modified\":\"20170823090553Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090554Z\",\"description\":\"\",\"label\":\"com.apple.account.GameCenter.token\",\"modified\":\"20170823090554Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090554Z", + "created": "20170823090554Z", "label": "com.apple.account.GameCenter.token", - "type": "password", - "created": "20170823090554Z" + "modified": "20170823090554Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090554Z\",\"description\":\"\",\"label\":\"com.apple.account.GameCenter.token\",\"modified\":\"20170823090554Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090557Z\",\"description\":\"\",\"label\":\"ProtectedCloudStorage\",\"modified\":\"20170823090557Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090557Z", + "created": "20170823090557Z", "label": "ProtectedCloudStorage", - "type": "password", - "created": "20170823090557Z" + "modified": "20170823090557Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090557Z\",\"description\":\"\",\"label\":\"ProtectedCloudStorage\",\"modified\":\"20170823090557Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090557Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823090557Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823090557Z", + "created": "20170823090557Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20170823090557Z" + "modified": "20170823090557Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090557Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823090557Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091001Z\",\"description\":\"\",\"label\":\"com.apple.scopedbookmarksagent.xpc\",\"modified\":\"20170823091001Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091001Z", + "created": "20170823091001Z", "label": "com.apple.scopedbookmarksagent.xpc", - "type": "password", - "created": "20170823091001Z" + "modified": "20170823091001Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091001Z\",\"description\":\"\",\"label\":\"com.apple.scopedbookmarksagent.xpc\",\"modified\":\"20170823091001Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091019Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091019Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091019Z", + "created": "20170823091019Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20170823091019Z" + "modified": "20170823091019Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091019Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091019Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091020Z\",\"description\":\"\",\"label\":\"MetadataKeychain\",\"modified\":\"20170823091020Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091020Z", + "created": "20170823091020Z", "label": "MetadataKeychain", - "type": "password", - "created": "20170823091020Z" + "modified": "20170823091020Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091020Z\",\"description\":\"\",\"label\":\"MetadataKeychain\",\"modified\":\"20170823091020Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091024Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091024Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091024Z", + "created": "20170823091024Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20170823091024Z" + "modified": "20170823091024Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091024Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091024Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091025Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091025Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091025Z", + "created": "20170823091025Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20170823091025Z" + "modified": "20170823091025Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091025Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091025Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091037Z\",\"description\":\"\",\"label\":\"Call History User Data Key\",\"modified\":\"20170823091037Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091037Z", + "created": "20170823091037Z", "label": "Call History User Data Key", - "type": "password", - "created": "20170823091037Z" + "modified": "20170823091037Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091037Z\",\"description\":\"\",\"label\":\"Call History User Data Key\",\"modified\":\"20170823091037Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091040Z\",\"description\":\"\",\"label\":\"ids: message-protection-key\",\"modified\":\"20170823091040Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091040Z", + "created": "20170823091040Z", "label": "ids: message-protection-key", - "type": "password", - "created": "20170823091040Z" + "modified": "20170823091040Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091040Z\",\"description\":\"\",\"label\":\"ids: message-protection-key\",\"modified\":\"20170823091040Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091049Z", + "created": "20170823091049Z", "label": "CommCenter", - "type": "password", - "created": "20170823091049Z" + "modified": "20170823091049Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091049Z", + "created": "20170823091049Z", "label": "CommCenter", - "type": "password", - "created": "20170823091049Z" + "modified": "20170823091049Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091049Z", + "created": "20170823091049Z", "label": "CommCenter", - "type": "password", - "created": "20170823091049Z" + "modified": "20170823091049Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091049Z", + "created": "20170823091049Z", "label": "CommCenter", - "type": "password", - "created": "20170823091049Z" + "modified": "20170823091049Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091049Z", + "created": "20170823091049Z", "label": "CommCenter", - "type": "password", - "created": "20170823091049Z" + "modified": "20170823091049Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091049Z", + "created": "20170823091049Z", "label": "CommCenter", - "type": "password", - "created": "20170823091049Z" + "modified": "20170823091049Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091049Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20170823091049Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091059Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091059Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091059Z", + "created": "20170823091059Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20170823091059Z" + "modified": "20170823091059Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091059Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091059Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091146Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091146Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091146Z", + "created": "20170823091146Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20170823091146Z" + "modified": "20170823091146Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091146Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091146Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091205Z\",\"description\":\"\",\"label\":\"Safari Session State Key\",\"modified\":\"20170823091205Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091205Z", + "created": "20170823091205Z", "label": "Safari Session State Key", - "type": "password", - "created": "20170823091205Z" + "modified": "20170823091205Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091205Z\",\"description\":\"\",\"label\":\"Safari Session State Key\",\"modified\":\"20170823091205Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091849Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091849Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170823091849Z", + "created": "20170823091849Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20170823091849Z" + "modified": "20170823091849Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091849Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170823091849Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170829083258Z\",\"description\":\"\",\"label\":\"Chrome Safe Storage\",\"modified\":\"20170829083258Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170829083258Z", + "created": "20170829083258Z", "label": "Chrome Safe Storage", - "type": "password", - "created": "20170829083258Z" + "modified": "20170829083258Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170829083258Z\",\"description\":\"\",\"label\":\"Chrome Safe Storage\",\"modified\":\"20170829083258Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"Used to decode the encrypted file that contains non-password data previously entered in web page forms.\",\"created\":\"20170830073333Z\",\"description\":\"\",\"label\":\"Safari Forms AutoFill\",\"modified\":\"20170830073333Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170830073333Z", "comment": "Used to decode the encrypted file that contains non-password data previously entered in web page forms.", + "created": "20170830073333Z", "label": "Safari Forms AutoFill", - "type": "password", - "created": "20170830073333Z" + "modified": "20170830073333Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"Used to decode the encrypted file that contains non-password data previously entered in web page forms.\",\"created\":\"20170830073333Z\",\"description\":\"\",\"label\":\"Safari Forms AutoFill\",\"modified\":\"20170830073333Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170830073421Z\",\"description\":\"\",\"label\":\"com.apple.account.Google.oath-refresh-token\",\"modified\":\"20170830073421Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170830073421Z", + "created": "20170830073421Z", "label": "com.apple.account.Google.oath-refresh-token", - "type": "password", - "created": "20170830073421Z" + "modified": "20170830073421Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170830073421Z\",\"description\":\"\",\"label\":\"com.apple.account.Google.oath-refresh-token\",\"modified\":\"20170830073421Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170901081452Z\",\"description\":\"\",\"label\":\"com.lastpass.Wallet\",\"modified\":\"20170901081452Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170901081452Z", + "created": "20170901081452Z", "label": "com.lastpass.Wallet", - "type": "password", - "created": "20170901081452Z" + "modified": "20170901081452Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170901081452Z\",\"description\":\"\",\"label\":\"com.lastpass.Wallet\",\"modified\":\"20170901081452Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170907102027Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20170907102027Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170907102027Z", + "created": "20170907102027Z", "label": "com.apple.assistant", - "type": "password", - "created": "20170907102027Z" + "modified": "20170907102027Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170907102027Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20170907102027Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170920200609Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170920200609Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20170920200609Z", + "created": "20170920200609Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20170920200609Z" + "modified": "20170920200609Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170920200609Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20170920200609Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171027100218Z\",\"description\":\"\",\"label\":\"keybase\",\"modified\":\"20171027100218Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171027100218Z", + "created": "20171027100218Z", "label": "keybase", - "type": "password", - "created": "20171027100218Z" + "modified": "20171027100218Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171027100218Z\",\"description\":\"\",\"label\":\"keybase\",\"modified\":\"20171027100218Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090548Z\",\"description\":\"\",\"label\":\"com.apple.NetworkServiceProxy.Configuration\",\"modified\":\"20171029085756Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029085756Z", + "created": "20170823090548Z", "label": "com.apple.NetworkServiceProxy.Configuration", - "type": "password", - "created": "20170823090548Z" + "modified": "20171029085756Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090548Z\",\"description\":\"\",\"label\":\"com.apple.NetworkServiceProxy.Configuration\",\"modified\":\"20171029085756Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090548Z\",\"description\":\"\",\"label\":\"com.apple.NetworkServiceProxy.WaldoInfo.pie2.hosts\",\"modified\":\"20171029085756Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029085756Z", + "created": "20170823090548Z", "label": "com.apple.NetworkServiceProxy.WaldoInfo.pie2.hosts", - "type": "password", - "created": "20170823090548Z" + "modified": "20171029085756Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090548Z\",\"description\":\"\",\"label\":\"com.apple.NetworkServiceProxy.WaldoInfo.pie2.hosts\",\"modified\":\"20171029085756Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090548Z\",\"description\":\"\",\"label\":\"com.apple.NetworkServiceProxy.WaldoInfo.com.apple.nspcurl\",\"modified\":\"20171029085756Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029085756Z", + "created": "20170823090548Z", "label": "com.apple.NetworkServiceProxy.WaldoInfo.com.apple.nspcurl", - "type": "password", - "created": "20170823090548Z" + "modified": "20171029085756Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090548Z\",\"description\":\"\",\"label\":\"com.apple.NetworkServiceProxy.WaldoInfo.com.apple.nspcurl\",\"modified\":\"20171029085756Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090548Z\",\"description\":\"\",\"label\":\"com.apple.NetworkServiceProxy.WaldoInfo.com.apple.parsecd\",\"modified\":\"20171029085756Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029085756Z", + "created": "20170823090548Z", "label": "com.apple.NetworkServiceProxy.WaldoInfo.com.apple.parsecd", - "type": "password", - "created": "20170823090548Z" + "modified": "20171029085756Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090548Z\",\"description\":\"\",\"label\":\"com.apple.NetworkServiceProxy.WaldoInfo.com.apple.parsecd\",\"modified\":\"20171029085756Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212513Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029212513Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029212513Z", + "created": "20171029212513Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20171029212513Z" + "modified": "20171029212513Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212513Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029212513Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213053Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029213053Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029213053Z", + "created": "20171029213053Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20171029213053Z" + "modified": "20171029213053Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213053Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029213053Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213057Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029213057Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029213057Z", + "created": "20171029213057Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20171029213057Z" + "modified": "20171029213057Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213057Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029213057Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213057Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029213057Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029213057Z", + "created": "20171029213057Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20171029213057Z" + "modified": "20171029213057Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213057Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029213057Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213058Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029213058Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029213058Z", + "created": "20171029213058Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20171029213058Z" + "modified": "20171029213058Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213058Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029213058Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213115Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029213115Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029213115Z", + "created": "20171029213115Z", "label": "com.apple.cloudd.deviceIdentifier.Production", - "type": "password", - "created": "20171029213115Z" + "modified": "20171029213115Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213115Z\",\"description\":\"\",\"label\":\"com.apple.cloudd.deviceIdentifier.Production\",\"modified\":\"20171029213115Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"tudor.g@gmail.com\",\"modified\":\"20171029213540Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171029213540Z", + "created": "20170823090553Z", "label": "tudor.g@gmail.com", - "type": "password", - "created": "20170823090553Z" + "modified": "20171029213540Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"tudor.g@gmail.com\",\"modified\":\"20171029213540Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171030062827Z\",\"description\":\"\",\"label\":\"Safari Forms AutoFill Encryption Key\",\"modified\":\"20171030062827Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171030062827Z", + "created": "20171030062827Z", "label": "Safari Forms AutoFill Encryption Key", - "type": "password", - "created": "20171030062827Z" + "modified": "20171030062827Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171030062827Z\",\"description\":\"\",\"label\":\"Safari Forms AutoFill Encryption Key\",\"modified\":\"20171030062827Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212500Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.token\",\"modified\":\"20171111144637Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171111144637Z", + "created": "20171029212500Z", "label": "com.apple.account.AppleAccount.token", - "type": "password", - "created": "20171029212500Z" + "modified": "20171111144637Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212500Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.token\",\"modified\":\"20171111144637Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.account.idms.heartbeat-token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.account.idms.heartbeat-token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.account.idms.heartbeat-token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.account.idms.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.account.idms.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.account.idms.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.idms.hb.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.idms.hb.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.idms.hb.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171116123221Z\",\"description\":\"\",\"label\":\"com.apple.gs.icloud.storage.buy.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20171116123221Z", "label": "com.apple.gs.icloud.storage.buy.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20171116123221Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171116123221Z\",\"description\":\"\",\"label\":\"com.apple.gs.icloud.storage.buy.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.idms.pet.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.idms.pet.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.idms.pet.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.news.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.news.auth.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.news.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.appleid.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.appleid.auth.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.appleid.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.supportapp.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.supportapp.auth.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.supportapp.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.authagent.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.authagent.auth.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.authagent.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.idms.ln.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.idms.ln.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.idms.ln.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.beta.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.beta.auth.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.beta.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.icloud.family.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.icloud.family.auth.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.icloud.family.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.pb.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.pb.auth.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.pb.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.icloud.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171116123221Z", + "created": "20170823090553Z", "label": "com.apple.gs.icloud.auth.com.apple.account.AppleIDAuthentication.token", - "type": "password", - "created": "20170823090553Z" + "modified": "20171116123221Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090553Z\",\"description\":\"\",\"label\":\"com.apple.gs.icloud.auth.com.apple.account.AppleIDAuthentication.token\",\"modified\":\"20171116123221Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213109Z\",\"description\":\"Handoff Decryption Key\",\"label\":\"handoff-decryption-key-E8ED887D-A067-47D1-A48A-1D9FFE5E8A59\",\"modified\":\"20171204063532Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "created": "20171029213109Z", "description": "Handoff Decryption Key", - "modified": "20171204063532Z", "label": "handoff-decryption-key-E8ED887D-A067-47D1-A48A-1D9FFE5E8A59", - "type": "password", - "created": "20171029213109Z" + "modified": "20171204063532Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213109Z\",\"description\":\"Handoff Decryption Key\",\"label\":\"handoff-decryption-key-E8ED887D-A067-47D1-A48A-1D9FFE5E8A59\",\"modified\":\"20171204063532Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212500Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.back-to-my-mac-token\",\"modified\":\"20171218125414Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171218125414Z", + "created": "20171029212500Z", "label": "com.apple.account.AppleAccount.back-to-my-mac-token", - "type": "password", - "created": "20171029212500Z" + "modified": "20171218125414Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212500Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.back-to-my-mac-token\",\"modified\":\"20171218125414Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212501Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.cloudkit-token\",\"modified\":\"20171218125414Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171218125414Z", + "created": "20171029212501Z", "label": "com.apple.account.AppleAccount.cloudkit-token", - "type": "password", - "created": "20171029212501Z" + "modified": "20171218125414Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212501Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.cloudkit-token\",\"modified\":\"20171218125414Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212501Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.find-my-friends-app-token\",\"modified\":\"20171218125414Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171218125414Z", + "created": "20171029212501Z", "label": "com.apple.account.AppleAccount.find-my-friends-app-token", - "type": "password", - "created": "20171029212501Z" + "modified": "20171218125414Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212501Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.find-my-friends-app-token\",\"modified\":\"20171218125414Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212500Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.find-my-iphone-token\",\"modified\":\"20171218125414Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171218125414Z", + "created": "20171029212500Z", "label": "com.apple.account.AppleAccount.find-my-iphone-token", - "type": "password", - "created": "20171029212500Z" + "modified": "20171218125414Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212500Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.find-my-iphone-token\",\"modified\":\"20171218125414Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212500Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.maps-token\",\"modified\":\"20171218125414Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171218125414Z", + "created": "20171029212500Z", "label": "com.apple.account.AppleAccount.maps-token", - "type": "password", - "created": "20171029212500Z" + "modified": "20171218125414Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029212500Z\",\"description\":\"\",\"label\":\"com.apple.account.AppleAccount.maps-token\",\"modified\":\"20171218125414Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171227094704Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20171227094704Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171227094704Z", + "created": "20171227094704Z", "label": "CommCenter", - "type": "password", - "created": "20171227094704Z" + "modified": "20171227094704Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171227094704Z\",\"description\":\"\",\"label\":\"CommCenter\",\"modified\":\"20171227094704Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091040Z\",\"description\":\"\",\"label\":\"ids: message-protection-public-data-registered\",\"modified\":\"20171227100556Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:55.000Z", "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171227100556Z", + "created": "20170823091040Z", "label": "ids: message-protection-public-data-registered", - "type": "password", - "created": "20170823091040Z" + "modified": "20171227100556Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823091040Z\",\"description\":\"\",\"label\":\"ids: message-protection-public-data-registered\",\"modified\":\"20171227100556Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171227153451Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20171227153451Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171227153451Z", + "created": "20171227153451Z", "label": "com.apple.assistant", - "type": "password", - "created": "20171227153451Z" + "modified": "20171227153451Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171227153451Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20171227153451Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170929041139Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20171227153452Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171227153452Z", + "created": "20170929041139Z", "label": "com.apple.assistant", - "type": "password", - "created": "20170929041139Z" + "modified": "20171227153452Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170929041139Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20171227153452Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170830075739Z\",\"description\":\"Amazon Music Account Login\",\"label\":\"com.amazon.music\",\"modified\":\"20171227153453Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "created": "20170830075739Z", "description": "Amazon Music Account Login", - "modified": "20171227153453Z", "label": "com.amazon.music", - "type": "password", - "created": "20170830075739Z" + "modified": "20171227153453Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170830075739Z\",\"description\":\"Amazon Music Account Login\",\"label\":\"com.amazon.music\",\"modified\":\"20171227153453Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"Used by the persistent state feature to encrypt window snapshots to ensure privacy. It is changed frequently.\",\"created\":\"20170823090550Z\",\"description\":\"\",\"label\":\"Apple Persistent State Encryption\",\"modified\":\"20171227153949Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171227153949Z", "comment": "Used by the persistent state feature to encrypt window snapshots to ensure privacy. It is changed frequently.", + "created": "20170823090550Z", "label": "Apple Persistent State Encryption", - "type": "password", - "created": "20170823090550Z" + "modified": "20171227153949Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"Used by the persistent state feature to encrypt window snapshots to ensure privacy. It is changed frequently.\",\"created\":\"20170823090550Z\",\"description\":\"\",\"label\":\"Apple Persistent State Encryption\",\"modified\":\"20171227153949Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170830073421Z\",\"description\":\"\",\"label\":\"com.apple.account.Google.oauth-expiry-date\",\"modified\":\"20171228080439Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171228080439Z", + "created": "20170830073421Z", "label": "com.apple.account.Google.oauth-expiry-date", - "type": "password", - "created": "20170830073421Z" + "modified": "20171228080439Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170830073421Z\",\"description\":\"\",\"label\":\"com.apple.account.Google.oauth-expiry-date\",\"modified\":\"20171228080439Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170830073421Z\",\"description\":\"\",\"label\":\"com.apple.account.Google.oauth-token\",\"modified\":\"20171228080439Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171228080439Z", + "created": "20170830073421Z", "label": "com.apple.account.Google.oauth-token", - "type": "password", - "created": "20170830073421Z" + "modified": "20171228080439Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170830073421Z\",\"description\":\"\",\"label\":\"com.apple.account.Google.oauth-token\",\"modified\":\"20171228080439Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171228091536Z\",\"description\":\"\",\"label\":\"Slack\",\"modified\":\"20171228091536Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171228091536Z", + "created": "20171228091536Z", "label": "Slack", - "type": "password", - "created": "20171228091536Z" + "modified": "20171228091536Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171228091536Z\",\"description\":\"\",\"label\":\"Slack\",\"modified\":\"20171228091536Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090918Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20171228100623Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171228100623Z", + "created": "20170823090918Z", "label": "com.apple.assistant", - "type": "password", - "created": "20170823090918Z" + "modified": "20171228100623Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090918Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20171228100623Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090918Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20171228100623Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171228100623Z", + "created": "20170823090918Z", "label": "com.apple.assistant", - "type": "password", - "created": "20170823090918Z" + "modified": "20171228100623Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090918Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20171228100623Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090918Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20171228100623Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171228100623Z", + "created": "20170823090918Z", "label": "com.apple.assistant", - "type": "password", - "created": "20170823090918Z" + "modified": "20171228100623Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090918Z\",\"description\":\"\",\"label\":\"com.apple.assistant\",\"modified\":\"20171228100623Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213112Z\",\"description\":\"\",\"label\":\"ids: personal-public-key-cache-v4\",\"modified\":\"20171228110710Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171228110710Z", + "created": "20171029213112Z", "label": "ids: personal-public-key-cache-v4", - "type": "password", - "created": "20171029213112Z" + "modified": "20171228110710Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213112Z\",\"description\":\"\",\"label\":\"ids: personal-public-key-cache-v4\",\"modified\":\"20171228110710Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171215103221Z\",\"description\":\"\",\"label\":\"ids: personal-session-token-cache-v3\",\"modified\":\"20171228110710Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171228110710Z", + "created": "20171215103221Z", "label": "ids: personal-session-token-cache-v3", - "type": "password", - "created": "20171215103221Z" + "modified": "20171228110710Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171215103221Z\",\"description\":\"\",\"label\":\"ids: personal-session-token-cache-v3\",\"modified\":\"20171228110710Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090554Z\",\"description\":\"\",\"label\":\"com.apple.facetime: registrationV1\",\"modified\":\"20171228120012Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "modified": "20171228120012Z", + "created": "20170823090554Z", "label": "com.apple.facetime: registrationV1", - "type": "password", - "created": "20170823090554Z" + "modified": "20171228120012Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20170823090554Z\",\"description\":\"\",\"label\":\"com.apple.facetime: registrationV1\",\"modified\":\"20171228120012Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213106Z\",\"description\":\"Handoff Encryption Key\",\"label\":\"handoff-own-encryption-key\",\"modified\":\"20171228143404Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "created": "20171029213106Z", "description": "Handoff Encryption Key", - "modified": "20171228143404Z", "label": "handoff-own-encryption-key", - "type": "password", - "created": "20171029213106Z" + "modified": "20171228143404Z", + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"20171029213106Z\",\"description\":\"Handoff Encryption Key\",\"label\":\"handoff-own-encryption-key\",\"modified\":\"20171228143404Z\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"Used to shield private metadata when it is stored in filesystem extended attributes.\",\"created\":\"20170823091142Z\",\"description\":\"\",\"label\":\"Spotlight Metadata Privacy\",\"modified\":\"20170823091142Z\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "password", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "password" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", - "modified": "20170823091142Z", "comment": "Used to shield private metadata when it is stored in filesystem extended attributes.", + "created": "20170823091142Z", "label": "Spotlight Metadata Privacy", - "type": "password", - "created": "20170823091142Z" + "modified": "20170823091142Z", + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "password" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"Used to shield private metadata when it is stored in filesystem extended attributes.\",\"created\":\"20170823091142Z\",\"description\":\"\",\"label\":\"Spotlight Metadata Privacy\",\"modified\":\"20170823091142Z\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"password\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"com.apple.systemdefault\",\"modified\":\"\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "com.apple.systemdefault", "path": "/Library/Keychains/System.keychain", - "label": "com.apple.systemdefault" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"com.apple.systemdefault\",\"modified\":\"\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"com.apple.kerberos.kdc\",\"modified\":\"\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "com.apple.kerberos.kdc", "path": "/Library/Keychains/System.keychain", - "label": "com.apple.kerberos.kdc" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"com.apple.kerberos.kdc\",\"modified\":\"\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"B371F367-7468-48E9-AC60-3F8754AEB5F2\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "B371F367-7468-48E9-AC60-3F8754AEB5F2", "path": "/Library/Keychains/apsd.keychain", - "label": "B371F367-7468-48E9-AC60-3F8754AEB5F2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"B371F367-7468-48E9-AC60-3F8754AEB5F2\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Certification Authority (2048)\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Entrust.net Certification Authority (2048)", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Entrust.net Certification Authority (2048)" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Certification Authority (2048)\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ANF Global Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "ANF Global Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "ANF Global Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ANF Global Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Actalis Authentication Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Actalis Authentication Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Actalis Authentication Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Actalis Authentication Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust Class 1 CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AddTrust Class 1 CA Root", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "AddTrust Class 1 CA Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust Class 1 CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust External CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AddTrust External CA Root", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "AddTrust External CA Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, - "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "epoch": "0", + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust External CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AffirmTrust Commercial\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AffirmTrust Commercial", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "AffirmTrust Commercial" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AffirmTrust Commercial\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AffirmTrust Networking\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AffirmTrust Networking", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "AffirmTrust Networking" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AffirmTrust Networking\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AffirmTrust Premium ECC\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AffirmTrust Premium ECC", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "AffirmTrust Premium ECC" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AffirmTrust Premium ECC\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AffirmTrust Premium\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AffirmTrust Premium", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "AffirmTrust Premium" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AffirmTrust Premium\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Amazon Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Amazon Root CA 1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Amazon Root CA 1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Amazon Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Amazon Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Amazon Root CA 2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Amazon Root CA 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Amazon Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Amazon Root CA 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Amazon Root CA 3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Amazon Root CA 3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Amazon Root CA 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Amazon Root CA 4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Amazon Root CA 4", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Amazon Root CA 4" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Amazon Root CA 4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Apple Root CA - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Apple Root CA - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Apple Root CA - G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Apple Root CA - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Developer ID Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Developer ID Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Developer ID Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Developer ID Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Apple Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Apple Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root Certificate Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Apple Root Certificate Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Apple Root Certificate Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root Certificate Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Atos TrustedRoot 2011\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Atos TrustedRoot 2011", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Atos TrustedRoot 2011" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Atos TrustedRoot 2011\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Autoridad de Certificacion Raiz del Estado Venezolano\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Autoridad de Certificacion Raiz del Estado Venezolano", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Autoridad de Certificacion Raiz del Estado Venezolano" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Autoridad de Certificacion Raiz del Estado Venezolano\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Admin-Root-CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Admin-Root-CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Admin-Root-CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Admin-Root-CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Baltimore CyberTrust Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Baltimore CyberTrust Root", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Baltimore CyberTrust Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Baltimore CyberTrust Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Buypass Class 2 Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Buypass Class 2 Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Buypass Class 2 Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Buypass Class 2 Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Buypass Class 3 Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Buypass Class 3 Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Buypass Class 3 Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Buypass Class 3 Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 1 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VeriSign Class 1 Public Primary Certification Authority - G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "VeriSign Class 1 Public Primary Certification Authority - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 1 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 2 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VeriSign Class 2 Public Primary Certification Authority - G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "VeriSign Class 2 Public Primary Certification Authority - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 2 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 3 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VeriSign Class 3 Public Primary Certification Authority - G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "VeriSign Class 3 Public Primary Certification Authority - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 3 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"CA Disig Root R1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "CA Disig Root R1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "CA Disig Root R1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"CA Disig Root R1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"CA Disig Root R2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "CA Disig Root R2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "CA Disig Root R2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"CA Disig Root R2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"CFCA EV ROOT\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "CFCA EV ROOT", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "CFCA EV ROOT" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"CFCA EV ROOT\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"COMODO Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "COMODO Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "COMODO Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"COMODO Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"COMODO ECC Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "COMODO ECC Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "COMODO ECC Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"COMODO ECC Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"COMODO RSA Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "COMODO RSA Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "COMODO RSA Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"COMODO RSA Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certplus Root CA G1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Certplus Root CA G1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Certplus Root CA G1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certplus Root CA G1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certplus Root CA G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Certplus Root CA G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Certplus Root CA G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certplus Root CA G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certigna\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Certigna", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Certigna" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certigna\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certinomis - Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Certinomis - Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Certinomis - Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certinomis - Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certinomis - Autorit\\\\xC3\\\\xA9 Racine\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Certinomis - Autorit\\xC3\\xA9 Racine", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Certinomis - Autorit\\xC3\\xA9 Racine" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certinomis - Autorit\\\\xC3\\\\xA9 Racine\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certum Trusted Network CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Certum Trusted Network CA 2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Certum Trusted Network CA 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certum Trusted Network CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ePKI Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "ePKI Root Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "ePKI Root Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ePKI Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ComSign CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "ComSign CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "ComSign CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ComSign CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ComSign Global Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "ComSign Global Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "ComSign Global Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, - "rule": { - "name": "pack_it-compliance_keychain_items" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ComSign Global Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ], + "user": [ + "tsg" + ] }, - "user": { - "name": "tsg" + "rule": { + "name": "pack_it-compliance_keychain_items" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ComSign Secured CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "ComSign Secured CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "ComSign Secured CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ComSign Secured CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AAA Certificate Services\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AAA Certificate Services", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "AAA Certificate Services" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AAA Certificate Services\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"D-TRUST Root Class 3 CA 2 2009\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "D-TRUST Root Class 3 CA 2 2009", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "D-TRUST Root Class 3 CA 2 2009" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"D-TRUST Root Class 3 CA 2 2009\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"D-TRUST Root Class 3 CA 2 EV 2009\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "D-TRUST Root Class 3 CA 2 EV 2009", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "D-TRUST Root Class 3 CA 2 EV 2009" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"D-TRUST Root Class 3 CA 2 EV 2009\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST Root CA X4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DST Root CA X4", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DST Root CA X4" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST Root CA X4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"D-TRUST Root CA 3 2013\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "D-TRUST Root CA 3 2013", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "D-TRUST Root CA 3 2013" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"D-TRUST Root CA 3 2013\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Deutsche Telekom Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Deutsche Telekom Root CA 2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Deutsche Telekom Root CA 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Deutsche Telekom Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Assured ID Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DigiCert Assured ID Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DigiCert Assured ID Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Assured ID Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Assured ID Root G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DigiCert Assured ID Root G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DigiCert Assured ID Root G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Assured ID Root G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Assured ID Root G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DigiCert Assured ID Root G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DigiCert Assured ID Root G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Assured ID Root G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Global Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DigiCert Global Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DigiCert Global Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Global Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Global Root G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DigiCert Global Root G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DigiCert Global Root G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Global Root G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Global Root G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DigiCert Global Root G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DigiCert Global Root G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Global Root G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert High Assurance EV Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DigiCert High Assurance EV Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DigiCert High Assurance EV Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert High Assurance EV Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Trusted Root G4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DigiCert Trusted Root G4", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DigiCert Trusted Root G4" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Trusted Root G4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"E-Tugra Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "E-Tugra Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "E-Tugra Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"E-Tugra Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Echoworx Root CA2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Echoworx Root CA2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Echoworx Root CA2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Echoworx Root CA2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Entrust Root Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Entrust Root Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust Root Certification Authority - EC1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Entrust Root Certification Authority - EC1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Entrust Root Certification Authority - EC1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust Root Certification Authority - EC1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust Root Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Entrust Root Certification Authority - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Entrust Root Certification Authority - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust Root Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Common Policy\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Common Policy", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Common Policy" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Common Policy\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Federal Common Policy CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Federal Common Policy CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Federal Common Policy CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Federal Common Policy CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Autoridad de Certificacion Firmaprofesional CIF A62634068\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Autoridad de Certificacion Firmaprofesional CIF A62634068", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Autoridad de Certificacion Firmaprofesional CIF A62634068" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Autoridad de Certificacion Firmaprofesional CIF A62634068\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Go Daddy Class 2 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Go Daddy Class 2 Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Go Daddy Class 2 Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Go Daddy Class 2 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GeoTrust Primary Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GeoTrust Primary Certification Authority - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "GeoTrust Primary Certification Authority - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GeoTrust Primary Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GeoTrust Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GeoTrust Primary Certification Authority - G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "GeoTrust Primary Certification Authority - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GeoTrust Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GeoTrust Global CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GeoTrust Global CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "GeoTrust Global CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GeoTrust Global CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GlobalSign", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "GlobalSign" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GlobalSign Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "GlobalSign Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GlobalSign", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "GlobalSign" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GlobalSign", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "GlobalSign" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GlobalSign", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "GlobalSign" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Go Daddy Root Certificate Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Go Daddy Root Certificate Authority - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Go Daddy Root Certificate Authority - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Go Daddy Root Certificate Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Gold Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "SwissSign Gold Root CA - G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "SwissSign Gold Root CA - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Gold Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Hongkong Post Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Hongkong Post Root CA 1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Hongkong Post Root CA 1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Hongkong Post Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Hellenic Academic and Research Institutions RootCA 2011\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Hellenic Academic and Research Institutions RootCA 2011", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Hellenic Academic and Research Institutions RootCA 2011" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Hellenic Academic and Research Institutions RootCA 2011\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"I.CA - Qualified Certification Authority, 09/2009\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "I.CA - Qualified Certification Authority, 09/2009", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "I.CA - Qualified Certification Authority, 09/2009" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"I.CA - Qualified Certification Authority, 09/2009\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IdenTrust Commercial Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "IdenTrust Commercial Root CA 1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "IdenTrust Commercial Root CA 1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IdenTrust Commercial Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IdenTrust Public Sector Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "IdenTrust Public Sector Root CA 1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "IdenTrust Public Sector Root CA 1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IdenTrust Public Sector Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST Root CA X3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DST Root CA X3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DST Root CA X3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST Root CA X3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST ACES CA X6\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DST ACES CA X6", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "DST ACES CA X6" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST ACES CA X6\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Izenpe.com\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Izenpe.com", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Izenpe.com" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Izenpe.com\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Izenpe.com\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Izenpe.com", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Izenpe.com" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Izenpe.com\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Izenpe.com\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Izenpe.com", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Izenpe.com" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Izenpe.com\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ApplicationCA2 Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "ApplicationCA2 Root", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "ApplicationCA2 Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ApplicationCA2 Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SZAFIR ROOT CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "SZAFIR ROOT CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "SZAFIR ROOT CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SZAFIR ROOT CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Microsec e-Szigno Root CA 2009\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Microsec e-Szigno Root CA 2009", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Microsec e-Szigno Root CA 2009" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Microsec e-Szigno Root CA 2009\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"NetLock Arany (Class Gold) F\\\\xC5\\\\x91tan\\\\xC3\\\\xBAs\\\\xC3\\\\xADtv\\\\xC3\\\\xA1ny\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "NetLock Arany (Class Gold) F\\xC5\\x91tan\\xC3\\xBAs\\xC3\\xADtv\\xC3\\xA1ny", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "NetLock Arany (Class Gold) F\\xC5\\x91tan\\xC3\\xBAs\\xC3\\xADtv\\xC3\\xA1ny" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"NetLock Arany (Class Gold) F\\\\xC5\\\\x91tan\\\\xC3\\\\xBAs\\\\xC3\\\\xADtv\\\\xC3\\\\xA1ny\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Network Solutions Certificate Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Network Solutions Certificate Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Network Solutions Certificate Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Network Solutions Certificate Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OpenTrust Root CA G1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "OpenTrust Root CA G1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "OpenTrust Root CA G1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OpenTrust Root CA G1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OpenTrust Root CA G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "OpenTrust Root CA G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "OpenTrust Root CA G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OpenTrust Root CA G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OpenTrust Root CA G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "OpenTrust Root CA G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "OpenTrust Root CA G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OpenTrust Root CA G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Staat der Nederlanden Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Staat der Nederlanden Root CA - G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Staat der Nederlanden Root CA - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Staat der Nederlanden Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Platinum Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "SwissSign Platinum Root CA - G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "SwissSign Platinum Root CA - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Platinum Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certum Trusted Network CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Certum Trusted Network CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Certum Trusted Network CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certum Trusted Network CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Chambers of Commerce Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Chambers of Commerce Root", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Chambers of Commerce Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Chambers of Commerce Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Global Chambersign Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Global Chambersign Root", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Global Chambersign Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Global Chambersign Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Security Communication RootCA1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Security Communication RootCA1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Security Communication RootCA1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Security Communication RootCA1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Security Communication EV RootCA1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Security Communication EV RootCA1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Security Communication EV RootCA1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Security Communication EV RootCA1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Security Communication RootCA2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Security Communication RootCA2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Security Communication RootCA2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Security Communication RootCA2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Starfield Class 2 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Starfield Class 2 Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Starfield Class 2 Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Starfield Class 2 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"EE Certification Centre Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "EE Certification Centre Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "EE Certification Centre Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"EE Certification Centre Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Silver Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "SwissSign Silver Root CA - G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "SwissSign Silver Root CA - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Silver Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Sonera Class2 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Sonera Class2 CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Sonera Class2 CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Sonera Class2 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Staat der Nederlanden EV Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Staat der Nederlanden EV Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Staat der Nederlanden EV Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Staat der Nederlanden EV Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Starfield Root Certificate Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Starfield Root Certificate Authority - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Starfield Root Certificate Authority - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Starfield Root Certificate Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Starfield Services Root Certificate Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Starfield Services Root Certificate Authority - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Starfield Services Root Certificate Authority - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Starfield Services Root Certificate Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"StartCom Certification Authority G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "StartCom Certification Authority G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "StartCom Certification Authority G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"StartCom Certification Authority G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Gold CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "SwissSign Gold CA - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "SwissSign Gold CA - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Gold CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Platinum CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "SwissSign Platinum CA - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "SwissSign Platinum CA - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Platinum CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Silver CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "SwissSign Silver CA - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "SwissSign Silver CA - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign Silver CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Swisscom Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Swisscom Root CA 2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Swisscom Root CA 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Swisscom Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Swisscom Root EV CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Swisscom Root EV CA 2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Swisscom Root EV CA 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Swisscom Root EV CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 1 Public Primary Certification Authority - G4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Symantec Class 1 Public Primary Certification Authority - G4", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Symantec Class 1 Public Primary Certification Authority - G4" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 1 Public Primary Certification Authority - G4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 1 Public Primary Certification Authority - G6\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Symantec Class 1 Public Primary Certification Authority - G6", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Symantec Class 1 Public Primary Certification Authority - G6" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 1 Public Primary Certification Authority - G6\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 2 Public Primary Certification Authority - G4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Symantec Class 2 Public Primary Certification Authority - G4", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Symantec Class 2 Public Primary Certification Authority - G4" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 2 Public Primary Certification Authority - G4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 2 Public Primary Certification Authority - G6\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Symantec Class 2 Public Primary Certification Authority - G6", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Symantec Class 2 Public Primary Certification Authority - G6" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 2 Public Primary Certification Authority - G6\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 3 Public Primary Certification Authority - G4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Symantec Class 3 Public Primary Certification Authority - G4", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Symantec Class 3 Public Primary Certification Authority - G4" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 3 Public Primary Certification Authority - G4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 3 Public Primary Certification Authority - G6\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Symantec Class 3 Public Primary Certification Authority - G6", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Symantec Class 3 Public Primary Certification Authority - G6" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Symantec Class 3 Public Primary Certification Authority - G6\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"T-TeleSec GlobalRoot Class 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "T-TeleSec GlobalRoot Class 2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "T-TeleSec GlobalRoot Class 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"T-TeleSec GlobalRoot Class 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"T-TeleSec GlobalRoot Class 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "T-TeleSec GlobalRoot Class 3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "T-TeleSec GlobalRoot Class 3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"T-TeleSec GlobalRoot Class 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TRUST2408 OCES Primary CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TRUST2408 OCES Primary CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "TRUST2408 OCES Primary CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TRUST2408 OCES Primary CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TWCA Global Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TWCA Global Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "TWCA Global Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TWCA Global Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Government Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Government Root Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Government Root Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Government Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TeliaSonera Root CA v1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TeliaSonera Root CA v1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "TeliaSonera Root CA v1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TeliaSonera Root CA v1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Trustis FPS Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Trustis FPS Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Trustis FPS Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Trustis FPS Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Secure Global CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Secure Global CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Secure Global CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Secure Global CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SecureTrust CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "SecureTrust CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "SecureTrust CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SecureTrust CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"T\\\\xC3\\\\x9CB\\\\xC4\\\\xB0TAK UEKAE K\\\\xC3\\\\xB6k Sertifika Hizmet Sa\\\\xC4\\\\x9Flay\\\\xC4\\\\xB1c\\\\xC4\\\\xB1s\\\\xC4\\\\xB1 - S\\\\xC3\\\\xBCr\\\\xC3\\\\xBCm 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "T\\xC3\\x9CB\\xC4\\xB0TAK UEKAE K\\xC3\\xB6k Sertifika Hizmet Sa\\xC4\\x9Flay\\xC4\\xB1c\\xC4\\xB1s\\xC4\\xB1 - S\\xC3\\xBCr\\xC3\\xBCm 3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "T\\xC3\\x9CB\\xC4\\xB0TAK UEKAE K\\xC3\\xB6k Sertifika Hizmet Sa\\xC4\\x9Flay\\xC4\\xB1c\\xC4\\xB1s\\xC4\\xB1 - S\\xC3\\xBCr\\xC3\\xBCm 3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"T\\\\xC3\\\\x9CB\\\\xC4\\\\xB0TAK UEKAE K\\\\xC3\\\\xB6k Sertifika Hizmet Sa\\\\xC4\\\\x9Flay\\\\xC4\\\\xB1c\\\\xC4\\\\xB1s\\\\xC4\\\\xB1 - S\\\\xC3\\\\xBCr\\\\xC3\\\\xBCm 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UCA Global Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UCA Global Root", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "UCA Global Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UCA Global Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UCA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UCA Root", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "UCA Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UCA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"USERTrust ECC Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "USERTrust ECC Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "USERTrust ECC Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"USERTrust ECC Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"USERTrust RSA Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "USERTrust RSA Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "USERTrust RSA Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"USERTrust RSA Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Client Authentication and Email\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UTN-USERFirst-Client Authentication and Email", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "UTN-USERFirst-Client Authentication and Email" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Client Authentication and Email\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Hardware\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UTN-USERFirst-Hardware", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "UTN-USERFirst-Hardware" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Hardware\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Object\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UTN-USERFirst-Object", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "UTN-USERFirst-Object" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Object\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN - DATACorp SGC\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UTN - DATACorp SGC", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "UTN - DATACorp SGC" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN - DATACorp SGC\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certum CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Certum CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Certum CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Certum CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 3 Public Primary Certification Authority - G4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VeriSign Class 3 Public Primary Certification Authority - G4", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "VeriSign Class 3 Public Primary Certification Authority - G4" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 3 Public Primary Certification Authority - G4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Universal Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VeriSign Universal Root Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "VeriSign Universal Root Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } - }, - "related": { - "user": [ - "tsg" - ], + }, + "related": { "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Universal Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 3 Public Primary Certification Authority - G5\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VeriSign Class 3 Public Primary Certification Authority - G5", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "VeriSign Class 3 Public Primary Certification Authority - G5" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 3 Public Primary Certification Authority - G5\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Visa Information Delivery Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Visa Information Delivery Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Visa Information Delivery Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Visa Information Delivery Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Visa eCommerce Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Visa eCommerce Root", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Visa eCommerce Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Visa eCommerce Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OISTE WISeKey Global Root GB CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "OISTE WISeKey Global Root GB CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "OISTE WISeKey Global Root GB CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OISTE WISeKey Global Root GB CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OISTE WISeKey Global Root GA CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "OISTE WISeKey Global Root GA CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "OISTE WISeKey Global Root GA CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OISTE WISeKey Global Root GA CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"XRamp Global Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "XRamp Global Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "XRamp Global Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"XRamp Global Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Belgium Root CA2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Belgium Root CA2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Belgium Root CA2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Belgium Root CA2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"certSIGN ROOT CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "certSIGN ROOT CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "certSIGN ROOT CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"certSIGN ROOT CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 2 Primary CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Class 2 Primary CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Class 2 Primary CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 2 Primary CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Cisco Root CA 2048\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Cisco Root CA 2048", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Cisco Root CA 2048" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Cisco Root CA 2048\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Certification Authority (2048)\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Entrust.net Certification Authority (2048)", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Entrust.net Certification Authority (2048)" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Certification Authority (2048)\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GeoTrust Primary Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GeoTrust Primary Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "GeoTrust Primary Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GeoTrust Primary Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ISRG Root X1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "ISRG Root X1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "ISRG Root X1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ISRG Root X1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"KISA RootCA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "KISA RootCA 1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "KISA RootCA 1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"KISA RootCA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VRK Gov. Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VRK Gov. Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "VRK Gov. Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VRK Gov. Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "QuoVadis Root Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "QuoVadis Root Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 1 G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "QuoVadis Root CA 1 G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "QuoVadis Root CA 1 G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 1 G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "QuoVadis Root CA 2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "QuoVadis Root CA 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 2 G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "QuoVadis Root CA 2 G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "QuoVadis Root CA 2 G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 2 G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "QuoVadis Root CA 3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "QuoVadis Root CA 3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 3 G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "QuoVadis Root CA 3 G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "QuoVadis Root CA 3 G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 3 G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Chambers of Commerce Root - 2008\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Chambers of Commerce Root - 2008", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Chambers of Commerce Root - 2008" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Chambers of Commerce Root - 2008\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Global Chambersign Root - 2008\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Global Chambersign Root - 2008", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Global Chambersign Root - 2008" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Global Chambersign Root - 2008\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Staat der Nederlanden Root CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Staat der Nederlanden Root CA - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Staat der Nederlanden Root CA - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Staat der Nederlanden Root CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"StartCom Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "StartCom Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "StartCom Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, - "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "epoch": "0", + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"StartCom Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"StartCom Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "StartCom Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "StartCom Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"StartCom Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Swisscom Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Swisscom Root CA 1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "Swisscom Root CA 1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Swisscom Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"thawte Primary Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "thawte Primary Root CA - G3", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "thawte Primary Root CA - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"thawte Primary Root CA - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"thawte Primary Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "thawte Primary Root CA", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "thawte Primary Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"thawte Primary Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"thawte Primary Root CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "thawte Primary Root CA - G2", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "thawte Primary Root CA - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"thawte Primary Root CA - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"T\\\\xC3\\\\x9CRKTRUST Elektronik Sertifika Hizmet Sa\\\\xC4\\\\x9Flay\\\\xC4\\\\xB1c\\\\xC4\\\\xB1s\\\\xC4\\\\xB1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "T\\xC3\\x9CRKTRUST Elektronik Sertifika Hizmet Sa\\xC4\\x9Flay\\xC4\\xB1c\\xC4\\xB1s\\xC4\\xB1", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "T\\xC3\\x9CRKTRUST Elektronik Sertifika Hizmet Sa\\xC4\\x9Flay\\xC4\\xB1c\\xC4\\xB1s\\xC4\\xB1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"T\\\\xC3\\\\x9CRKTRUST Elektronik Sertifika Hizmet Sa\\\\xC4\\\\x9Flay\\\\xC4\\\\xB1c\\\\xC4\\\\xB1s\\\\xC4\\\\xB1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TWCA Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/SystemRootCertificates.keychain" + "path": "/System/Library/Keychains/SystemRootCertificates.keychain", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TWCA Root Certification Authority", "path": "/System/Library/Keychains/SystemRootCertificates.keychain", - "label": "TWCA Root Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TWCA Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/SystemRootCertificates.keychain\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Prefectural Association For JPKI\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Prefectural Association For JPKI", "path": "/System/Library/Keychains/X509Anchors", - "label": "Prefectural Association For JPKI" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Prefectural Association For JPKI\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Certification Authority (2048)\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Entrust.net Certification Authority (2048)", "path": "/System/Library/Keychains/X509Anchors", - "label": "Entrust.net Certification Authority (2048)" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Certification Authority (2048)\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"A-Trust-Qual-02\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "A-Trust-Qual-02", "path": "/System/Library/Keychains/X509Anchors", - "label": "A-Trust-Qual-02" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"A-Trust-Qual-02\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AOL Time Warner Root Certification Authority 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AOL Time Warner Root Certification Authority 1", "path": "/System/Library/Keychains/X509Anchors", - "label": "AOL Time Warner Root Certification Authority 1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AOL Time Warner Root Certification Authority 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AOL Time Warner Root Certification Authority 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AOL Time Warner Root Certification Authority 2", "path": "/System/Library/Keychains/X509Anchors", - "label": "AOL Time Warner Root Certification Authority 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AOL Time Warner Root Certification Authority 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust Class 1 CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AddTrust Class 1 CA Root", "path": "/System/Library/Keychains/X509Anchors", - "label": "AddTrust Class 1 CA Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust Class 1 CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust External CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AddTrust External CA Root", "path": "/System/Library/Keychains/X509Anchors", - "label": "AddTrust External CA Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust External CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust Public CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AddTrust Public CA Root", "path": "/System/Library/Keychains/X509Anchors", - "label": "AddTrust Public CA Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust Public CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust Qualified CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AddTrust Qualified CA Root", "path": "/System/Library/Keychains/X509Anchors", - "label": "AddTrust Qualified CA Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AddTrust Qualified CA Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SERVICIOS DE CERTIFICACION - A.N.C.\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "SERVICIOS DE CERTIFICACION - A.N.C.", "path": "/System/Library/Keychains/X509Anchors", - "label": "SERVICIOS DE CERTIFICACION - A.N.C." + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SERVICIOS DE CERTIFICACION - A.N.C.\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"America Online Root Certification Authority 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "America Online Root Certification Authority 1", "path": "/System/Library/Keychains/X509Anchors", - "label": "America Online Root Certification Authority 1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"America Online Root Certification Authority 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"America Online Root Certification Authority 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "America Online Root Certification Authority 2", "path": "/System/Library/Keychains/X509Anchors", - "label": "America Online Root Certification Authority 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"America Online Root Certification Authority 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Application CA G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Application CA G2", "path": "/System/Library/Keychains/X509Anchors", - "label": "Application CA G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Application CA G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Apple Root CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "Apple Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root Certificate Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Apple Root Certificate Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Apple Root Certificate Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Root Certificate Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Baltimore CyberTrust Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Baltimore CyberTrust Root", "path": "/System/Library/Keychains/X509Anchors", - "label": "Baltimore CyberTrust Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Baltimore CyberTrust Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 1 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VeriSign Class 1 Public Primary Certification Authority - G3", "path": "/System/Library/Keychains/X509Anchors", - "label": "VeriSign Class 1 Public Primary Certification Authority - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 1 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 2 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VeriSign Class 2 Public Primary Certification Authority - G3", "path": "/System/Library/Keychains/X509Anchors", - "label": "VeriSign Class 2 Public Primary Certification Authority - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 2 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 3 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VeriSign Class 3 Public Primary Certification Authority - G3", "path": "/System/Library/Keychains/X509Anchors", - "label": "VeriSign Class 3 Public Primary Certification Authority - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 3 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 4 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "VeriSign Class 4 Public Primary Certification Authority - G3", "path": "/System/Library/Keychains/X509Anchors", - "label": "VeriSign Class 4 Public Primary Certification Authority - G3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"VeriSign Class 4 Public Primary Certification Authority - G3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 1 Public Primary Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Class 1 Public Primary Certification Authority - G2", "path": "/System/Library/Keychains/X509Anchors", - "label": "Class 1 Public Primary Certification Authority - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 1 Public Primary Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 2 Public Primary Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Class 2 Public Primary Certification Authority - G2", "path": "/System/Library/Keychains/X509Anchors", - "label": "Class 2 Public Primary Certification Authority - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 2 Public Primary Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 3 Public Primary Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Class 3 Public Primary Certification Authority - G2", "path": "/System/Library/Keychains/X509Anchors", - "label": "Class 3 Public Primary Certification Authority - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 3 Public Primary Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 4 Public Primary Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Class 4 Public Primary Certification Authority - G2", "path": "/System/Library/Keychains/X509Anchors", - "label": "Class 4 Public Primary Certification Authority - G2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 4 Public Primary Certification Authority - G2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Common Policy\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Common Policy", "path": "/System/Library/Keychains/X509Anchors", - "label": "Common Policy" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Common Policy\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AAA Certificate Services\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "AAA Certificate Services", "path": "/System/Library/Keychains/X509Anchors", - "label": "AAA Certificate Services" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"AAA Certificate Services\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Secure Certificate Services\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Secure Certificate Services", "path": "/System/Library/Keychains/X509Anchors", - "label": "Secure Certificate Services" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Secure Certificate Services\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Trusted Certificate Services\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Trusted Certificate Services", "path": "/System/Library/Keychains/X509Anchors", - "label": "Trusted Certificate Services" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Trusted Certificate Services\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST Root CA X4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DST Root CA X4", "path": "/System/Library/Keychains/X509Anchors", - "label": "DST Root CA X4" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST Root CA X4\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST RootCA X1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DST RootCA X1", "path": "/System/Library/Keychains/X509Anchors", - "label": "DST RootCA X1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, - "rule": { - "name": "pack_it-compliance_keychain_items" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST RootCA X1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ], + "user": [ + "tsg" + ] }, - "user": { - "name": "tsg" + "rule": { + "name": "pack_it-compliance_keychain_items" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST RootCA X2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DST RootCA X2", "path": "/System/Library/Keychains/X509Anchors", - "label": "DST RootCA X2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DST RootCA X2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Assured ID Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DigiCert Assured ID Root CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "DigiCert Assured ID Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DigiCert Assured ID Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DoD CLASS 3 Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DoD CLASS 3 Root CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "DoD CLASS 3 Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DoD CLASS 3 Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DoD PKI Med Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DoD PKI Med Root CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "DoD PKI Med Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DoD PKI Med Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DoD Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "DoD Root CA 2", "path": "/System/Library/Keychains/X509Anchors", - "label": "DoD Root CA 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"DoD Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ECA Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "ECA Root CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "ECA Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"ECA Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Equifax Secure Certificate Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Equifax Secure Certificate Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Equifax Secure Certificate Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Equifax Secure Certificate Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Equifax Secure Global eBusiness CA-1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Equifax Secure Global eBusiness CA-1", "path": "/System/Library/Keychains/X509Anchors", - "label": "Equifax Secure Global eBusiness CA-1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Equifax Secure Global eBusiness CA-1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Equifax Secure eBusiness CA-1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Equifax Secure eBusiness CA-1", "path": "/System/Library/Keychains/X509Anchors", - "label": "Equifax Secure eBusiness CA-1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Equifax Secure eBusiness CA-1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Equifax Secure eBusiness CA-2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Equifax Secure eBusiness CA-2", "path": "/System/Library/Keychains/X509Anchors", - "label": "Equifax Secure eBusiness CA-2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Equifax Secure eBusiness CA-2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Client Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Entrust.net Client Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Entrust.net Client Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Client Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Go Daddy Class 2 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Go Daddy Class 2 Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Go Daddy Class 2 Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Go Daddy Class 2 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GTE CyberTrust Global Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GTE CyberTrust Global Root", "path": "/System/Library/Keychains/X509Anchors", - "label": "GTE CyberTrust Global Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GTE CyberTrust Global Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GeoTrust Global CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GeoTrust Global CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "GeoTrust Global CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GeoTrust Global CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GlobalSign", "path": "/System/Library/Keychains/X509Anchors", - "label": "GlobalSign" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS SERVIDORES\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "IPS SERVIDORES", "path": "/System/Library/Keychains/X509Anchors", - "label": "IPS SERVIDORES" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS SERVIDORES\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"KMD-CA Kvalificeret Person\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "KMD-CA Kvalificeret Person", "path": "/System/Library/Keychains/X509Anchors", - "label": "KMD-CA Kvalificeret Person" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"KMD-CA Kvalificeret Person\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"KMD-CA Server\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "KMD-CA Server", "path": "/System/Library/Keychains/X509Anchors", - "label": "KMD-CA Server" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"KMD-CA Server\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"MPHPT\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "MPHPT", "path": "/System/Library/Keychains/X509Anchors", - "label": "MPHPT" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"MPHPT\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 1 Public Primary Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Class 1 Public Primary Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Class 1 Public Primary Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 1 Public Primary Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 2 Public Primary Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Class 2 Public Primary Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Class 2 Public Primary Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 2 Public Primary Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 3 Public Primary Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Class 3 Public Primary Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Class 3 Public Primary Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Class 3 Public Primary Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Chambers of Commerce Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Chambers of Commerce Root", "path": "/System/Library/Keychains/X509Anchors", - "label": "Chambers of Commerce Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Chambers of Commerce Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Global Chambersign Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Global Chambersign Root", "path": "/System/Library/Keychains/X509Anchors", - "label": "Global Chambersign Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Global Chambersign Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"RSA Security 2048 V3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "RSA Security 2048 V3", "path": "/System/Library/Keychains/X509Anchors", - "label": "RSA Security 2048 V3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"RSA Security 2048 V3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"RSA Security 1024 V3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "RSA Security 1024 V3", "path": "/System/Library/Keychains/X509Anchors", - "label": "RSA Security 1024 V3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"RSA Security 1024 V3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Visa eCommerce Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Visa eCommerce Root", "path": "/System/Library/Keychains/X509Anchors", - "label": "Visa eCommerce Root" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Visa eCommerce Root\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Security Communication RootCA1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Security Communication RootCA1", "path": "/System/Library/Keychains/X509Anchors", - "label": "Security Communication RootCA1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Security Communication RootCA1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Starfield Class 2 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Starfield Class 2 Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Starfield Class 2 Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Starfield Class 2 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Secure Server Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Secure Server Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Secure Server Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Secure Server Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Sonera Class1 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Sonera Class1 CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "Sonera Class1 CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Sonera Class1 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Sonera Class2 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Sonera Class2 CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "Sonera Class2 CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Sonera Class2 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 1 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TC TrustCenter Class 1 CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "TC TrustCenter Class 1 CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 1 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 2 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TC TrustCenter Class 2 CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "TC TrustCenter Class 2 CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 2 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 3 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TC TrustCenter Class 3 CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "TC TrustCenter Class 3 CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 3 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 4 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TC TrustCenter Class 4 CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "TC TrustCenter Class 4 CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 4 CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Time Stamping CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TC TrustCenter Time Stamping CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "TC TrustCenter Time Stamping CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Time Stamping CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TDC OCES CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TDC OCES CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "TDC OCES CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TDC OCES CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TDC Internet Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TDC Internet Root CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "TDC Internet Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TDC Internet Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Client Authentication and Email\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UTN-USERFirst-Client Authentication and Email", "path": "/System/Library/Keychains/X509Anchors", - "label": "UTN-USERFirst-Client Authentication and Email" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Client Authentication and Email\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Hardware\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UTN-USERFirst-Hardware", "path": "/System/Library/Keychains/X509Anchors", - "label": "UTN-USERFirst-Hardware" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Hardware\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Network Applications\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UTN-USERFirst-Network Applications", "path": "/System/Library/Keychains/X509Anchors", - "label": "UTN-USERFirst-Network Applications" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Network Applications\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Object\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UTN-USERFirst-Object", "path": "/System/Library/Keychains/X509Anchors", - "label": "UTN-USERFirst-Object" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN-USERFirst-Object\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN - DATACorp SGC\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "UTN - DATACorp SGC", "path": "/System/Library/Keychains/X509Anchors", - "label": "UTN - DATACorp SGC" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"UTN - DATACorp SGC\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"http://www.valicert.com/\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "http://www.valicert.com/", "path": "/System/Library/Keychains/X509Anchors", - "label": "http://www.valicert.com/" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"http://www.valicert.com/\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"http://www.valicert.com/\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "http://www.valicert.com/", "path": "/System/Library/Keychains/X509Anchors", - "label": "http://www.valicert.com/" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"http://www.valicert.com/\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"http://www.valicert.com/\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "http://www.valicert.com/", "path": "/System/Library/Keychains/X509Anchors", - "label": "http://www.valicert.com/" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"http://www.valicert.com/\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OISTE WISeKey Global Root GA CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "OISTE WISeKey Global Root GA CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "OISTE WISeKey Global Root GA CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"OISTE WISeKey Global Root GA CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"XRamp Global Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "XRamp Global Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "XRamp Global Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"XRamp Global Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"A-CERT ADVANCED\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "A-CERT ADVANCED", "path": "/System/Library/Keychains/X509Anchors", - "label": "A-CERT ADVANCED" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"A-CERT ADVANCED\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Arge Daten Oesterreichische Gesellschaft fuer Datenschutz\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Arge Daten Oesterreichische Gesellschaft fuer Datenschutz", "path": "/System/Library/Keychains/X509Anchors", - "label": "Arge Daten Oesterreichische Gesellschaft fuer Datenschutz" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Arge Daten Oesterreichische Gesellschaft fuer Datenschutz\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"CertiNomis\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "CertiNomis", "path": "/System/Library/Keychains/X509Anchors", - "label": "CertiNomis" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"CertiNomis\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"beTRUSTed Root CAs\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "beTRUSTed Root CAs", "path": "/System/Library/Keychains/X509Anchors", - "label": "beTRUSTed Root CAs" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"beTRUSTed Root CAs\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Belgium Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Belgium Root CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "Belgium Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Belgium Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Client Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Entrust.net Client Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Entrust.net Client Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Client Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"NetLock Expressz (Class C) Tanusitvanykiado\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "NetLock Expressz (Class C) Tanusitvanykiado", "path": "/System/Library/Keychains/X509Anchors", - "label": "NetLock Expressz (Class C) Tanusitvanykiado" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"NetLock Expressz (Class C) Tanusitvanykiado\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GIP-CPS\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GIP-CPS", "path": "/System/Library/Keychains/X509Anchors", - "label": "GIP-CPS" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GIP-CPS\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "GlobalSign Root CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "GlobalSign Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"GlobalSign Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Secure Server Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Entrust.net Secure Server Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Entrust.net Secure Server Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Secure Server Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA Chained CAs Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "IPS CA Chained CAs Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "IPS CA Chained CAs Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA Chained CAs Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA CLASE1 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "IPS CA CLASE1 Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "IPS CA CLASE1 Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA CLASE1 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA CLASE3 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "IPS CA CLASE3 Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "IPS CA CLASE3 Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA CLASE3 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA CLASEA1 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "IPS CA CLASEA1 Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "IPS CA CLASEA1 Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA CLASEA1 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA CLASEA3 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "IPS CA CLASEA3 Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "IPS CA CLASEA3 Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA CLASEA3 Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA Timestamping Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "IPS CA Timestamping Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "IPS CA Timestamping Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"IPS CA Timestamping Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"KISA RootCA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "KISA RootCA 1", "path": "/System/Library/Keychains/X509Anchors", - "label": "KISA RootCA 1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"KISA RootCA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"CertRSA01\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "CertRSA01", "path": "/System/Library/Keychains/X509Anchors", - "label": "CertRSA01" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"CertRSA01\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"KISA RootCA 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "KISA RootCA 3", "path": "/System/Library/Keychains/X509Anchors", - "label": "KISA RootCA 3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"KISA RootCA 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"NetLock Kozjegyzoi (Class A) Tanusitvanykiado\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "NetLock Kozjegyzoi (Class A) Tanusitvanykiado", "path": "/System/Library/Keychains/X509Anchors", - "label": "NetLock Kozjegyzoi (Class A) Tanusitvanykiado" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"NetLock Kozjegyzoi (Class A) Tanusitvanykiado\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado", "path": "/System/Library/Keychains/X509Anchors", - "label": "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Thawte Personal Basic CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Thawte Personal Basic CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "Thawte Personal Basic CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Thawte Personal Basic CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Thawte Personal Freemail CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Thawte Personal Freemail CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "Thawte Personal Freemail CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Thawte Personal Freemail CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Thawte Personal Premium CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Thawte Personal Premium CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "Thawte Personal Premium CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Thawte Personal Premium CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "QuoVadis Root Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "QuoVadis Root Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "QuoVadis Root CA 2", "path": "/System/Library/Keychains/X509Anchors", - "label": "QuoVadis Root CA 2" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 2\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "QuoVadis Root CA 3", "path": "/System/Library/Keychains/X509Anchors", - "label": "QuoVadis Root CA 3" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"QuoVadis Root CA 3\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Thawte Server CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Thawte Server CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "Thawte Server CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Thawte Server CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Thawte Premium Server CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Thawte Premium Server CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "Thawte Premium Server CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Thawte Premium Server CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Staat der Nederlanden Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Staat der Nederlanden Root CA", "path": "/System/Library/Keychains/X509Anchors", - "label": "Staat der Nederlanden Root CA" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Staat der Nederlanden Root CA\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Free SSL Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Free SSL Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Free SSL Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Free SSL Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Swisscom Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Swisscom Root CA 1", "path": "/System/Library/Keychains/X509Anchors", - "label": "Swisscom Root CA 1" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Swisscom Root CA 1\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign CA (RSA IK May 6 1999 18:00:58)\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "SwissSign CA (RSA IK May 6 1999 18:00:58)", "path": "/System/Library/Keychains/X509Anchors", - "label": "SwissSign CA (RSA IK May 6 1999 18:00:58)" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"SwissSign CA (RSA IK May 6 1999 18:00:58)\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Universal CA I\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TC TrustCenter Universal CA I", "path": "/System/Library/Keychains/X509Anchors", - "label": "TC TrustCenter Universal CA I" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Universal CA I\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Universal CA II\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TC TrustCenter Universal CA II", "path": "/System/Library/Keychains/X509Anchors", - "label": "TC TrustCenter Universal CA II" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Universal CA II\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 2 CA II\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TC TrustCenter Class 2 CA II", "path": "/System/Library/Keychains/X509Anchors", - "label": "TC TrustCenter Class 2 CA II" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 2 CA II\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 3 CA II\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TC TrustCenter Class 3 CA II", "path": "/System/Library/Keychains/X509Anchors", - "label": "TC TrustCenter Class 3 CA II" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 3 CA II\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 4 CA II\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "TC TrustCenter Class 4 CA II", "path": "/System/Library/Keychains/X509Anchors", - "label": "TC TrustCenter Class 4 CA II" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"TC TrustCenter Class 4 CA II\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"NetLock Uzleti (Class B) Tanusitvanykiado\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "NetLock Uzleti (Class B) Tanusitvanykiado", "path": "/System/Library/Keychains/X509Anchors", - "label": "NetLock Uzleti (Class B) Tanusitvanykiado" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"NetLock Uzleti (Class B) Tanusitvanykiado\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Secure Server Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Entrust.net Secure Server Certification Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Entrust.net Secure Server Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Entrust.net Secure Server Certification Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Wells Fargo Root Certificate Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/System/Library/Keychains/X509Anchors" + "path": "/System/Library/Keychains/X509Anchors", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Wells Fargo Root Certificate Authority", "path": "/System/Library/Keychains/X509Anchors", - "label": "Wells Fargo Root Certificate Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Wells Fargo Root Certificate Authority\",\"modified\":\"\",\"path\":\"/System/Library/Keychains/X509Anchors\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"com.apple.idms.appleid.prd.566f4f655934384139695067416d32313031683567413d3d\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "com.apple.idms.appleid.prd.566f4f655934384139695067416d32313031683567413d3d", "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "label": "com.apple.idms.appleid.prd.566f4f655934384139695067416d32313031683567413d3d" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"com.apple.idms.appleid.prd.566f4f655934384139695067416d32313031683567413d3d\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Application Integration Certification Authority\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "certificate", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "certificate" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "certificate", + "label": "Apple Application Integration Certification Authority", "path": "/Users/tsg/Library/Keychains/login.keychain-db", - "label": "Apple Application Integration Certification Authority" + "type": "certificate" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"Apple Application Integration Certification Authority\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"certificate\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "symmetric key", - "path": "/Users/tsg/Library/Keychains/metadata.keychain-db" + "path": "/Users/tsg/Library/Keychains/metadata.keychain-db", + "type": "symmetric key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/metadata.keychain-db\",\"type\":\"symmetric key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "public key", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "public key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "public key", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "public key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "public key", - "path": "/Library/Keychains/System.keychain" + "path": "/Library/Keychains/System.keychain", + "type": "public key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { - "columns": { - "type": "public key", - "path": "/Library/Keychains/System.keychain" - }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", + "columns": { + "path": "/Library/Keychains/System.keychain", + "type": "public key" + }, + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/System.keychain\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "public key", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "public key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "public key", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "public key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "public key", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "public key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "public key", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "public key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "public key", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "public key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "public key", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "public key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "public key", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "public key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "public key", - "path": "/Users/tsg/Library/Keychains/login.keychain-db" + "path": "/Users/tsg/Library/Keychains/login.keychain-db", + "type": "public key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Users/tsg/Library/Keychains/login.keychain-db\",\"type\":\"public key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "type": "private key", - "path": "/Library/Keychains/apsd.keychain" + "path": "/Library/Keychains/apsd.keychain", + "type": "private key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"/Library/Keychains/apsd.keychain\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "type": "private key" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "type": "private key" }, - "name": "pack_it-compliance_keychain_items", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_keychain_items", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_keychain_items" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"comment\":\"\",\"created\":\"\",\"description\":\"\",\"label\":\"\",\"modified\":\"\",\"path\":\"\",\"type\":\"private key\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_keychain_items\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"build\":\"17B1003\",\"codename\":\"\",\"major\":\"10\",\"minor\":\"13\",\"name\":\"Mac OS X\",\"patch\":\"1\",\"platform\":\"darwin\",\"platform_like\":\"darwin\",\"version\":\"10.13.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_os_version\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { - "patch": "1", + "build": "17B1003", "major": "10", "minor": "13", - "build": "17B1003", "name": "Mac OS X", + "patch": "1", + "platform": "darwin", "platform_like": "darwin", - "version": "10.13.1", - "platform": "darwin" + "version": "10.13.1" }, - "name": "pack_it-compliance_os_version", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_os_version", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_os_version" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"build\":\"17B1003\",\"codename\":\"\",\"major\":\"10\",\"minor\":\"13\",\"name\":\"Mac OS X\",\"patch\":\"1\",\"platform\":\"darwin\",\"platform_like\":\"darwin\",\"version\":\"10.13.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_os_version\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1512023587.64908\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.update.os.10.13.1Supplemental.17B1003\",\"path\":\"/System/Library/Receipts/com.apple.pkg.update.os.10.13.1Supplemental.17B1003.plist\",\"version\":\"1.0.0.0.1.1511991852\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.update.os.10.13.1Supplemental.17B1003.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1512023587.64908", - "path": "/System/Library/Receipts/com.apple.pkg.update.os.10.13.1Supplemental.17B1003.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.update.os.10.13.1Supplemental.17B1003", + "path": "/System/Library/Receipts/com.apple.pkg.update.os.10.13.1Supplemental.17B1003.plist", "version": "1.0.0.0.1.1511991852" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1512023587.64908\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.update.os.10.13.1Supplemental.17B1003\",\"path\":\"/System/Library/Receipts/com.apple.pkg.update.os.10.13.1Supplemental.17B1003.plist\",\"version\":\"1.0.0.0.1.1511991852\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513375530.57119\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.DevSDK_macOS1013_Public\",\"path\":\"/System/Library/Receipts/com.apple.pkg.DevSDK_macOS1013_Public.plist\",\"version\":\"9.2.0.0.1.1510905681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.DevSDK_macOS1013_Public.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513375530.57119", - "path": "/System/Library/Receipts/com.apple.pkg.DevSDK_macOS1013_Public.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.DevSDK_macOS1013_Public", + "path": "/System/Library/Receipts/com.apple.pkg.DevSDK_macOS1013_Public.plist", "version": "9.2.0.0.1.1510905681" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513375530.57119\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.DevSDK_macOS1013_Public\",\"path\":\"/System/Library/Receipts/com.apple.pkg.DevSDK_macOS1013_Public.plist\",\"version\":\"9.2.0.0.1.1510905681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879267.80516\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0637_AppleLoopsDrummerKyle\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0637_AppleLoopsDrummerKyle.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0637_AppleLoopsDrummerKyle.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879267.80516", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0637_AppleLoopsDrummerKyle.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0637_AppleLoopsDrummerKyle", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0637_AppleLoopsDrummerKyle.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879267.80516\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0637_AppleLoopsDrummerKyle\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0637_AppleLoopsDrummerKyle.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879243.79271\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0593_DrummerSoCalGBLogic\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0593_DrummerSoCalGBLogic.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0593_DrummerSoCalGBLogic.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879243.79271", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0593_DrummerSoCalGBLogic.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0593_DrummerSoCalGBLogic", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0593_DrummerSoCalGBLogic.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879243.79271\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0593_DrummerSoCalGBLogic\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0593_DrummerSoCalGBLogic.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513375530.51445\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CLTools_Executables\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CLTools_Executables.plist\",\"version\":\"9.2.0.0.1.1510905681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.CLTools_Executables.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513375530.51445", - "path": "/System/Library/Receipts/com.apple.pkg.CLTools_Executables.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.CLTools_Executables", + "path": "/System/Library/Receipts/com.apple.pkg.CLTools_Executables.plist", "version": "9.2.0.0.1.1510905681" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513375530.51445\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CLTools_Executables\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CLTools_Executables.plist\",\"version\":\"9.2.0.0.1.1510905681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509225790.33753\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1300\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1300.plist\",\"version\":\"133.1.1509129443\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1300.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1509225790.33753", - "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1300.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.GatekeeperConfigData.16U1300", + "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1300.plist", "version": "133.1.1509129443" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509225790.33753\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1300\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1300.plist\",\"version\":\"133.1.1509129443\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510301091.63554\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.OSXSDK10.13\",\"path\":\"/System/Library/Receipts/com.apple.pkg.OSXSDK10.13.plist\",\"version\":\"10.13.2.1.1.1510298875\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.OSXSDK10.13.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1510301091.63554", - "path": "/System/Library/Receipts/com.apple.pkg.OSXSDK10.13.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.OSXSDK10.13", + "path": "/System/Library/Receipts/com.apple.pkg.OSXSDK10.13.plist", "version": "10.13.2.1.1.1510298875" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510301091.63554\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.OSXSDK10.13\",\"path\":\"/System/Library/Receipts/com.apple.pkg.OSXSDK10.13.plist\",\"version\":\"10.13.2.1.1.1510298875\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1501008644.05831\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.OSXSDK10.12\",\"path\":\"/System/Library/Receipts/com.apple.pkg.OSXSDK10.12.plist\",\"version\":\"10.12.4.1.1.1488873123\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.OSXSDK10.12.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1501008644.05831", - "path": "/System/Library/Receipts/com.apple.pkg.OSXSDK10.12.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.OSXSDK10.12", + "path": "/System/Library/Receipts/com.apple.pkg.OSXSDK10.12.plist", "version": "10.12.4.1.1.1488873123" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1501008644.05831\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.OSXSDK10.12\",\"path\":\"/System/Library/Receipts/com.apple.pkg.OSXSDK10.12.plist\",\"version\":\"10.12.4.1.1.1488873123\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509312333.54984\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XProtectPlistConfigData.16U4018\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4018.plist\",\"version\":\"2095.1.1507929101\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4018.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1509312333.54984", - "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4018.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.XProtectPlistConfigData.16U4018", + "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4018.plist", "version": "2095.1.1507929101" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509312333.54984\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XProtectPlistConfigData.16U4018\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4018.plist\",\"version\":\"2095.1.1507929101\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1512130853.82711\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XProtectPlistConfigData.16U4024\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4024.plist\",\"version\":\"2097.1.1511987349\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4024.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1512130853.82711", - "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4024.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.XProtectPlistConfigData.16U4024", + "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4024.plist", "version": "2097.1.1511987349" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1512130853.82711\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XProtectPlistConfigData.16U4024\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4024.plist\",\"version\":\"2097.1.1511987349\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505400359.71237\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1249\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1249.plist\",\"version\":\"128.1.1505251340\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1249.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1505400359.71237", - "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1249.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.GatekeeperConfigData.16U1249", + "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1249.plist", "version": "128.1.1505251340" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505400359.71237\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1249\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1249.plist\",\"version\":\"128.1.1505251340\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1506193074.24893\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1259\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1259.plist\",\"version\":\"130.1.1506040683\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1259.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1506193074.24893", - "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1259.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.GatekeeperConfigData.16U1259", + "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1259.plist", "version": "130.1.1506040683" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1506193074.24893\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1259\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1259.plist\",\"version\":\"130.1.1506040683\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1507215453.69388\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1265\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1265.plist\",\"version\":\"131.1.1507060241\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1265.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1507215453.69388", - "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1265.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.GatekeeperConfigData.16U1265", + "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1265.plist", "version": "131.1.1507060241" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1507215453.69388\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1265\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1265.plist\",\"version\":\"131.1.1507060241\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879137.43891\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0317_AppleLoopsModernRnB1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0317_AppleLoopsModernRnB1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0317_AppleLoopsModernRnB1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879137.43891", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0317_AppleLoopsModernRnB1.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0317_AppleLoopsModernRnB1", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0317_AppleLoopsModernRnB1.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879137.43891\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0317_AppleLoopsModernRnB1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0317_AppleLoopsModernRnB1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879208.33479\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0537_DrummerShaker\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0537_DrummerShaker.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0537_DrummerShaker.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879208.33479", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0537_DrummerShaker.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0537_DrummerShaker", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0537_DrummerShaker.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879208.33479\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0537_DrummerShaker\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0537_DrummerShaker.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879184.4033\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0482_EXS_OrchWoodwindAltoSax\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0482_EXS_OrchWoodwindAltoSax.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0482_EXS_OrchWoodwindAltoSax.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879184.4033", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0482_EXS_OrchWoodwindAltoSax.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0482_EXS_OrchWoodwindAltoSax", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0482_EXS_OrchWoodwindAltoSax.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879184.4033\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0482_EXS_OrchWoodwindAltoSax\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0482_EXS_OrchWoodwindAltoSax.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513375531.86038\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CLTools_SDK_OSX1012\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CLTools_SDK_OSX1012.plist\",\"version\":\"9.2.0.0.1.1510905681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.CLTools_SDK_OSX1012.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513375531.86038", - "path": "/System/Library/Receipts/com.apple.pkg.CLTools_SDK_OSX1012.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.CLTools_SDK_OSX1012", + "path": "/System/Library/Receipts/com.apple.pkg.CLTools_SDK_OSX1012.plist", "version": "9.2.0.0.1.1510905681" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513375531.86038\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CLTools_SDK_OSX1012\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CLTools_SDK_OSX1012.plist\",\"version\":\"9.2.0.0.1.1510905681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510301068.77776\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.DevSDK\",\"path\":\"/System/Library/Receipts/com.apple.pkg.DevSDK.plist\",\"version\":\"10.13.2.1.1.1510298875\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.DevSDK.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1510301068.77776", - "path": "/System/Library/Receipts/com.apple.pkg.DevSDK.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.DevSDK", + "path": "/System/Library/Receipts/com.apple.pkg.DevSDK.plist", "version": "10.13.2.1.1.1510298875" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510301068.77776\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.DevSDK\",\"path\":\"/System/Library/Receipts/com.apple.pkg.DevSDK.plist\",\"version\":\"10.13.2.1.1.1510298875\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510411442.47067\",\"installer_name\":\"macOS Installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.EmbeddedOSFirmware\",\"path\":\"/System/Library/Receipts/com.apple.pkg.EmbeddedOSFirmware.plist\",\"version\":\"10.13.1.1.1.1508949364\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.EmbeddedOSFirmware.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1510411442.47067", - "path": "/System/Library/Receipts/com.apple.pkg.EmbeddedOSFirmware.plist", "installer_name": "macOS Installer", "location": "/", "package_id": "com.apple.pkg.EmbeddedOSFirmware", + "path": "/System/Library/Receipts/com.apple.pkg.EmbeddedOSFirmware.plist", "version": "10.13.1.1.1.1508949364" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510411442.47067\",\"installer_name\":\"macOS Installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.EmbeddedOSFirmware\",\"path\":\"/System/Library/Receipts/com.apple.pkg.EmbeddedOSFirmware.plist\",\"version\":\"10.13.1.1.1.1508949364\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510071797.87494\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XProtectPlistConfigData.16U4022\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4022.plist\",\"version\":\"2096.1.1509498616\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4022.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1510071797.87494", - "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4022.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.XProtectPlistConfigData.16U4022", + "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4022.plist", "version": "2096.1.1509498616" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510071797.87494\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XProtectPlistConfigData.16U4022\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4022.plist\",\"version\":\"2096.1.1509498616\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879111.6283\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0048_AlchemyPadsDigitalHolyGhost\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0048_AlchemyPadsDigitalHolyGhost.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0048_AlchemyPadsDigitalHolyGhost.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879111.6283", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0048_AlchemyPadsDigitalHolyGhost.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0048_AlchemyPadsDigitalHolyGhost", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0048_AlchemyPadsDigitalHolyGhost.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879111.6283\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0048_AlchemyPadsDigitalHolyGhost\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0048_AlchemyPadsDigitalHolyGhost.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513375531.0064\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CLTools_SDK_macOSSDK\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CLTools_SDK_macOSSDK.plist\",\"version\":\"9.2.0.0.1.1510905681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.CLTools_SDK_macOSSDK.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513375531.0064", - "path": "/System/Library/Receipts/com.apple.pkg.CLTools_SDK_macOSSDK.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.CLTools_SDK_macOSSDK", + "path": "/System/Library/Receipts/com.apple.pkg.CLTools_SDK_macOSSDK.plist", "version": "9.2.0.0.1.1510905681" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513375531.0064\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CLTools_SDK_macOSSDK\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CLTools_SDK_macOSSDK.plist\",\"version\":\"9.2.0.0.1.1510905681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503479731.13723\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CustomVoice_en_GB_arthur\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CustomVoice_en_GB_arthur.plist\",\"version\":\"3.0.0.0.1.1477707868\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.CustomVoice_en_GB_arthur.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1503479731.13723", - "path": "/System/Library/Receipts/com.apple.pkg.CustomVoice_en_GB_arthur.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.CustomVoice_en_GB_arthur", + "path": "/System/Library/Receipts/com.apple.pkg.CustomVoice_en_GB_arthur.plist", "version": "3.0.0.0.1.1477707868" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503479731.13723\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CustomVoice_en_GB_arthur\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CustomVoice_en_GB_arthur.plist\",\"version\":\"3.0.0.0.1.1477707868\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879215.12584\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0539_DrummerTambourine\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0539_DrummerTambourine.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0539_DrummerTambourine.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879215.12584", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0539_DrummerTambourine.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0539_DrummerTambourine", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0539_DrummerTambourine.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879215.12584\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0539_DrummerTambourine\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0539_DrummerTambourine.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510411441.80431\",\"installer_name\":\"macOS Installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.update.os.10.13.1AutoPatch.17B48\",\"path\":\"/System/Library/Receipts/com.apple.pkg.update.os.10.13.1AutoPatch.17B48.plist\",\"version\":\"1.0.0.0.1.1508949364\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.update.os.10.13.1AutoPatch.17B48.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1510411441.80431", - "path": "/System/Library/Receipts/com.apple.pkg.update.os.10.13.1AutoPatch.17B48.plist", "installer_name": "macOS Installer", "location": "/", "package_id": "com.apple.pkg.update.os.10.13.1AutoPatch.17B48", + "path": "/System/Library/Receipts/com.apple.pkg.update.os.10.13.1AutoPatch.17B48.plist", "version": "1.0.0.0.1.1508949364" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510411441.80431\",\"installer_name\":\"macOS Installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.update.os.10.13.1AutoPatch.17B48\",\"path\":\"/System/Library/Receipts/com.apple.pkg.update.os.10.13.1AutoPatch.17B48.plist\",\"version\":\"1.0.0.0.1.1508949364\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879150.9213\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0323_AppleLoopsVintageBreaks\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0323_AppleLoopsVintageBreaks.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0323_AppleLoopsVintageBreaks.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879150.9213", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0323_AppleLoopsVintageBreaks.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0323_AppleLoopsVintageBreaks", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0323_AppleLoopsVintageBreaks.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879150.9213\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0323_AppleLoopsVintageBreaks\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0323_AppleLoopsVintageBreaks.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879191.078\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0487_EXS_OrchWoodwindFluteSolo\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0487_EXS_OrchWoodwindFluteSolo.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0487_EXS_OrchWoodwindFluteSolo.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879191.078", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0487_EXS_OrchWoodwindFluteSolo.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0487_EXS_OrchWoodwindFluteSolo", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0487_EXS_OrchWoodwindFluteSolo.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879191.078\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0487_EXS_OrchWoodwindFluteSolo\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0487_EXS_OrchWoodwindFluteSolo.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879187.87841\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0484_EXS_OrchWoodwindClarinetSolo\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0484_EXS_OrchWoodwindClarinetSolo.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0484_EXS_OrchWoodwindClarinetSolo.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879187.87841", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0484_EXS_OrchWoodwindClarinetSolo.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0484_EXS_OrchWoodwindClarinetSolo", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0484_EXS_OrchWoodwindClarinetSolo.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879187.87841\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0484_EXS_OrchWoodwindClarinetSolo\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0484_EXS_OrchWoodwindClarinetSolo.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503995056.40913\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1216\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1216.plist\",\"version\":\"124.1.1503169391\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1216.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1503995056.40913", - "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1216.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.GatekeeperConfigData.16U1216", + "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1216.plist", "version": "124.1.1503169391" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503995056.40913\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1216\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1216.plist\",\"version\":\"124.1.1503169391\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879115.78492\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0310_UB_DrumMachineDesignerGB\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0310_UB_DrumMachineDesignerGB.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0310_UB_DrumMachineDesignerGB.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879115.78492", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0310_UB_DrumMachineDesignerGB.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0310_UB_DrumMachineDesignerGB", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0310_UB_DrumMachineDesignerGB.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879115.78492\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0310_UB_DrumMachineDesignerGB\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0310_UB_DrumMachineDesignerGB.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513611352.68456\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MobileDevice\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MobileDevice.plist\",\"version\":\"4.0.0.0.1.1511823945\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MobileDevice.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513611352.68456", - "path": "/System/Library/Receipts/com.apple.pkg.MobileDevice.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.MobileDevice", + "path": "/System/Library/Receipts/com.apple.pkg.MobileDevice.plist", "version": "4.0.0.0.1.1511823945" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513611352.68456\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MobileDevice\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MobileDevice.plist\",\"version\":\"4.0.0.0.1.1511823945\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879134.16247\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0316_AppleLoopsDubstep1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0316_AppleLoopsDubstep1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0316_AppleLoopsDubstep1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879134.16247", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0316_AppleLoopsDubstep1.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0316_AppleLoopsDubstep1", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0316_AppleLoopsDubstep1.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879134.16247\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0316_AppleLoopsDubstep1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0316_AppleLoopsDubstep1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879197.86786\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0491_EXS_OrchBrass\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0491_EXS_OrchBrass.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0491_EXS_OrchBrass.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879197.86786", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0491_EXS_OrchBrass.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0491_EXS_OrchBrass", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0491_EXS_OrchBrass.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879197.86786\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0491_EXS_OrchBrass\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0491_EXS_OrchBrass.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503482674.85198\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.iTunesX\",\"path\":\"/System/Library/Receipts/com.apple.pkg.iTunesX.plist\",\"version\":\"12.6.2.0.1.1501194485\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.iTunesX.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1503482674.85198", - "path": "/System/Library/Receipts/com.apple.pkg.iTunesX.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.iTunesX", + "path": "/System/Library/Receipts/com.apple.pkg.iTunesX.plist", "version": "12.6.2.0.1.1501194485" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503482674.85198\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.iTunesX\",\"path\":\"/System/Library/Receipts/com.apple.pkg.iTunesX.plist\",\"version\":\"12.6.2.0.1.1501194485\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879233.59599\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0560_LTPBasicPiano1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0560_LTPBasicPiano1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0560_LTPBasicPiano1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879233.59599", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0560_LTPBasicPiano1.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0560_LTPBasicPiano1", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0560_LTPBasicPiano1.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879233.59599\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0560_LTPBasicPiano1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0560_LTPBasicPiano1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513611352.66257\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CoreADI\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CoreADI.plist\",\"version\":\"2.9.2.0.1.1513139800\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.CoreADI.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513611352.66257", - "path": "/System/Library/Receipts/com.apple.pkg.CoreADI.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.CoreADI", + "path": "/System/Library/Receipts/com.apple.pkg.CoreADI.plist", "version": "2.9.2.0.1.1513139800" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513611352.66257\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CoreADI\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CoreADI.plist\",\"version\":\"2.9.2.0.1.1513139800\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879130.55795\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0315_AppleLoopsElectroHouse1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0315_AppleLoopsElectroHouse1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0315_AppleLoopsElectroHouse1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879130.55795", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0315_AppleLoopsElectroHouse1.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0315_AppleLoopsElectroHouse1", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0315_AppleLoopsElectroHouse1.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879130.55795\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0315_AppleLoopsElectroHouse1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0315_AppleLoopsElectroHouse1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879147.50543\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0322_AppleLoopsDiscoFunk1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0322_AppleLoopsDiscoFunk1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0322_AppleLoopsDiscoFunk1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879147.50543", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0322_AppleLoopsDiscoFunk1.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0322_AppleLoopsDiscoFunk1", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0322_AppleLoopsDiscoFunk1.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879147.50543\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0322_AppleLoopsDiscoFunk1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0322_AppleLoopsDiscoFunk1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879247.03937\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0597_LTPChordTrainer\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0597_LTPChordTrainer.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0597_LTPChordTrainer.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879247.03937", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0597_LTPChordTrainer.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0597_LTPChordTrainer", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0597_LTPChordTrainer.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879247.03937\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0597_LTPChordTrainer\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0597_LTPChordTrainer.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879218.02518\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0540_PlugInSettingsGB\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0540_PlugInSettingsGB.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0540_PlugInSettingsGB.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879218.02518", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0540_PlugInSettingsGB.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0540_PlugInSettingsGB", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0540_PlugInSettingsGB.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879218.02518\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0540_PlugInSettingsGB\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0540_PlugInSettingsGB.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879180.62745\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0375_EXS_GuitarsVintageStrat\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0375_EXS_GuitarsVintageStrat.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0375_EXS_GuitarsVintageStrat.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879180.62745", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0375_EXS_GuitarsVintageStrat.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0375_EXS_GuitarsVintageStrat", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0375_EXS_GuitarsVintageStrat.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879180.62745\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0375_EXS_GuitarsVintageStrat\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0375_EXS_GuitarsVintageStrat.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509312597.38247\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CustomVoiceUpdate_en_GB_arthur.16U1181\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CustomVoiceUpdate_en_GB_arthur.16U1181.plist\",\"version\":\"3.0.0.0.1.1501349317\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.CustomVoiceUpdate_en_GB_arthur.16U1181.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1509312597.38247", - "path": "/System/Library/Receipts/com.apple.pkg.CustomVoiceUpdate_en_GB_arthur.16U1181.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.CustomVoiceUpdate_en_GB_arthur.16U1181", + "path": "/System/Library/Receipts/com.apple.pkg.CustomVoiceUpdate_en_GB_arthur.16U1181.plist", "version": "3.0.0.0.1.1501349317" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509312597.38247\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CustomVoiceUpdate_en_GB_arthur.16U1181\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CustomVoiceUpdate_en_GB_arthur.16U1181.plist\",\"version\":\"3.0.0.0.1.1501349317\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513375531.85839\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CLTools_SDK_macOS1013\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CLTools_SDK_macOS1013.plist\",\"version\":\"9.2.0.0.1.1510905681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.CLTools_SDK_macOS1013.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513375531.85839", - "path": "/System/Library/Receipts/com.apple.pkg.CLTools_SDK_macOS1013.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.CLTools_SDK_macOS1013", + "path": "/System/Library/Receipts/com.apple.pkg.CLTools_SDK_macOS1013.plist", "version": "9.2.0.0.1.1510905681" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513375531.85839\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CLTools_SDK_macOS1013\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CLTools_SDK_macOS1013.plist\",\"version\":\"9.2.0.0.1.1510905681\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879264.39953\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0615_GBLogicAlchemyEssentials\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0615_GBLogicAlchemyEssentials.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0615_GBLogicAlchemyEssentials.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879264.39953", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0615_GBLogicAlchemyEssentials.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0615_GBLogicAlchemyEssentials", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0615_GBLogicAlchemyEssentials.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879264.39953\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0615_GBLogicAlchemyEssentials\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0615_GBLogicAlchemyEssentials.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505496947.84057\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.ChineseWordlistUpdate.16U1232\",\"path\":\"/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.16U1232.plist\",\"version\":\"5.40.1.1504640044\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.16U1232.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1505496947.84057", - "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.16U1232.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.ChineseWordlistUpdate.16U1232", + "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.16U1232.plist", "version": "5.40.1.1504640044" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505496947.84057\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.ChineseWordlistUpdate.16U1232\",\"path\":\"/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.16U1232.plist\",\"version\":\"5.40.1.1504640044\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879201.93161\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0509_EXS_StringsEnsemble\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0509_EXS_StringsEnsemble.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0509_EXS_StringsEnsemble.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879201.93161", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0509_EXS_StringsEnsemble.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0509_EXS_StringsEnsemble", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0509_EXS_StringsEnsemble.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879201.93161\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0509_EXS_StringsEnsemble\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0509_EXS_StringsEnsemble.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879154.2288\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0324_AppleLoopsBluesGarage\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0324_AppleLoopsBluesGarage.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0324_AppleLoopsBluesGarage.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879154.2288", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0324_AppleLoopsBluesGarage.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0324_AppleLoopsBluesGarage", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0324_AppleLoopsBluesGarage.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, - "rule": { - "name": "pack_it-compliance_package_receipts" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879154.2288\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0324_AppleLoopsBluesGarage\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0324_AppleLoopsBluesGarage.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "rule": { + "name": "pack_it-compliance_package_receipts" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879126.56325\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0314_AppleLoopsHipHop1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0314_AppleLoopsHipHop1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0314_AppleLoopsHipHop1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879126.56325", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0314_AppleLoopsHipHop1.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0314_AppleLoopsHipHop1", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0314_AppleLoopsHipHop1.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879126.56325\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0314_AppleLoopsHipHop1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0314_AppleLoopsHipHop1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513611352.5974\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.iTunesXPatch\",\"path\":\"/System/Library/Receipts/com.apple.pkg.iTunesXPatch.plist\",\"version\":\"12.7.2.0.1.1513139800\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.iTunesXPatch.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513611352.5974", - "path": "/System/Library/Receipts/com.apple.pkg.iTunesXPatch.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.iTunesXPatch", + "path": "/System/Library/Receipts/com.apple.pkg.iTunesXPatch.plist", "version": "12.7.2.0.1.1513139800" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513611352.5974\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.iTunesXPatch\",\"path\":\"/System/Library/Receipts/com.apple.pkg.iTunesXPatch.plist\",\"version\":\"12.7.2.0.1.1513139800\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879222.08556\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0541_PlugInSettingsGBLogic\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0541_PlugInSettingsGBLogic.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0541_PlugInSettingsGBLogic.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879222.08556", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0541_PlugInSettingsGBLogic.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0541_PlugInSettingsGBLogic", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0541_PlugInSettingsGBLogic.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879222.08556\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0541_PlugInSettingsGBLogic\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0541_PlugInSettingsGBLogic.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879157.37076\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0325_AppleLoopsGarageBand1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0325_AppleLoopsGarageBand1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0325_AppleLoopsGarageBand1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879157.37076", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0325_AppleLoopsGarageBand1.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0325_AppleLoopsGarageBand1", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0325_AppleLoopsGarageBand1.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879157.37076\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0325_AppleLoopsGarageBand1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0325_AppleLoopsGarageBand1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504707489.99525\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.ChineseWordlistUpdate.16U1223\",\"path\":\"/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.16U1223.plist\",\"version\":\"5.38.1.1503948225\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.16U1223.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1504707489.99525", - "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.16U1223.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.ChineseWordlistUpdate.16U1223", + "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.16U1223.plist", "version": "5.38.1.1503948225" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504707489.99525\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.ChineseWordlistUpdate.16U1223\",\"path\":\"/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.16U1223.plist\",\"version\":\"5.38.1.1503948225\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879176.25808\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0371_EXS_GuitarsAcoustic\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0371_EXS_GuitarsAcoustic.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0371_EXS_GuitarsAcoustic.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879176.25808", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0371_EXS_GuitarsAcoustic.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0371_EXS_GuitarsAcoustic", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0371_EXS_GuitarsAcoustic.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879176.25808\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0371_EXS_GuitarsAcoustic\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0371_EXS_GuitarsAcoustic.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510301094.47665\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XcodeCustomerContent\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XcodeCustomerContent.plist\",\"version\":\"10.13.2.1.1.1510298875\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.XcodeCustomerContent.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1510301094.47665", - "path": "/System/Library/Receipts/com.apple.pkg.XcodeCustomerContent.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.XcodeCustomerContent", + "path": "/System/Library/Receipts/com.apple.pkg.XcodeCustomerContent.plist", "version": "10.13.2.1.1.1510298875" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510301094.47665\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XcodeCustomerContent\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XcodeCustomerContent.plist\",\"version\":\"10.13.2.1.1.1510298875\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879119.98717\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0312_UB_UltrabeatKitsGBLogic\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0312_UB_UltrabeatKitsGBLogic.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0312_UB_UltrabeatKitsGBLogic.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879119.98717", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0312_UB_UltrabeatKitsGBLogic.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0312_UB_UltrabeatKitsGBLogic", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0312_UB_UltrabeatKitsGBLogic.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879119.98717\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0312_UB_UltrabeatKitsGBLogic\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0312_UB_UltrabeatKitsGBLogic.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879272.00655\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0646_AppleLoopsDrummerElectronic\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0646_AppleLoopsDrummerElectronic.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0646_AppleLoopsDrummerElectronic.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879272.00655", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0646_AppleLoopsDrummerElectronic.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0646_AppleLoopsDrummerElectronic", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0646_AppleLoopsDrummerElectronic.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879272.00655\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0646_AppleLoopsDrummerElectronic\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0646_AppleLoopsDrummerElectronic.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879255.99167\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0598_LTPBasicGuitar1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0598_LTPBasicGuitar1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0598_LTPBasicGuitar1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879255.99167", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0598_LTPBasicGuitar1.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0598_LTPBasicGuitar1", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0598_LTPBasicGuitar1.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879255.99167\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0598_LTPBasicGuitar1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0598_LTPBasicGuitar1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504371710.59536\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1230\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1230.plist\",\"version\":\"126.1.1504213593\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1230.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1504371710.59536", - "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1230.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.GatekeeperConfigData.16U1230", + "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1230.plist", "version": "126.1.1504213593" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504371710.59536\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1230\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1230.plist\",\"version\":\"126.1.1504213593\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504131217.26574\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1225\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1225.plist\",\"version\":\"125.1.1503964594\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1225.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1504131217.26574", - "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1225.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.GatekeeperConfigData.16U1225", + "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1225.plist", "version": "125.1.1503964594" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504131217.26574\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1225\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1225.plist\",\"version\":\"125.1.1503964594\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879165.38129\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0354_EXS_PianoSteinway\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0354_EXS_PianoSteinway.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0354_EXS_PianoSteinway.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879165.38129", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0354_EXS_PianoSteinway.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0354_EXS_PianoSteinway", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0354_EXS_PianoSteinway.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879165.38129\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0354_EXS_PianoSteinway\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0354_EXS_PianoSteinway.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509312575.10467\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MRTConfigData.16U4020\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4020.plist\",\"version\":\"1.24.1.1508537438\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4020.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1509312575.10467", - "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4020.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.MRTConfigData.16U4020", + "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4020.plist", "version": "1.24.1.1508537438" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509312575.10467\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MRTConfigData.16U4020\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4020.plist\",\"version\":\"1.24.1.1508537438\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1508335525.11883\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1295\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1295.plist\",\"version\":\"132.1.1508264227\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1295.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1508335525.11883", - "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1295.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.GatekeeperConfigData.16U1295", + "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1295.plist", "version": "132.1.1508264227" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1508335525.11883\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1295\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1295.plist\",\"version\":\"132.1.1508264227\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509311610.89176\",\"installer_name\":\"macOS Installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.OSX_10_13_IncompatibleAppList.16U1088\",\"path\":\"/System/Library/Receipts/com.apple.pkg.OSX_10_13_IncompatibleAppList.16U1088.plist\",\"version\":\"1.0.0.0.1.1494623615\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.OSX_10_13_IncompatibleAppList.16U1088.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1509311610.89176", - "path": "/System/Library/Receipts/com.apple.pkg.OSX_10_13_IncompatibleAppList.16U1088.plist", "installer_name": "macOS Installer", "location": "/", "package_id": "com.apple.pkg.OSX_10_13_IncompatibleAppList.16U1088", + "path": "/System/Library/Receipts/com.apple.pkg.OSX_10_13_IncompatibleAppList.16U1088.plist", "version": "1.0.0.0.1.1494623615" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509311610.89176\",\"installer_name\":\"macOS Installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.OSX_10_13_IncompatibleAppList.16U1088\",\"path\":\"/System/Library/Receipts/com.apple.pkg.OSX_10_13_IncompatibleAppList.16U1088.plist\",\"version\":\"1.0.0.0.1.1494623615\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879144.2237\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0321_AppleLoopsIndieDisco\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0321_AppleLoopsIndieDisco.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0321_AppleLoopsIndieDisco.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879144.2237", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0321_AppleLoopsIndieDisco.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0321_AppleLoopsIndieDisco", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0321_AppleLoopsIndieDisco.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879144.2237\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0321_AppleLoopsIndieDisco\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0321_AppleLoopsIndieDisco.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510071830.6072\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MRTConfigData.16U4021\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4021.plist\",\"version\":\"1.25.1.1509493453\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4021.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1510071830.6072", - "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4021.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.MRTConfigData.16U4021", + "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4021.plist", "version": "1.25.1.1509493453" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510071830.6072\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MRTConfigData.16U4021\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4021.plist\",\"version\":\"1.25.1.1509493453\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879211.33902\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0538_DrummerSticks\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0538_DrummerSticks.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0538_DrummerSticks.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879211.33902", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0538_DrummerSticks.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0538_DrummerSticks", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0538_DrummerSticks.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879211.33902\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0538_DrummerSticks\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0538_DrummerSticks.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879172.67696\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0358_EXS_BassElectricFingerStyle\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0358_EXS_BassElectricFingerStyle.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0358_EXS_BassElectricFingerStyle.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879172.67696", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0358_EXS_BassElectricFingerStyle.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0358_EXS_BassElectricFingerStyle", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0358_EXS_BassElectricFingerStyle.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879172.67696\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0358_EXS_BassElectricFingerStyle\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0358_EXS_BassElectricFingerStyle.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1512130888.70614\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MRTConfigData.16U4023\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4023.plist\",\"version\":\"1.26.1.1511985145\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4023.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1512130888.70614", - "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4023.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.MRTConfigData.16U4023", + "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4023.plist", "version": "1.26.1.1511985145" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1512130888.70614\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MRTConfigData.16U4023\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4023.plist\",\"version\":\"1.26.1.1511985145\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509268584.47187\",\"installer_name\":\"softwareupdated\",\"location\":\"Applications\",\"package_id\":\"com.apple.pkg.InstallAssistantAuto\",\"path\":\"/System/Library/Receipts/com.apple.pkg.InstallAssistantAuto.plist\",\"version\":\"13.0.66.1.1507010516\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.InstallAssistantAuto.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1509268584.47187", - "path": "/System/Library/Receipts/com.apple.pkg.InstallAssistantAuto.plist", "installer_name": "softwareupdated", "location": "Applications", "package_id": "com.apple.pkg.InstallAssistantAuto", + "path": "/System/Library/Receipts/com.apple.pkg.InstallAssistantAuto.plist", "version": "13.0.66.1.1507010516" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509268584.47187\",\"installer_name\":\"softwareupdated\",\"location\":\"Applications\",\"package_id\":\"com.apple.pkg.InstallAssistantAuto\",\"path\":\"/System/Library/Receipts/com.apple.pkg.InstallAssistantAuto.plist\",\"version\":\"13.0.66.1.1507010516\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513611352.65401\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.iTunesAccess\",\"path\":\"/System/Library/Receipts/com.apple.pkg.iTunesAccess.plist\",\"version\":\"12.7.2.0.1.1513139800\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.iTunesAccess.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513611352.65401", - "path": "/System/Library/Receipts/com.apple.pkg.iTunesAccess.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.iTunesAccess", + "path": "/System/Library/Receipts/com.apple.pkg.iTunesAccess.plist", "version": "12.7.2.0.1.1513139800" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513611352.65401\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.iTunesAccess\",\"path\":\"/System/Library/Receipts/com.apple.pkg.iTunesAccess.plist\",\"version\":\"12.7.2.0.1.1513139800\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503995053.75571\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XProtectPlistConfigData.16U4011\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4011.plist\",\"version\":\"1.0.0.0.1.1503519540\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4011.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1503995053.75571", - "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4011.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.XProtectPlistConfigData.16U4011", + "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4011.plist", "version": "1.0.0.0.1.1503519540" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503995053.75571\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XProtectPlistConfigData.16U4011\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4011.plist\",\"version\":\"1.0.0.0.1.1503519540\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879225.93832\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0554_AppleLoopsDiscoFunk2\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0554_AppleLoopsDiscoFunk2.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0554_AppleLoopsDiscoFunk2.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879225.93832", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0554_AppleLoopsDiscoFunk2.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0554_AppleLoopsDiscoFunk2", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0554_AppleLoopsDiscoFunk2.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879225.93832\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0554_AppleLoopsDiscoFunk2\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0554_AppleLoopsDiscoFunk2.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879204.97441\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0536_DrummerClapsCowbell\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0536_DrummerClapsCowbell.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0536_DrummerClapsCowbell.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879204.97441", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0536_DrummerClapsCowbell.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0536_DrummerClapsCowbell", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0536_DrummerClapsCowbell.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879204.97441\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0536_DrummerClapsCowbell\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0536_DrummerClapsCowbell.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1512687738.0157\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1325\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1325.plist\",\"version\":\"134.1.1512523276\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1325.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1512687738.0157", - "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1325.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.GatekeeperConfigData.16U1325", + "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1325.plist", "version": "134.1.1512523276" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1512687738.0157\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1325\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1325.plist\",\"version\":\"134.1.1512523276\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510411442.25964\",\"installer_name\":\"macOS Installer\",\"location\":\"/\",\"package_id\":\"com.apple.update.fullbundleupdate.17B48\",\"path\":\"/System/Library/Receipts/com.apple.update.fullbundleupdate.17B48.plist\",\"version\":\"1.0.0.0.1.1508949364\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.update.fullbundleupdate.17B48.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1510411442.25964", - "path": "/System/Library/Receipts/com.apple.update.fullbundleupdate.17B48.plist", "installer_name": "macOS Installer", "location": "/", "package_id": "com.apple.update.fullbundleupdate.17B48", + "path": "/System/Library/Receipts/com.apple.update.fullbundleupdate.17B48.plist", "version": "1.0.0.0.1.1508949364" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1510411442.25964\",\"installer_name\":\"macOS Installer\",\"location\":\"/\",\"package_id\":\"com.apple.update.fullbundleupdate.17B48\",\"path\":\"/System/Library/Receipts/com.apple.update.fullbundleupdate.17B48.plist\",\"version\":\"1.0.0.0.1.1508949364\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503482674.80896\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.RemoteDesktopClient\",\"path\":\"/System/Library/Receipts/com.apple.pkg.RemoteDesktopClient.plist\",\"version\":\"3.9.3.0.1.1497319096\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.RemoteDesktopClient.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1503482674.80896", - "path": "/System/Library/Receipts/com.apple.pkg.RemoteDesktopClient.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.RemoteDesktopClient", + "path": "/System/Library/Receipts/com.apple.pkg.RemoteDesktopClient.plist", "version": "3.9.3.0.1.1497319096" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503482674.80896\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.RemoteDesktopClient\",\"path\":\"/System/Library/Receipts/com.apple.pkg.RemoteDesktopClient.plist\",\"version\":\"3.9.3.0.1.1497319096\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509311470.13739\",\"installer_name\":\"macOS Installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Core\",\"path\":\"/System/Library/Receipts/com.apple.pkg.Core.plist\",\"version\":\"10.13.0.1.1.1507010516\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.Core.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1509311470.13739", - "path": "/System/Library/Receipts/com.apple.pkg.Core.plist", "installer_name": "macOS Installer", "location": "/", "package_id": "com.apple.pkg.Core", + "path": "/System/Library/Receipts/com.apple.pkg.Core.plist", "version": "10.13.0.1.1.1507010516" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509311470.13739\",\"installer_name\":\"macOS Installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Core\",\"path\":\"/System/Library/Receipts/com.apple.pkg.Core.plist\",\"version\":\"10.13.0.1.1.1507010516\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503995054.89161\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.ChineseWordlistUpdate.14U1364\",\"path\":\"/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.14U1364.plist\",\"version\":\"5.36.1.1502831345\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.14U1364.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1503995054.89161", - "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.14U1364.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.ChineseWordlistUpdate.14U1364", + "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.14U1364.plist", "version": "5.36.1.1502831345" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1503995054.89161\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.ChineseWordlistUpdate.14U1364\",\"path\":\"/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.14U1364.plist\",\"version\":\"5.36.1.1502831345\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1512239479.76443\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MRTConfigData.16U4025\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4025.plist\",\"version\":\"1.27.1.1512179201\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4025.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1512239479.76443", - "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4025.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.MRTConfigData.16U4025", + "path": "/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4025.plist", "version": "1.27.1.1512179201" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1512239479.76443\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MRTConfigData.16U4025\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MRTConfigData.16U4025.plist\",\"version\":\"1.27.1.1512179201\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505917915.81377\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1253\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1253.plist\",\"version\":\"129.1.1505519035\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1253.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1505917915.81377", - "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1253.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.GatekeeperConfigData.16U1253", + "path": "/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1253.plist", "version": "129.1.1505519035" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505917915.81377\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GatekeeperConfigData.16U1253\",\"path\":\"/System/Library/Receipts/com.apple.pkg.GatekeeperConfigData.16U1253.plist\",\"version\":\"129.1.1505519035\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513611352.65842\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CoreFP\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CoreFP.plist\",\"version\":\"2.13.16.0.1.1513139800\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.CoreFP.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513611352.65842", - "path": "/System/Library/Receipts/com.apple.pkg.CoreFP.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.CoreFP", + "path": "/System/Library/Receipts/com.apple.pkg.CoreFP.plist", "version": "2.13.16.0.1.1513139800" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513611352.65842\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.CoreFP\",\"path\":\"/System/Library/Receipts/com.apple.pkg.CoreFP.plist\",\"version\":\"2.13.16.0.1.1513139800\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1507005424.3698\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XProtectPlistConfigData.16U4016\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4016.plist\",\"version\":\"2095.1.1506638589\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4016.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1507005424.3698", - "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4016.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.XProtectPlistConfigData.16U4016", + "path": "/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4016.plist", "version": "2095.1.1506638589" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1507005424.3698\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.XProtectPlistConfigData.16U4016\",\"path\":\"/System/Library/Receipts/com.apple.pkg.XProtectPlistConfigData.16U4016.plist\",\"version\":\"2095.1.1506638589\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879168.96812\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0357_EXS_BassAcousticUprightJazz\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0357_EXS_BassAcousticUprightJazz.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0357_EXS_BassAcousticUprightJazz.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879168.96812", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0357_EXS_BassAcousticUprightJazz.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0357_EXS_BassAcousticUprightJazz", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0357_EXS_BassAcousticUprightJazz.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879168.96812\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0357_EXS_BassAcousticUprightJazz\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0357_EXS_BassAcousticUprightJazz.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879141.30072\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0320_AppleLoopsChillwave1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0320_AppleLoopsChillwave1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0320_AppleLoopsChillwave1.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496879141.30072", - "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0320_AppleLoopsChillwave1.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MAContent10_AssetPack_0320_AppleLoopsChillwave1", + "path": "/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0320_AppleLoopsChillwave1.plist", "version": "2.0.0.0.1.1495046341" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496879141.30072\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MAContent10_AssetPack_0320_AppleLoopsChillwave1\",\"path\":\"/System/Library/Receipts/com.apple.pkg.MAContent10_AssetPack_0320_AppleLoopsChillwave1.plist\",\"version\":\"2.0.0.0.1.1495046341\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504131215.34596\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.ChineseWordlistUpdate.14U1365\",\"path\":\"/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.14U1365.plist\",\"version\":\"5.37.1.1503451194\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.14U1365.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1504131215.34596", - "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.14U1365.plist", "installer_name": "softwareupdated", "location": "/", "package_id": "com.apple.pkg.ChineseWordlistUpdate.14U1365", + "path": "/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.14U1365.plist", "version": "5.37.1.1503451194" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504131215.34596\",\"installer_name\":\"softwareupdated\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.ChineseWordlistUpdate.14U1365\",\"path\":\"/System/Library/Receipts/com.apple.pkg.ChineseWordlistUpdate.14U1365.plist\",\"version\":\"5.37.1.1503451194\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.12421\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.gpgmail13.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.gpgmail13.pkg.plist\",\"version\":\"1271b (4060831)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.gpgmail13.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.12421", - "path": "/private/var/db/receipts/org.gpgtools.gpgmail13.pkg.plist", "installer_name": "installer", "package_id": "org.gpgtools.gpgmail13.pkg", + "path": "/private/var/db/receipts/org.gpgtools.gpgmail13.pkg.plist", "version": "1271b (4060831)" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.12421\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.gpgmail13.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.gpgmail13.pkg.plist\",\"version\":\"1271b (4060831)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504522132.67535\",\"installer_name\":\"installer\",\"location\":\"Library/Application Support/VirtualBox\",\"package_id\":\"org.virtualbox.pkg.vboxkexts\",\"path\":\"/private/var/db/receipts/org.virtualbox.pkg.vboxkexts.plist\",\"version\":\"5.1.26\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.virtualbox.pkg.vboxkexts.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1504522132.67535", - "path": "/private/var/db/receipts/org.virtualbox.pkg.vboxkexts.plist", "installer_name": "installer", "location": "Library/Application Support/VirtualBox", "package_id": "org.virtualbox.pkg.vboxkexts", + "path": "/private/var/db/receipts/org.virtualbox.pkg.vboxkexts.plist", "version": "5.1.26" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504522132.67535\",\"installer_name\":\"installer\",\"location\":\"Library/Application Support/VirtualBox\",\"package_id\":\"org.virtualbox.pkg.vboxkexts\",\"path\":\"/private/var/db/receipts/org.virtualbox.pkg.vboxkexts.plist\",\"version\":\"5.1.26\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.13289\",\"installer_name\":\"installer\",\"location\":\"private/tmp/org.gpgtools/gka_install\",\"package_id\":\"org.gpgtools.gpgkeychain.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.gpgkeychain.pkg.plist\",\"version\":\"1403 (128637e)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.gpgkeychain.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.13289", - "path": "/private/var/db/receipts/org.gpgtools.gpgkeychain.pkg.plist", "installer_name": "installer", "location": "private/tmp/org.gpgtools/gka_install", "package_id": "org.gpgtools.gpgkeychain.pkg", + "path": "/private/var/db/receipts/org.gpgtools.gpgkeychain.pkg.plist", "version": "1403 (128637e)" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.13289\",\"installer_name\":\"installer\",\"location\":\"private/tmp/org.gpgtools/gka_install\",\"package_id\":\"org.gpgtools.gpgkeychain.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.gpgkeychain.pkg.plist\",\"version\":\"1403 (128637e)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.15327\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.checkprivatekey.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.checkprivatekey.pkg.plist\",\"version\":\"1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.checkprivatekey.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.15327", - "path": "/private/var/db/receipts/org.gpgtools.checkprivatekey.pkg.plist", "installer_name": "installer", "package_id": "org.gpgtools.checkprivatekey.pkg", + "path": "/private/var/db/receipts/org.gpgtools.checkprivatekey.pkg.plist", "version": "1.1" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.15327\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.checkprivatekey.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.checkprivatekey.pkg.plist\",\"version\":\"1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1500104649.15371\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MobileAssets\",\"path\":\"/private/var/db/receipts/com.apple.pkg.MobileAssets.plist\",\"version\":\"1.0.0.0.1.1500089887\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.apple.pkg.MobileAssets.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1500104649.15371", - "path": "/private/var/db/receipts/com.apple.pkg.MobileAssets.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.MobileAssets", + "path": "/private/var/db/receipts/com.apple.pkg.MobileAssets.plist", "version": "1.0.0.0.1.1500089887" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1500104649.15371\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.MobileAssets\",\"path\":\"/private/var/db/receipts/com.apple.pkg.MobileAssets.plist\",\"version\":\"1.0.0.0.1.1500089887\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504522708.54406\",\"installer_name\":\"installer\",\"location\":\"Library/Internet Plug-Ins/JavaAppletPlugin.plugin\",\"package_id\":\"com.oracle.jre\",\"path\":\"/private/var/db/receipts/com.oracle.jre.plist\",\"version\":\"1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.oracle.jre.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1504522708.54406", - "path": "/private/var/db/receipts/com.oracle.jre.plist", "installer_name": "installer", "location": "Library/Internet Plug-Ins/JavaAppletPlugin.plugin", "package_id": "com.oracle.jre", + "path": "/private/var/db/receipts/com.oracle.jre.plist", "version": "1.1" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504522708.54406\",\"installer_name\":\"installer\",\"location\":\"Library/Internet Plug-Ins/JavaAppletPlugin.plugin\",\"package_id\":\"com.oracle.jre\",\"path\":\"/private/var/db/receipts/com.oracle.jre.plist\",\"version\":\"1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514455396.62002\",\"installer_name\":\"Installer\",\"location\":\"/\",\"package_id\":\"com.facebook.osquery\",\"path\":\"/private/var/db/receipts/com.facebook.osquery.plist\",\"version\":\"2.11.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.facebook.osquery.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514455396.62002", - "path": "/private/var/db/receipts/com.facebook.osquery.plist", "installer_name": "Installer", "location": "/", "package_id": "com.facebook.osquery", + "path": "/private/var/db/receipts/com.facebook.osquery.plist", "version": "2.11.0" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514455396.62002\",\"installer_name\":\"Installer\",\"location\":\"/\",\"package_id\":\"com.facebook.osquery\",\"path\":\"/private/var/db/receipts/com.facebook.osquery.plist\",\"version\":\"2.11.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.14799\",\"installer_name\":\"installer\",\"location\":\"private/tmp/org.gpgtools/pinentry_install\",\"package_id\":\"org.gpgtools.pinentry.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.pinentry.pkg.plist\",\"version\":\"9 (db18340)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.pinentry.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.14799", - "path": "/private/var/db/receipts/org.gpgtools.pinentry.pkg.plist", "installer_name": "installer", "location": "private/tmp/org.gpgtools/pinentry_install", "package_id": "org.gpgtools.pinentry.pkg", + "path": "/private/var/db/receipts/org.gpgtools.pinentry.pkg.plist", "version": "9 (db18340)" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.14799\",\"installer_name\":\"installer\",\"location\":\"private/tmp/org.gpgtools/pinentry_install\",\"package_id\":\"org.gpgtools.pinentry.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.pinentry.pkg.plist\",\"version\":\"9 (db18340)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504522132.67707\",\"installer_name\":\"installer\",\"location\":\"Applications/\",\"package_id\":\"org.virtualbox.pkg.virtualbox\",\"path\":\"/private/var/db/receipts/org.virtualbox.pkg.virtualbox.plist\",\"version\":\"5.1.26\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.virtualbox.pkg.virtualbox.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1504522132.67707", - "path": "/private/var/db/receipts/org.virtualbox.pkg.virtualbox.plist", "installer_name": "installer", "location": "Applications/", "package_id": "org.virtualbox.pkg.virtualbox", + "path": "/private/var/db/receipts/org.virtualbox.pkg.virtualbox.plist", "version": "5.1.26" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504522132.67707\",\"installer_name\":\"installer\",\"location\":\"Applications/\",\"package_id\":\"org.virtualbox.pkg.virtualbox\",\"path\":\"/private/var/db/receipts/org.virtualbox.pkg.virtualbox.plist\",\"version\":\"5.1.26\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509006869.85029\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.gpgmail12.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.gpgmail12.pkg.plist\",\"version\":\"1242 (4272b15)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.gpgmail12.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1509006869.85029", - "path": "/private/var/db/receipts/org.gpgtools.gpgmail12.pkg.plist", "installer_name": "installer", "package_id": "org.gpgtools.gpgmail12.pkg", + "path": "/private/var/db/receipts/org.gpgtools.gpgmail12.pkg.plist", "version": "1242 (4272b15)" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509006869.85029\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.gpgmail12.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.gpgmail12.pkg.plist\",\"version\":\"1242 (4272b15)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504522132.68342\",\"installer_name\":\"installer\",\"location\":\"usr/local/bin\",\"package_id\":\"org.virtualbox.pkg.virtualboxcli\",\"path\":\"/private/var/db/receipts/org.virtualbox.pkg.virtualboxcli.plist\",\"version\":\"5.1.26\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.virtualbox.pkg.virtualboxcli.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1504522132.68342", - "path": "/private/var/db/receipts/org.virtualbox.pkg.virtualboxcli.plist", "installer_name": "installer", "location": "usr/local/bin", "package_id": "org.virtualbox.pkg.virtualboxcli", + "path": "/private/var/db/receipts/org.virtualbox.pkg.virtualboxcli.plist", "version": "5.1.26" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504522132.68342\",\"installer_name\":\"installer\",\"location\":\"usr/local/bin\",\"package_id\":\"org.virtualbox.pkg.virtualboxcli\",\"path\":\"/private/var/db/receipts/org.virtualbox.pkg.virtualboxcli.plist\",\"version\":\"5.1.26\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509638859.44491\",\"installer_name\":\"storedownloadd\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.iMovie_AppStore\",\"path\":\"/private/var/db/receipts/com.apple.pkg.iMovie_AppStore.plist\",\"version\":\"10.1.8.0.1.1508201826\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.apple.pkg.iMovie_AppStore.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1509638859.44491", - "path": "/private/var/db/receipts/com.apple.pkg.iMovie_AppStore.plist", "installer_name": "storedownloadd", "location": "/", "package_id": "com.apple.pkg.iMovie_AppStore", + "path": "/private/var/db/receipts/com.apple.pkg.iMovie_AppStore.plist", "version": "10.1.8.0.1.1508201826" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1509638859.44491\",\"installer_name\":\"storedownloadd\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.iMovie_AppStore\",\"path\":\"/private/var/db/receipts/com.apple.pkg.iMovie_AppStore.plist\",\"version\":\"10.1.8.0.1.1508201826\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505921948.90912\",\"installer_name\":\"storedownloadd\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Keynote7\",\"path\":\"/private/var/db/receipts/com.apple.pkg.Keynote7.plist\",\"version\":\"7.3.0.0.1.1505167966\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.apple.pkg.Keynote7.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1505921948.90912", - "path": "/private/var/db/receipts/com.apple.pkg.Keynote7.plist", "installer_name": "storedownloadd", "location": "/", "package_id": "com.apple.pkg.Keynote7", + "path": "/private/var/db/receipts/com.apple.pkg.Keynote7.plist", "version": "7.3.0.0.1.1505167966" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505921948.90912\",\"installer_name\":\"storedownloadd\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Keynote7\",\"path\":\"/private/var/db/receipts/com.apple.pkg.Keynote7.plist\",\"version\":\"7.3.0.0.1.1505167966\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504090163.37681\",\"installer_name\":\"installer\",\"location\":\"opt/vagrant\",\"package_id\":\"com.vagrant.vagrant\",\"path\":\"/private/var/db/receipts/com.vagrant.vagrant.plist\",\"version\":\"1.9.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.vagrant.vagrant.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1504090163.37681", - "path": "/private/var/db/receipts/com.vagrant.vagrant.plist", "installer_name": "installer", "location": "opt/vagrant", "package_id": "com.vagrant.vagrant", + "path": "/private/var/db/receipts/com.vagrant.vagrant.plist", "version": "1.9.8" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504090163.37681\",\"installer_name\":\"installer\",\"location\":\"opt/vagrant\",\"package_id\":\"com.vagrant.vagrant\",\"path\":\"/private/var/db/receipts/com.vagrant.vagrant.plist\",\"version\":\"1.9.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.1202\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.libmacgpg.xpc.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.libmacgpg.xpc.pkg.plist\",\"version\":\"829 (943132e)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.libmacgpg.xpc.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.1202", - "path": "/private/var/db/receipts/org.gpgtools.libmacgpg.xpc.pkg.plist", "installer_name": "installer", "package_id": "org.gpgtools.libmacgpg.xpc.pkg", + "path": "/private/var/db/receipts/org.gpgtools.libmacgpg.xpc.pkg.plist", "version": "829 (943132e)" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.1202\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.libmacgpg.xpc.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.libmacgpg.xpc.pkg.plist\",\"version\":\"829 (943132e)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513271612.86796\",\"installer_name\":\"storedownloadd\",\"location\":\"Applications\",\"package_id\":\"com.lastpass.LastPass\",\"path\":\"/private/var/db/receipts/com.lastpass.LastPass.plist\",\"version\":\"3.25.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.lastpass.LastPass.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1513271612.86796", - "path": "/private/var/db/receipts/com.lastpass.LastPass.plist", "installer_name": "storedownloadd", "location": "Applications", "package_id": "com.lastpass.LastPass", + "path": "/private/var/db/receipts/com.lastpass.LastPass.plist", "version": "3.25.0" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1513271612.86796\",\"installer_name\":\"storedownloadd\",\"location\":\"Applications\",\"package_id\":\"com.lastpass.LastPass\",\"path\":\"/private/var/db/receipts/com.lastpass.LastPass.plist\",\"version\":\"3.25.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505921868.50393\",\"installer_name\":\"storedownloadd\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Pages6\",\"path\":\"/private/var/db/receipts/com.apple.pkg.Pages6.plist\",\"version\":\"6.3.0.0.1.1505167966\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.apple.pkg.Pages6.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1505921868.50393", - "path": "/private/var/db/receipts/com.apple.pkg.Pages6.plist", "installer_name": "storedownloadd", "location": "/", "package_id": "com.apple.pkg.Pages6", + "path": "/private/var/db/receipts/com.apple.pkg.Pages6.plist", "version": "6.3.0.0.1.1505167966" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505921868.50393\",\"installer_name\":\"storedownloadd\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Pages6\",\"path\":\"/private/var/db/receipts/com.apple.pkg.Pages6.plist\",\"version\":\"6.3.0.0.1.1505167966\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.1355\",\"installer_name\":\"installer\",\"location\":\"private/tmp/org.gpgtools/gpgpreferences_install\",\"package_id\":\"org.gpgtools.gpgpreferences.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.gpgpreferences.pkg.plist\",\"version\":\"993 (05eb1a6)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.gpgpreferences.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.1355", - "path": "/private/var/db/receipts/org.gpgtools.gpgpreferences.pkg.plist", "installer_name": "installer", "location": "private/tmp/org.gpgtools/gpgpreferences_install", "package_id": "org.gpgtools.gpgpreferences.pkg", + "path": "/private/var/db/receipts/org.gpgtools.gpgpreferences.pkg.plist", "version": "993 (05eb1a6)" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.1355\",\"installer_name\":\"installer\",\"location\":\"private/tmp/org.gpgtools/gpgpreferences_install\",\"package_id\":\"org.gpgtools.gpgpreferences.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.gpgpreferences.pkg.plist\",\"version\":\"993 (05eb1a6)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.14937\",\"installer_name\":\"installer\",\"location\":\"Library/Application Support/GPGTools\",\"package_id\":\"org.gpgtools.pkg.version\",\"path\":\"/private/var/db/receipts/org.gpgtools.pkg.version.plist\",\"version\":\"1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.pkg.version.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.14937", - "path": "/private/var/db/receipts/org.gpgtools.pkg.version.plist", "installer_name": "installer", "location": "Library/Application Support/GPGTools", "package_id": "org.gpgtools.pkg.version", + "path": "/private/var/db/receipts/org.gpgtools.pkg.version.plist", "version": "1.0" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.14937\",\"installer_name\":\"installer\",\"location\":\"Library/Application Support/GPGTools\",\"package_id\":\"org.gpgtools.pkg.version\",\"path\":\"/private/var/db/receipts/org.gpgtools.pkg.version.plist\",\"version\":\"1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1506590245.25339\",\"installer_name\":\"storedownloadd\",\"location\":\"Applications\",\"package_id\":\"com.microsoft.rdc.mac\",\"path\":\"/private/var/db/receipts/com.microsoft.rdc.mac.plist\",\"version\":\"8.0.27325\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.microsoft.rdc.mac.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1506590245.25339", - "path": "/private/var/db/receipts/com.microsoft.rdc.mac.plist", "installer_name": "storedownloadd", "location": "Applications", "package_id": "com.microsoft.rdc.mac", + "path": "/private/var/db/receipts/com.microsoft.rdc.mac.plist", "version": "8.0.27325" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1506590245.25339\",\"installer_name\":\"storedownloadd\",\"location\":\"Applications\",\"package_id\":\"com.microsoft.rdc.mac\",\"path\":\"/private/var/db/receipts/com.microsoft.rdc.mac.plist\",\"version\":\"8.0.27325\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.13712\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.macgpg2.1.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.macgpg2.1.pkg.plist\",\"version\":\"900 (cead4f9)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.macgpg2.1.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.13712", - "path": "/private/var/db/receipts/org.gpgtools.macgpg2.1.pkg.plist", "installer_name": "installer", "package_id": "org.gpgtools.macgpg2.1.pkg", + "path": "/private/var/db/receipts/org.gpgtools.macgpg2.1.pkg.plist", "version": "900 (cead4f9)" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.13712\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.macgpg2.1.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.macgpg2.1.pkg.plist\",\"version\":\"900 (cead4f9)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.11762\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.pkg.preinstall\",\"path\":\"/private/var/db/receipts/org.gpgtools.pkg.preinstall.plist\",\"version\":\"1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.pkg.preinstall.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.11762", - "path": "/private/var/db/receipts/org.gpgtools.pkg.preinstall.plist", "installer_name": "installer", "package_id": "org.gpgtools.pkg.preinstall", + "path": "/private/var/db/receipts/org.gpgtools.pkg.preinstall.plist", "version": "1.0" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.11762\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.pkg.preinstall\",\"path\":\"/private/var/db/receipts/org.gpgtools.pkg.preinstall.plist\",\"version\":\"1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505921789.1335\",\"installer_name\":\"storedownloadd\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Numbers4\",\"path\":\"/private/var/db/receipts/com.apple.pkg.Numbers4.plist\",\"version\":\"4.3.0.0.1.1505167966\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.apple.pkg.Numbers4.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1505921789.1335", - "path": "/private/var/db/receipts/com.apple.pkg.Numbers4.plist", "installer_name": "storedownloadd", "location": "/", "package_id": "com.apple.pkg.Numbers4", + "path": "/private/var/db/receipts/com.apple.pkg.Numbers4.plist", "version": "4.3.0.0.1.1505167966" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1505921789.1335\",\"installer_name\":\"storedownloadd\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Numbers4\",\"path\":\"/private/var/db/receipts/com.apple.pkg.Numbers4.plist\",\"version\":\"4.3.0.0.1.1505167966\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504522708.51809\",\"installer_name\":\"installer\",\"location\":\"Library/Java/JavaVirtualMachines/jdk1.8.0_144.jdk\",\"package_id\":\"com.oracle.jdk8u144\",\"path\":\"/private/var/db/receipts/com.oracle.jdk8u144.plist\",\"version\":\"1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/com.oracle.jdk8u144.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1504522708.51809", - "path": "/private/var/db/receipts/com.oracle.jdk8u144.plist", "installer_name": "installer", "location": "Library/Java/JavaVirtualMachines/jdk1.8.0_144.jdk", "package_id": "com.oracle.jdk8u144", + "path": "/private/var/db/receipts/com.oracle.jdk8u144.plist", "version": "1.1" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1504522708.51809\",\"installer_name\":\"installer\",\"location\":\"Library/Java/JavaVirtualMachines/jdk1.8.0_144.jdk\",\"package_id\":\"com.oracle.jdk8u144\",\"path\":\"/private/var/db/receipts/com.oracle.jdk8u144.plist\",\"version\":\"1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.15091\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.key\",\"path\":\"/private/var/db/receipts/org.gpgtools.key.plist\",\"version\":\"1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.key.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.15091", - "path": "/private/var/db/receipts/org.gpgtools.key.plist", "installer_name": "installer", "package_id": "org.gpgtools.key", + "path": "/private/var/db/receipts/org.gpgtools.key.plist", "version": "1.1" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.15091\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.key\",\"path\":\"/private/var/db/receipts/org.gpgtools.key.plist\",\"version\":\"1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.14163\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.updater.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.updater.pkg.plist\",\"version\":\"50 (9658b70)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.updater.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.14163", - "path": "/private/var/db/receipts/org.gpgtools.updater.pkg.plist", "installer_name": "installer", "package_id": "org.gpgtools.updater.pkg", + "path": "/private/var/db/receipts/org.gpgtools.updater.pkg.plist", "version": "50 (9658b70)" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.14163\",\"installer_name\":\"installer\",\"location\":\"\",\"package_id\":\"org.gpgtools.updater.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.updater.pkg.plist\",\"version\":\"50 (9658b70)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.13103\",\"installer_name\":\"installer\",\"location\":\"private/tmp/org.gpgtools/gpgservices_install\",\"package_id\":\"org.gpgtools.gpgservices.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.gpgservices.pkg.plist\",\"version\":\"969 (e5438f7)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.gpgservices.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.13103", - "path": "/private/var/db/receipts/org.gpgtools.gpgservices.pkg.plist", "installer_name": "installer", "location": "private/tmp/org.gpgtools/gpgservices_install", "package_id": "org.gpgtools.gpgservices.pkg", + "path": "/private/var/db/receipts/org.gpgtools.gpgservices.pkg.plist", "version": "969 (e5438f7)" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.13103\",\"installer_name\":\"installer\",\"location\":\"private/tmp/org.gpgtools/gpgservices_install\",\"package_id\":\"org.gpgtools.gpgservices.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.gpgservices.pkg.plist\",\"version\":\"969 (e5438f7)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.11854\",\"installer_name\":\"installer\",\"location\":\"Library/Frameworks\",\"package_id\":\"org.gpgtools.libmacgpgB.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.libmacgpgB.pkg.plist\",\"version\":\"829 (943132e)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/private/var/db/receipts/org.gpgtools.libmacgpgB.pkg.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1514201750.11854", - "path": "/private/var/db/receipts/org.gpgtools.libmacgpgB.pkg.plist", "installer_name": "installer", "location": "Library/Frameworks", "package_id": "org.gpgtools.libmacgpgB.pkg", + "path": "/private/var/db/receipts/org.gpgtools.libmacgpgB.pkg.plist", "version": "829 (943132e)" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1514201750.11854\",\"installer_name\":\"installer\",\"location\":\"Library/Frameworks\",\"package_id\":\"org.gpgtools.libmacgpgB.pkg\",\"path\":\"/private/var/db/receipts/org.gpgtools.libmacgpgB.pkg.plist\",\"version\":\"829 (943132e)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496965223.71832\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.iMovie_AppStore\",\"path\":\"/Library/Receipts/com.apple.pkg.iMovie_AppStore.plist\",\"version\":\"10.1.6.0.1.1494300454\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/Library/Receipts/com.apple.pkg.iMovie_AppStore.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1496965223.71832", - "path": "/Library/Receipts/com.apple.pkg.iMovie_AppStore.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.iMovie_AppStore", + "path": "/Library/Receipts/com.apple.pkg.iMovie_AppStore.plist", "version": "10.1.6.0.1.1494300454" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1496965223.71832\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.iMovie_AppStore\",\"path\":\"/Library/Receipts/com.apple.pkg.iMovie_AppStore.plist\",\"version\":\"10.1.6.0.1.1494300454\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1493405135.48751\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Keynote7\",\"path\":\"/Library/Receipts/com.apple.pkg.Keynote7.plist\",\"version\":\"7.0.0.0.1.1341568473\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/Library/Receipts/com.apple.pkg.Keynote7.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1493405135.48751", - "path": "/Library/Receipts/com.apple.pkg.Keynote7.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.Keynote7", + "path": "/Library/Receipts/com.apple.pkg.Keynote7.plist", "version": "7.0.0.0.1.1341568473" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1493405135.48751\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Keynote7\",\"path\":\"/Library/Receipts/com.apple.pkg.Keynote7.plist\",\"version\":\"7.0.0.0.1.1341568473\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1499378252.66922\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GarageBand_AppStore\",\"path\":\"/Library/Receipts/com.apple.pkg.GarageBand_AppStore.plist\",\"version\":\"10.1.3.0.1.1496352025\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/Library/Receipts/com.apple.pkg.GarageBand_AppStore.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1499378252.66922", - "path": "/Library/Receipts/com.apple.pkg.GarageBand_AppStore.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.GarageBand_AppStore", + "path": "/Library/Receipts/com.apple.pkg.GarageBand_AppStore.plist", "version": "10.1.3.0.1.1496352025" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1499378252.66922\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.GarageBand_AppStore\",\"path\":\"/Library/Receipts/com.apple.pkg.GarageBand_AppStore.plist\",\"version\":\"10.1.3.0.1.1496352025\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1493405139.5853\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Pages6\",\"path\":\"/Library/Receipts/com.apple.pkg.Pages6.plist\",\"version\":\"6.0.0.0.1.1341568473\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/Library/Receipts/com.apple.pkg.Pages6.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1493405139.5853", - "path": "/Library/Receipts/com.apple.pkg.Pages6.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.Pages6", + "path": "/Library/Receipts/com.apple.pkg.Pages6.plist", "version": "6.0.0.0.1.1341568473" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1493405139.5853\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Pages6\",\"path\":\"/Library/Receipts/com.apple.pkg.Pages6.plist\",\"version\":\"6.0.0.0.1.1341568473\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1493405145.03036\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Numbers4\",\"path\":\"/Library/Receipts/com.apple.pkg.Numbers4.plist\",\"version\":\"4.0.0.0.1.1341568473\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, "file": { "path": "/Library/Receipts/com.apple.pkg.Numbers4.plist" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "install_time": "1493405145.03036", - "path": "/Library/Receipts/com.apple.pkg.Numbers4.plist", "installer_name": "installer", "location": "/", "package_id": "com.apple.pkg.Numbers4", + "path": "/Library/Receipts/com.apple.pkg.Numbers4.plist", "version": "4.0.0.0.1.1341568473" }, - "name": "pack_it-compliance_package_receipts", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_package_receipts", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_package_receipts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"install_time\":\"1493405145.03036\",\"installer_name\":\"installer\",\"location\":\"/\",\"package_id\":\"com.apple.pkg.Numbers4\",\"path\":\"/Library/Receipts/com.apple.pkg.Numbers4.plist\",\"version\":\"4.0.0.0.1.1341568473\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_package_receipts\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"sip\",\"enabled\":\"1\",\"enabled_nvram\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "config_flag": "sip", - "enabled_nvram": "1", - "enabled": "1" + "enabled": "1", + "enabled_nvram": "1" }, - "name": "pack_it-compliance_sip_config", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_sip_config", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_sip_config" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"sip\",\"enabled\":\"1\",\"enabled_nvram\":\"1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_apple_internal\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "config_flag": "allow_apple_internal", - "enabled_nvram": "0", - "enabled": "0" + "enabled": "0", + "enabled_nvram": "0" }, - "name": "pack_it-compliance_sip_config", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_sip_config", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_sip_config" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_apple_internal\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_device_configuration\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "config_flag": "allow_device_configuration", - "enabled_nvram": "0", - "enabled": "0" + "enabled": "0", + "enabled_nvram": "0" }, - "name": "pack_it-compliance_sip_config", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_sip_config", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_sip_config" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_device_configuration\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_kernel_debugger\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "config_flag": "allow_kernel_debugger", - "enabled_nvram": "0", - "enabled": "0" + "enabled": "0", + "enabled_nvram": "0" }, - "name": "pack_it-compliance_sip_config", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_sip_config", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_sip_config" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_kernel_debugger\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_task_for_pid\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "config_flag": "allow_task_for_pid", - "enabled_nvram": "0", - "enabled": "0" + "enabled": "0", + "enabled_nvram": "0" }, - "name": "pack_it-compliance_sip_config", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_sip_config", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_sip_config" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_task_for_pid\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_unrestricted_dtrace\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "config_flag": "allow_unrestricted_dtrace", - "enabled_nvram": "0", - "enabled": "0" + "enabled": "0", + "enabled_nvram": "0" }, - "name": "pack_it-compliance_sip_config", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_sip_config", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_sip_config" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_unrestricted_dtrace\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_unrestricted_fs\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "config_flag": "allow_unrestricted_fs", - "enabled_nvram": "0", - "enabled": "0" + "enabled": "0", + "enabled_nvram": "0" }, - "name": "pack_it-compliance_sip_config", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_sip_config", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_sip_config" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_unrestricted_fs\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_unrestricted_nvram\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "config_flag": "allow_unrestricted_nvram", - "enabled_nvram": "0", - "enabled": "0" + "enabled": "0", + "enabled_nvram": "0" }, - "name": "pack_it-compliance_sip_config", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_sip_config", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_sip_config" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_unrestricted_nvram\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_untrusted_kexts\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", "columns": { "config_flag": "allow_untrusted_kexts", - "enabled_nvram": "0", - "enabled": "0" + "enabled": "0", + "enabled_nvram": "0" }, - "name": "pack_it-compliance_sip_config", - "unix_time": "1514471995", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:55 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_sip_config", + "unix_time": "1514471995" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_sip_config" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:55 2017 UTC\",\"columns\":{\"config_flag\":\"allow_untrusted_kexts\",\"enabled\":\"0\",\"enabled_nvram\":\"0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_sip_config\",\"unixTime\":\"1514471995\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"allow_signed_enabled\":\"1\",\"firewall_unload\":\"0\",\"global_state\":\"0\",\"logging_enabled\":\"1\",\"logging_option\":\"0\",\"stealth_enabled\":\"0\",\"version\":\"1.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "logging_enabled": "1", - "firewall_unload": "0", - "stealth_enabled": "0", "allow_signed_enabled": "1", + "firewall_unload": "0", "global_state": "0", + "logging_enabled": "1", "logging_option": "0", + "stealth_enabled": "0", "version": "1.6" }, - "name": "pack_it-compliance_alf", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_alf", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_alf" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"allow_signed_enabled\":\"1\",\"firewall_unload\":\"0\",\"global_state\":\"0\",\"logging_enabled\":\"1\",\"logging_option\":\"0\",\"stealth_enabled\":\"0\",\"version\":\"1.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_alf\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"description\":\"Displays Java applet content, or a placeholder if Java is not installed.\",\"development_region\":\"English\",\"directory\":\"/var/root\",\"disabled\":\"0\",\"gid\":\"0\",\"gid_signed\":\"0\",\"identifier\":\"com.oracle.java.JavaAppletPlugin\",\"name\":\"Java Applet Plug-in\",\"native\":\"0\",\"path\":\"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/\",\"sdk\":\"\",\"shell\":\"/bin/sh\",\"uid\":\"0\",\"uid_signed\":\"0\",\"username\":\"root\",\"uuid\":\"FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000\",\"version\":\"Java 8 Update 144 build 01\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_browser_plugins\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/", - "uid": "0", + "directory": "/var/root", "gid": "0", - "directory": "/var/root" + "path": "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/", + "uid": "0" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "0", - "identifier": "com.oracle.java.JavaAppletPlugin", - "gid": "0", "description": "Displays Java applet content, or a placeholder if Java is not installed.", - "directory": "/var/root", - "uuid": "FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000", - "version": "Java 8 Update 144 build 01", "development_region": "English", - "path": "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/", - "uid": "0", + "directory": "/var/root", + "disabled": "0", + "gid": "0", + "gid_signed": "0", + "identifier": "com.oracle.java.JavaAppletPlugin", + "name": "Java Applet Plug-in", "native": "0", + "path": "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/", "shell": "/bin/sh", + "uid": "0", "uid_signed": "0", - "name": "Java Applet Plug-in", - "disabled": "0", - "username": "root" + "username": "root", + "uuid": "FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000", + "version": "Java 8 Update 144 build 01" }, - "name": "pack_it-compliance_browser_plugins", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_browser_plugins", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_browser_plugins" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"description\":\"Displays Java applet content, or a placeholder if Java is not installed.\",\"development_region\":\"English\",\"directory\":\"/var/root\",\"disabled\":\"0\",\"gid\":\"0\",\"gid_signed\":\"0\",\"identifier\":\"com.oracle.java.JavaAppletPlugin\",\"name\":\"Java Applet Plug-in\",\"native\":\"0\",\"path\":\"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/\",\"sdk\":\"\",\"shell\":\"/bin/sh\",\"uid\":\"0\",\"uid_signed\":\"0\",\"username\":\"root\",\"uuid\":\"FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000\",\"version\":\"Java 8 Update 144 build 01\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_browser_plugins\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"description\":\"LastPass Plugin\",\"development_region\":\"en-US\",\"directory\":\"/var/root\",\"disabled\":\"0\",\"gid\":\"0\",\"gid_signed\":\"0\",\"identifier\":\"com.lastpass.nplastpass\",\"name\":\"LastPass\",\"native\":\"0\",\"path\":\"/Library/Internet Plug-Ins/nplastpass.plugin/\",\"sdk\":\"7C1002\",\"shell\":\"/bin/sh\",\"uid\":\"0\",\"uid_signed\":\"0\",\"username\":\"root\",\"uuid\":\"FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000\",\"version\":\"4.1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_browser_plugins\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Library/Internet Plug-Ins/nplastpass.plugin/", - "uid": "0", + "directory": "/var/root", "gid": "0", - "directory": "/var/root" + "path": "/Library/Internet Plug-Ins/nplastpass.plugin/", + "uid": "0" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "0", - "identifier": "com.lastpass.nplastpass", - "gid": "0", "description": "LastPass Plugin", - "directory": "/var/root", - "uuid": "FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000", - "version": "4.1.2", "development_region": "en-US", - "path": "/Library/Internet Plug-Ins/nplastpass.plugin/", - "uid": "0", + "directory": "/var/root", + "disabled": "0", + "gid": "0", + "gid_signed": "0", + "identifier": "com.lastpass.nplastpass", + "name": "LastPass", "native": "0", + "path": "/Library/Internet Plug-Ins/nplastpass.plugin/", + "sdk": "7C1002", "shell": "/bin/sh", + "uid": "0", "uid_signed": "0", - "name": "LastPass", - "disabled": "0", - "sdk": "7C1002", - "username": "root" + "username": "root", + "uuid": "FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000", + "version": "4.1.2" }, - "name": "pack_it-compliance_browser_plugins", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_browser_plugins", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_browser_plugins" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "tsg" + } + }, + { + "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"description\":\"LastPass Plugin\",\"development_region\":\"en-US\",\"directory\":\"/var/root\",\"disabled\":\"0\",\"gid\":\"0\",\"gid_signed\":\"0\",\"identifier\":\"com.lastpass.nplastpass\",\"name\":\"LastPass\",\"native\":\"0\",\"path\":\"/Library/Internet Plug-Ins/nplastpass.plugin/\",\"sdk\":\"7C1002\",\"shell\":\"/bin/sh\",\"uid\":\"0\",\"uid_signed\":\"0\",\"username\":\"root\",\"uuid\":\"FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000\",\"version\":\"4.1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_browser_plugins\",\"unixTime\":\"1514471997\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"description\":\"The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the \\u003cA HREF=\\\"http://www.apple.com/quicktime\\\"\\u003eQuickTime\\u003c/A\\u003e Web site.\",\"development_region\":\"en_US\",\"directory\":\"/var/root\",\"disabled\":\"1\",\"gid\":\"0\",\"gid_signed\":\"0\",\"identifier\":\"com.apple.QuickTime Plugin.plugin\",\"name\":\"QuickTime Plug-in 7.7.3\",\"native\":\"0\",\"path\":\"/Library/Internet Plug-Ins/Disabled Plug-Ins/QuickTime Plugin.plugin/\",\"sdk\":\"\",\"shell\":\"/bin/sh\",\"uid\":\"0\",\"uid_signed\":\"0\",\"username\":\"root\",\"uuid\":\"FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000\",\"version\":\"7.7.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_browser_plugins\",\"unixTime\":\"1514471997\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-28T14:39:57.000Z", "file": { - "path": "/Library/Internet Plug-Ins/Disabled Plug-Ins/QuickTime Plugin.plugin/", - "uid": "0", + "directory": "/var/root", "gid": "0", - "directory": "/var/root" + "path": "/Library/Internet Plug-Ins/Disabled Plug-Ins/QuickTime Plugin.plugin/", + "uid": "0" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "0", - "identifier": "com.apple.QuickTime Plugin.plugin", - "gid": "0", "description": "The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the \u003cA HREF=\"http://www.apple.com/quicktime\"\u003eQuickTime\u003c/A\u003e Web site.", - "directory": "/var/root", - "uuid": "FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000", - "version": "7.7.3", "development_region": "en_US", - "path": "/Library/Internet Plug-Ins/Disabled Plug-Ins/QuickTime Plugin.plugin/", - "uid": "0", + "directory": "/var/root", + "disabled": "1", + "gid": "0", + "gid_signed": "0", + "identifier": "com.apple.QuickTime Plugin.plugin", + "name": "QuickTime Plug-in 7.7.3", "native": "0", + "path": "/Library/Internet Plug-Ins/Disabled Plug-Ins/QuickTime Plugin.plugin/", "shell": "/bin/sh", + "uid": "0", "uid_signed": "0", - "name": "QuickTime Plug-in 7.7.3", - "disabled": "1", - "username": "root" + "username": "root", + "uuid": "FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000", + "version": "7.7.3" }, - "name": "pack_it-compliance_browser_plugins", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_browser_plugins", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_browser_plugins" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"description\":\"The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the \\u003cA HREF=\\\"http://www.apple.com/quicktime\\\"\\u003eQuickTime\\u003c/A\\u003e Web site.\",\"development_region\":\"en_US\",\"directory\":\"/var/root\",\"disabled\":\"1\",\"gid\":\"0\",\"gid_signed\":\"0\",\"identifier\":\"com.apple.QuickTime Plugin.plugin\",\"name\":\"QuickTime Plug-in 7.7.3\",\"native\":\"0\",\"path\":\"/Library/Internet Plug-Ins/Disabled Plug-Ins/QuickTime Plugin.plugin/\",\"sdk\":\"\",\"shell\":\"/bin/sh\",\"uid\":\"0\",\"uid_signed\":\"0\",\"username\":\"root\",\"uuid\":\"FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000\",\"version\":\"7.7.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_browser_plugins\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"description\":\"zoom.us launcher plugin version 1.0\",\"development_region\":\"English\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"us.zoom.plugin\",\"name\":\"Zoom launcher - 3.0.1\",\"native\":\"0\",\"path\":\"/Users/tsg/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin/\",\"sdk\":\"7B1005\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"4.0.38982.0714\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_browser_plugins\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "us.zoom.plugin", - "gid": "20", "description": "zoom.us launcher plugin version 1.0", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "4.0.38982.0714", "development_region": "English", - "path": "/Users/tsg/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin/", - "uid": "501", + "directory": "/Users/tsg", + "disabled": "0", + "gid": "20", + "gid_signed": "20", + "identifier": "us.zoom.plugin", + "name": "Zoom launcher - 3.0.1", "native": "0", + "path": "/Users/tsg/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin/", + "sdk": "7B1005", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Zoom launcher - 3.0.1", - "disabled": "0", - "sdk": "7B1005", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "4.0.38982.0714" }, - "name": "pack_it-compliance_browser_plugins", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_browser_plugins", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_browser_plugins" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"description\":\"zoom.us launcher plugin version 1.0\",\"development_region\":\"English\",\"directory\":\"/Users/tsg\",\"disabled\":\"0\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"us.zoom.plugin\",\"name\":\"Zoom launcher - 3.0.1\",\"native\":\"0\",\"path\":\"/Users/tsg/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin/\",\"sdk\":\"7B1005\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"4.0.38982.0714\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_browser_plugins\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"View translations easily as you browse the web. By the Google Translate team.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"aapbdbdomjkkjkaonfhkkikfgjllcleb\",\"locale\":\"en\",\"name\":\"Google Translate\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aapbdbdomjkkjkaonfhkkikfgjllcleb/2.0.7_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.0.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aapbdbdomjkkjkaonfhkkikfgjllcleb/2.0.7_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aapbdbdomjkkjkaonfhkkikfgjllcleb/2.0.7_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "View translations easily as you browse the web. By the Google Translate team.", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "aapbdbdomjkkjkaonfhkkikfgjllcleb", - "gid": "20", - "description": "View translations easily as you browse the web. By the Google Translate team.", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "2.0.7", + "name": "Google Translate", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aapbdbdomjkkjkaonfhkkikfgjllcleb/2.0.7_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Google Translate", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "2.0.7" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"View translations easily as you browse the web. By the Google Translate team.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"aapbdbdomjkkjkaonfhkkikfgjllcleb\",\"locale\":\"en\",\"name\":\"Google Translate\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aapbdbdomjkkjkaonfhkkikfgjllcleb/2.0.7_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.0.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Create and edit presentations \",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"aapocclcgogkmnckokdopfmhonfmgoek\",\"locale\":\"en_US\",\"name\":\"Slides\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aapocclcgogkmnckokdopfmhonfmgoek/0.10_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"0.10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aapocclcgogkmnckokdopfmhonfmgoek/0.10_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aapocclcgogkmnckokdopfmhonfmgoek/0.10_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Create and edit presentations ", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "aapocclcgogkmnckokdopfmhonfmgoek", - "gid": "20", - "description": "Create and edit presentations ", "locale": "en_US", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "0.10", + "name": "Slides", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aapocclcgogkmnckokdopfmhonfmgoek/0.10_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Slides", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "0.10" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Create and edit presentations \",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"aapocclcgogkmnckokdopfmhonfmgoek\",\"locale\":\"en_US\",\"name\":\"Slides\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aapocclcgogkmnckokdopfmhonfmgoek/0.10_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"0.10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Open Source extension far beyond typical Screenshot Capturing: Save, Edit, Annotate, Print, and Share!\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"akgpcdalpfphjmfifkmfbpdmgdmeeaeo\",\"locale\":\"en\",\"name\":\"Screenshot Extension\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/akgpcdalpfphjmfifkmfbpdmgdmeeaeo/27.0_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"27.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/akgpcdalpfphjmfifkmfbpdmgdmeeaeo/27.0_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/akgpcdalpfphjmfifkmfbpdmgdmeeaeo/27.0_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Open Source extension far beyond typical Screenshot Capturing: Save, Edit, Annotate, Print, and Share!", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "akgpcdalpfphjmfifkmfbpdmgdmeeaeo", - "gid": "20", - "description": "Open Source extension far beyond typical Screenshot Capturing: Save, Edit, Annotate, Print, and Share!", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "27.0", + "name": "Screenshot Extension", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/akgpcdalpfphjmfifkmfbpdmgdmeeaeo/27.0_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Screenshot Extension", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "27.0" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Open Source extension far beyond typical Screenshot Capturing: Save, Edit, Annotate, Print, and Share!\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"akgpcdalpfphjmfifkmfbpdmgdmeeaeo\",\"locale\":\"en\",\"name\":\"Screenshot Extension\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/akgpcdalpfphjmfifkmfbpdmgdmeeaeo/27.0_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"27.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Create and edit documents \",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"aohghmighlieiainnegkcijnfilokake\",\"locale\":\"en_US\",\"name\":\"Docs\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aohghmighlieiainnegkcijnfilokake/0.10_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"0.10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aohghmighlieiainnegkcijnfilokake/0.10_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aohghmighlieiainnegkcijnfilokake/0.10_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Create and edit documents ", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "aohghmighlieiainnegkcijnfilokake", - "gid": "20", - "description": "Create and edit documents ", "locale": "en_US", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "0.10", + "name": "Docs", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aohghmighlieiainnegkcijnfilokake/0.10_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Docs", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "0.10" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Create and edit documents \",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"aohghmighlieiainnegkcijnfilokake\",\"locale\":\"en_US\",\"name\":\"Docs\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/aohghmighlieiainnegkcijnfilokake/0.10_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"0.10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Google Drive: create, share and keep all your stuff in one place.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"apdfllckaahabafndbhieahigkjlhalf\",\"locale\":\"en_US\",\"name\":\"Google Drive\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf/14.1_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"14.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf/14.1_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf/14.1_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Google Drive: create, share and keep all your stuff in one place.", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "apdfllckaahabafndbhieahigkjlhalf", - "gid": "20", - "description": "Google Drive: create, share and keep all your stuff in one place.", "locale": "en_US", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "14.1", + "name": "Google Drive", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf/14.1_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Google Drive", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "14.1" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Google Drive: create, share and keep all your stuff in one place.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"apdfllckaahabafndbhieahigkjlhalf\",\"locale\":\"en_US\",\"name\":\"Google Drive\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf/14.1_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"14.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"blpcfgokakmgnkcojhhkbfbldkacnbeo\",\"locale\":\"en\",\"name\":\"YouTube\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo/4.2.8_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"4.2.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo/4.2.8_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo/4.2.8_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "blpcfgokakmgnkcojhhkbfbldkacnbeo", - "gid": "20", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "4.2.8", + "name": "YouTube", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo/4.2.8_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "YouTube", "update_url": "http://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "4.2.8" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"blpcfgokakmgnkcojhhkbfbldkacnbeo\",\"locale\":\"en\",\"name\":\"YouTube\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo/4.2.8_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"4.2.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Gives GitHub IDE powers: jump to definition and hover tooltips in code, PRs, and diffs\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"dgjhfomjieaadpoljlnidmbgkdffpack\",\"locale\":\"\",\"name\":\"Sourcegraph for GitHub\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/dgjhfomjieaadpoljlnidmbgkdffpack/1.5.4_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.5.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/dgjhfomjieaadpoljlnidmbgkdffpack/1.5.4_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/dgjhfomjieaadpoljlnidmbgkdffpack/1.5.4_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "dgjhfomjieaadpoljlnidmbgkdffpack", - "gid": "20", "description": "Gives GitHub IDE powers: jump to definition and hover tooltips in code, PRs, and diffs", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.5.4", + "gid": "20", + "gid_signed": "20", + "identifier": "dgjhfomjieaadpoljlnidmbgkdffpack", + "name": "Sourcegraph for GitHub", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/dgjhfomjieaadpoljlnidmbgkdffpack/1.5.4_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Sourcegraph for GitHub", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.5.4" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Gives GitHub IDE powers: jump to definition and hover tooltips in code, PRs, and diffs\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"dgjhfomjieaadpoljlnidmbgkdffpack\",\"locale\":\"\",\"name\":\"Sourcegraph for GitHub\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/dgjhfomjieaadpoljlnidmbgkdffpack/1.5.4_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.5.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Manage and switch between multiple proxies quickly \\u0026 easily. Based on \\\"Proxy Switchy!\\\" \\u0026 \\\"SwitchyPlus\\\"\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"dpplabbmogkhghncfbfdeeokoefdjegm\",\"locale\":\"en\",\"name\":\"Proxy SwitchySharp\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/dpplabbmogkhghncfbfdeeokoefdjegm/1.10.6_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.10.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/dpplabbmogkhghncfbfdeeokoefdjegm/1.10.6_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/dpplabbmogkhghncfbfdeeokoefdjegm/1.10.6_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Manage and switch between multiple proxies quickly \u0026 easily. Based on \"Proxy Switchy!\" \u0026 \"SwitchyPlus\"", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "dpplabbmogkhghncfbfdeeokoefdjegm", - "gid": "20", - "description": "Manage and switch between multiple proxies quickly \u0026 easily. Based on \"Proxy Switchy!\" \u0026 \"SwitchyPlus\"", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.10.6", + "name": "Proxy SwitchySharp", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/dpplabbmogkhghncfbfdeeokoefdjegm/1.10.6_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Proxy SwitchySharp", "update_url": "http://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.10.6" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Manage and switch between multiple proxies quickly \\u0026 easily. Based on \\\"Proxy Switchy!\\\" \\u0026 \\\"SwitchyPlus\\\"\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"dpplabbmogkhghncfbfdeeokoefdjegm\",\"locale\":\"en\",\"name\":\"Proxy SwitchySharp\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/dpplabbmogkhghncfbfdeeokoefdjegm/1.10.6_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.10.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"__MSG_WEBSTORE_PRONGHORN_PRODUCT_NAME__\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"ejidjjhkpiempkbhmpbfngldlkglhimk\",\"locale\":\"en\",\"name\":\"__MSG_WEBSTORE_PRONGHORN_PRODUCT_NAME__\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ejidjjhkpiempkbhmpbfngldlkglhimk/1.20_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.20\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ejidjjhkpiempkbhmpbfngldlkglhimk/1.20_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ejidjjhkpiempkbhmpbfngldlkglhimk/1.20_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "__MSG_WEBSTORE_PRONGHORN_PRODUCT_NAME__", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "ejidjjhkpiempkbhmpbfngldlkglhimk", - "gid": "20", - "description": "__MSG_WEBSTORE_PRONGHORN_PRODUCT_NAME__", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.20", + "name": "__MSG_WEBSTORE_PRONGHORN_PRODUCT_NAME__", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ejidjjhkpiempkbhmpbfngldlkglhimk/1.20_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "__MSG_WEBSTORE_PRONGHORN_PRODUCT_NAME__", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.20" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"__MSG_WEBSTORE_PRONGHORN_PRODUCT_NAME__\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"ejidjjhkpiempkbhmpbfngldlkglhimk\",\"locale\":\"en\",\"name\":\"__MSG_WEBSTORE_PRONGHORN_PRODUCT_NAME__\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ejidjjhkpiempkbhmpbfngldlkglhimk/1.20_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.20\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Create and edit spreadsheets\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"felcaaldnbdncclmgdcncolpebgiejap\",\"locale\":\"en_US\",\"name\":\"Sheets\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/felcaaldnbdncclmgdcncolpebgiejap/1.2_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/felcaaldnbdncclmgdcncolpebgiejap/1.2_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/felcaaldnbdncclmgdcncolpebgiejap/1.2_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Create and edit spreadsheets", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "felcaaldnbdncclmgdcncolpebgiejap", - "gid": "20", - "description": "Create and edit spreadsheets", "locale": "en_US", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.2", + "name": "Sheets", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/felcaaldnbdncclmgdcncolpebgiejap/1.2_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Sheets", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.2" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Create and edit spreadsheets\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"felcaaldnbdncclmgdcncolpebgiejap\",\"locale\":\"en_US\",\"name\":\"Sheets\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/felcaaldnbdncclmgdcncolpebgiejap/1.2_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Get things done offline with the Google Docs family of products.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"ghbmnnjooekpmoecnnnilnnbdlolhkhi\",\"locale\":\"en_US\",\"name\":\"Google Docs Offline\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi/1.4_1/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi/1.4_1/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi/1.4_1/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Get things done offline with the Google Docs family of products.", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "ghbmnnjooekpmoecnnnilnnbdlolhkhi", - "gid": "20", - "description": "Get things done offline with the Google Docs family of products.", "locale": "en_US", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.4", + "name": "Google Docs Offline", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi/1.4_1/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Google Docs Offline", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.4" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Get things done offline with the Google Docs family of products.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"ghbmnnjooekpmoecnnnilnnbdlolhkhi\",\"locale\":\"en_US\",\"name\":\"Google Docs Offline\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi/1.4_1/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"Michael Gundlach\",\"description\":\"The most popular Chrome extension, with over 40 million users! Blocks ads all over the web.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"gighmmpiobklfepjocnamgkkbiglidom\",\"locale\":\"en_US\",\"name\":\"AdBlock\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/gighmmpiobklfepjocnamgkkbiglidom/3.22.1_0/\",\"persistent\":\"1\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"3.22.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/gighmmpiobklfepjocnamgkkbiglidom/3.22.1_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/gighmmpiobklfepjocnamgkkbiglidom/3.22.1_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "gighmmpiobklfepjocnamgkkbiglidom", - "gid": "20", "author": "Michael Gundlach", "description": "The most popular Chrome extension, with over 40 million users! Blocks ads all over the web.", - "locale": "en_US", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "3.22.1", + "gid": "20", + "gid_signed": "20", + "identifier": "gighmmpiobklfepjocnamgkkbiglidom", + "locale": "en_US", + "name": "AdBlock", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/gighmmpiobklfepjocnamgkkbiglidom/3.22.1_0/", - "uid": "501", + "persistent": "1", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "AdBlock", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "1", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "3.22.1" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"Michael Gundlach\",\"description\":\"The most popular Chrome extension, with over 40 million users! Blocks ads all over the web.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"gighmmpiobklfepjocnamgkkbiglidom\",\"locale\":\"en_US\",\"name\":\"AdBlock\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/gighmmpiobklfepjocnamgkkbiglidom/3.22.1_0/\",\"persistent\":\"1\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"3.22.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Take awesome screenshots of entire websites and capture page elements. No sign up. Offline. By Conceptboard\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"glgomjpomoahpeekneidkinhcfjnnhmb\",\"locale\":\"\",\"name\":\"Full Page Screenshot\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/glgomjpomoahpeekneidkinhcfjnnhmb/1.1.8_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/glgomjpomoahpeekneidkinhcfjnnhmb/1.1.8_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/glgomjpomoahpeekneidkinhcfjnnhmb/1.1.8_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "glgomjpomoahpeekneidkinhcfjnnhmb", - "gid": "20", "description": "Take awesome screenshots of entire websites and capture page elements. No sign up. Offline. By Conceptboard", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.1.8", + "gid": "20", + "gid_signed": "20", + "identifier": "glgomjpomoahpeekneidkinhcfjnnhmb", + "name": "Full Page Screenshot", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/glgomjpomoahpeekneidkinhcfjnnhmb/1.1.8_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Full Page Screenshot", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.1.8" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Take awesome screenshots of entire websites and capture page elements. No sign up. Offline. By Conceptboard\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"glgomjpomoahpeekneidkinhcfjnnhmb\",\"locale\":\"\",\"name\":\"Full Page Screenshot\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/glgomjpomoahpeekneidkinhcfjnnhmb/1.1.8_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"LastPass\",\"description\":\"LastPass, an award-winning password manager, saves your passwords and gives you secure access from every computer and mobile device.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"hdokiejnpimakedhajhdlcegeplioahd\",\"locale\":\"en_US\",\"name\":\"LastPass: Free Password Manager\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hdokiejnpimakedhajhdlcegeplioahd/4.3.0.5_0/\",\"persistent\":\"1\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"4.3.0.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hdokiejnpimakedhajhdlcegeplioahd/4.3.0.5_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hdokiejnpimakedhajhdlcegeplioahd/4.3.0.5_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "hdokiejnpimakedhajhdlcegeplioahd", - "gid": "20", "author": "LastPass", "description": "LastPass, an award-winning password manager, saves your passwords and gives you secure access from every computer and mobile device.", - "locale": "en_US", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "4.3.0.5", + "gid": "20", + "gid_signed": "20", + "identifier": "hdokiejnpimakedhajhdlcegeplioahd", + "locale": "en_US", + "name": "LastPass: Free Password Manager", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hdokiejnpimakedhajhdlcegeplioahd/4.3.0.5_0/", - "uid": "501", + "persistent": "1", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "LastPass: Free Password Manager", "update_url": "http://clients2.google.com/service/update2/crx", - "persistent": "1", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "4.3.0.5" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"LastPass\",\"description\":\"LastPass, an award-winning password manager, saves your passwords and gives you secure access from every computer and mobile device.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"hdokiejnpimakedhajhdlcegeplioahd\",\"locale\":\"en_US\",\"name\":\"LastPass: Free Password Manager\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hdokiejnpimakedhajhdlcegeplioahd/4.3.0.5_0/\",\"persistent\":\"1\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"4.3.0.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Shows LinkedIn profiles in your Gmail\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"hihakjfhbmlmjdnnhegiciffjplmdhin\",\"locale\":\"\",\"name\":\"Rapportive\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hihakjfhbmlmjdnnhegiciffjplmdhin/2.0.1_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hihakjfhbmlmjdnnhegiciffjplmdhin/2.0.1_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hihakjfhbmlmjdnnhegiciffjplmdhin/2.0.1_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "hihakjfhbmlmjdnnhegiciffjplmdhin", - "gid": "20", "description": "Shows LinkedIn profiles in your Gmail", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "2.0.1", + "gid": "20", + "gid_signed": "20", + "identifier": "hihakjfhbmlmjdnnhegiciffjplmdhin", + "name": "Rapportive", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hihakjfhbmlmjdnnhegiciffjplmdhin/2.0.1_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Rapportive", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "2.0.1" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Shows LinkedIn profiles in your Gmail\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"hihakjfhbmlmjdnnhegiciffjplmdhin\",\"locale\":\"\",\"name\":\"Rapportive\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hihakjfhbmlmjdnnhegiciffjplmdhin/2.0.1_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Quickly capture what's on your mind and share those thoughts with friends and family.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"hmjkmjkepdijhoojdojkdfohbdgmmhki\",\"locale\":\"en\",\"name\":\"Google Keep - notes and lists\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hmjkmjkepdijhoojdojkdfohbdgmmhki/3.1.17492.1198_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"3.1.17492.1198\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hmjkmjkepdijhoojdojkdfohbdgmmhki/3.1.17492.1198_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hmjkmjkepdijhoojdojkdfohbdgmmhki/3.1.17492.1198_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Quickly capture what's on your mind and share those thoughts with friends and family.", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "hmjkmjkepdijhoojdojkdfohbdgmmhki", - "gid": "20", - "description": "Quickly capture what's on your mind and share those thoughts with friends and family.", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "3.1.17492.1198", + "name": "Google Keep - notes and lists", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hmjkmjkepdijhoojdojkdfohbdgmmhki/3.1.17492.1198_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Google Keep - notes and lists", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "3.1.17492.1198" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Quickly capture what's on your mind and share those thoughts with friends and family.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"hmjkmjkepdijhoojdojkdfohbdgmmhki\",\"locale\":\"en\",\"name\":\"Google Keep - notes and lists\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/hmjkmjkepdijhoojdojkdfohbdgmmhki/3.1.17492.1198_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"3.1.17492.1198\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Extends the Developer Tools, adding tools for debugging and profiling AngularJS applications.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"ighdmehidhipcmcojjgiloacoafjmpfk\",\"locale\":\"\",\"name\":\"AngularJS Batarang\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ighdmehidhipcmcojjgiloacoafjmpfk/0.10.9_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"0.10.9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ighdmehidhipcmcojjgiloacoafjmpfk/0.10.9_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ighdmehidhipcmcojjgiloacoafjmpfk/0.10.9_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "ighdmehidhipcmcojjgiloacoafjmpfk", - "gid": "20", "description": "Extends the Developer Tools, adding tools for debugging and profiling AngularJS applications.", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "0.10.9", + "gid": "20", + "gid_signed": "20", + "identifier": "ighdmehidhipcmcojjgiloacoafjmpfk", + "name": "AngularJS Batarang", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ighdmehidhipcmcojjgiloacoafjmpfk/0.10.9_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "AngularJS Batarang", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "0.10.9" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Extends the Developer Tools, adding tools for debugging and profiling AngularJS applications.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"ighdmehidhipcmcojjgiloacoafjmpfk\",\"locale\":\"\",\"name\":\"AngularJS Batarang\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ighdmehidhipcmcojjgiloacoafjmpfk/0.10.9_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"0.10.9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"The easiest way to identify fonts on web pages.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"jabopobgcpjmedljpbcaablpmlmfcogm\",\"locale\":\"\",\"name\":\"WhatFont\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/jabopobgcpjmedljpbcaablpmlmfcogm/2.1.0_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/jabopobgcpjmedljpbcaablpmlmfcogm/2.1.0_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/jabopobgcpjmedljpbcaablpmlmfcogm/2.1.0_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "jabopobgcpjmedljpbcaablpmlmfcogm", - "gid": "20", "description": "The easiest way to identify fonts on web pages.", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "2.1.0", + "gid": "20", + "gid_signed": "20", + "identifier": "jabopobgcpjmedljpbcaablpmlmfcogm", + "name": "WhatFont", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/jabopobgcpjmedljpbcaablpmlmfcogm/2.1.0_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "WhatFont", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "2.1.0" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"The easiest way to identify fonts on web pages.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"jabopobgcpjmedljpbcaablpmlmfcogm\",\"locale\":\"\",\"name\":\"WhatFont\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/jabopobgcpjmedljpbcaablpmlmfcogm/2.1.0_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.1.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Enables screen sharing with Pexip Infinity\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"jmfbfggikgbdccejjilikgnfdjnpmlfe\",\"locale\":\"\",\"name\":\"Pexip Screensharing Extension\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/jmfbfggikgbdccejjilikgnfdjnpmlfe/0.0.5_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"0.0.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/jmfbfggikgbdccejjilikgnfdjnpmlfe/0.0.5_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/jmfbfggikgbdccejjilikgnfdjnpmlfe/0.0.5_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "jmfbfggikgbdccejjilikgnfdjnpmlfe", - "gid": "20", "description": "Enables screen sharing with Pexip Infinity", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "0.0.5", + "gid": "20", + "gid_signed": "20", + "identifier": "jmfbfggikgbdccejjilikgnfdjnpmlfe", + "name": "Pexip Screensharing Extension", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/jmfbfggikgbdccejjilikgnfdjnpmlfe/0.0.5_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Pexip Screensharing Extension", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "0.0.5" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Enables screen sharing with Pexip Infinity\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"jmfbfggikgbdccejjilikgnfdjnpmlfe\",\"locale\":\"\",\"name\":\"Pexip Screensharing Extension\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/jmfbfggikgbdccejjilikgnfdjnpmlfe/0.0.5_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"0.0.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Coverage reports overlay in Github and Bitbucket.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"keefkhehidemnokodkdkejapdgfjmijf\",\"locale\":\"\",\"name\":\"Codecov Extension\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/keefkhehidemnokodkdkejapdgfjmijf/1.0.9_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0.9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/keefkhehidemnokodkdkejapdgfjmijf/1.0.9_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/keefkhehidemnokodkdkejapdgfjmijf/1.0.9_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "keefkhehidemnokodkdkejapdgfjmijf", - "gid": "20", "description": "Coverage reports overlay in Github and Bitbucket.", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.0.9", + "gid": "20", + "gid_signed": "20", + "identifier": "keefkhehidemnokodkdkejapdgfjmijf", + "name": "Codecov Extension", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/keefkhehidemnokodkdkejapdgfjmijf/1.0.9_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Codecov Extension", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.0.9" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Coverage reports overlay in Github and Bitbucket.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"keefkhehidemnokodkdkejapdgfjmijf\",\"locale\":\"\",\"name\":\"Codecov Extension\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/keefkhehidemnokodkdkejapdgfjmijf/1.0.9_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0.9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Schedule Zoom meetings directly from Google Calendar\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"kgjfgplpablkjnlkjmjdecgdpfankdle\",\"locale\":\"en\",\"name\":\"Zoom Scheduler\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/kgjfgplpablkjnlkjmjdecgdpfankdle/1.4.19_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.4.19\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/kgjfgplpablkjnlkjmjdecgdpfankdle/1.4.19_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/kgjfgplpablkjnlkjmjdecgdpfankdle/1.4.19_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Schedule Zoom meetings directly from Google Calendar", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "kgjfgplpablkjnlkjmjdecgdpfankdle", - "gid": "20", - "description": "Schedule Zoom meetings directly from Google Calendar", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.4.19", + "name": "Zoom Scheduler", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/kgjfgplpablkjnlkjmjdecgdpfankdle/1.4.19_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Zoom Scheduler", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.4.19" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Schedule Zoom meetings directly from Google Calendar\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"kgjfgplpablkjnlkjmjdecgdpfankdle\",\"locale\":\"en\",\"name\":\"Zoom Scheduler\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/kgjfgplpablkjnlkjmjdecgdpfankdle/1.4.19_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.4.19\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Resize the browser window to emulate various screen resolutions.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"kkelicaakdanhinjdeammmilcgefonfh\",\"locale\":\"\",\"name\":\"Window Resizer\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/kkelicaakdanhinjdeammmilcgefonfh/2.6.0.2036_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.6.0.2036\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/kkelicaakdanhinjdeammmilcgefonfh/2.6.0.2036_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/kkelicaakdanhinjdeammmilcgefonfh/2.6.0.2036_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "kkelicaakdanhinjdeammmilcgefonfh", - "gid": "20", "description": "Resize the browser window to emulate various screen resolutions.", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "2.6.0.2036", + "gid": "20", + "gid_signed": "20", + "identifier": "kkelicaakdanhinjdeammmilcgefonfh", + "name": "Window Resizer", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/kkelicaakdanhinjdeammmilcgefonfh/2.6.0.2036_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Window Resizer", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "2.6.0.2036" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Resize the browser window to emulate various screen resolutions.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"kkelicaakdanhinjdeammmilcgefonfh\",\"locale\":\"\",\"name\":\"Window Resizer\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/kkelicaakdanhinjdeammmilcgefonfh/2.6.0.2036_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.6.0.2036\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Creates a contextual menu item to remove an element from the DOM\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"lnfececmldedlanmhbeljgdaofncfeho\",\"locale\":\"\",\"name\":\"Remove Element\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/lnfececmldedlanmhbeljgdaofncfeho/1.0.2_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/lnfececmldedlanmhbeljgdaofncfeho/1.0.2_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/lnfececmldedlanmhbeljgdaofncfeho/1.0.2_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "lnfececmldedlanmhbeljgdaofncfeho", - "gid": "20", "description": "Creates a contextual menu item to remove an element from the DOM", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.0.2", + "gid": "20", + "gid_signed": "20", + "identifier": "lnfececmldedlanmhbeljgdaofncfeho", + "name": "Remove Element", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/lnfececmldedlanmhbeljgdaofncfeho/1.0.2_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Remove Element", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.0.2" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Creates a contextual menu item to remove an element from the DOM\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"lnfececmldedlanmhbeljgdaofncfeho\",\"locale\":\"\",\"name\":\"Remove Element\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/lnfececmldedlanmhbeljgdaofncfeho/1.0.2_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Teamwork without email. Asana puts conversations and tasks together, so you can get more done with less effort.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"nafkcmbfnknnkmbdbdhflbidiigecfln\",\"locale\":\"\",\"name\":\"Asana\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nafkcmbfnknnkmbdbdhflbidiigecfln/1.0.8_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nafkcmbfnknnkmbdbdhflbidiigecfln/1.0.8_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nafkcmbfnknnkmbdbdhflbidiigecfln/1.0.8_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "nafkcmbfnknnkmbdbdhflbidiigecfln", - "gid": "20", "description": "Teamwork without email. Asana puts conversations and tasks together, so you can get more done with less effort.", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.0.8", + "gid": "20", + "gid_signed": "20", + "identifier": "nafkcmbfnknnkmbdbdhflbidiigecfln", + "name": "Asana", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nafkcmbfnknnkmbdbdhflbidiigecfln/1.0.8_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Asana", "update_url": "http://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.0.8" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Teamwork without email. Asana puts conversations and tasks together, so you can get more done with less effort.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"nafkcmbfnknnkmbdbdhflbidiigecfln\",\"locale\":\"\",\"name\":\"Asana\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nafkcmbfnknnkmbdbdhflbidiigecfln/1.0.8_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Pocket Extension for Chrome - The best way to save articles, videos and more\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"niloccemoadcdkdjlinkgdfekeahmflj\",\"locale\":\"en\",\"name\":\"Save to Pocket\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj/2.1.49_0/\",\"persistent\":\"1\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.1.49\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj/2.1.49_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj/2.1.49_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Pocket Extension for Chrome - The best way to save articles, videos and more", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "niloccemoadcdkdjlinkgdfekeahmflj", - "gid": "20", - "description": "Pocket Extension for Chrome - The best way to save articles, videos and more", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "2.1.49", + "name": "Save to Pocket", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj/2.1.49_0/", - "uid": "501", + "persistent": "1", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Save to Pocket", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "1", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "2.1.49" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Pocket Extension for Chrome - The best way to save articles, videos and more\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"niloccemoadcdkdjlinkgdfekeahmflj\",\"locale\":\"en\",\"name\":\"Save to Pocket\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj/2.1.49_0/\",\"persistent\":\"1\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"2.1.49\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"\\\\xC3\\\\x9Cbersetzt im Handumdrehen ein unbekanntes Wort einer Webseite!\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"nknonnojlmhnmjhpeokdbeineeajcemh\",\"locale\":\"en\",\"name\":\"dict-cc\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nknonnojlmhnmjhpeokdbeineeajcemh/1.6.89_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.6.89\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nknonnojlmhnmjhpeokdbeineeajcemh/1.6.89_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nknonnojlmhnmjhpeokdbeineeajcemh/1.6.89_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "\\xC3\\x9Cbersetzt im Handumdrehen ein unbekanntes Wort einer Webseite!", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "nknonnojlmhnmjhpeokdbeineeajcemh", - "gid": "20", - "description": "\\xC3\\x9Cbersetzt im Handumdrehen ein unbekanntes Wort einer Webseite!", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.6.89", + "name": "dict-cc", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nknonnojlmhnmjhpeokdbeineeajcemh/1.6.89_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "dict-cc", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.6.89" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"\\\\xC3\\\\x9Cbersetzt im Handumdrehen ein unbekanntes Wort einer Webseite!\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"nknonnojlmhnmjhpeokdbeineeajcemh\",\"locale\":\"en\",\"name\":\"dict-cc\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nknonnojlmhnmjhpeokdbeineeajcemh/1.6.89_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.6.89\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"__MSG_APP_DESCRIPTION__\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"nmmhkkegccagdldgiimedpiccmgmieda\",\"locale\":\"en\",\"name\":\"__MSG_APP_NAME__\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.3_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0.0.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.3_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.3_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "__MSG_APP_DESCRIPTION__", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "nmmhkkegccagdldgiimedpiccmgmieda", - "gid": "20", - "description": "__MSG_APP_DESCRIPTION__", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.0.0.3", + "name": "__MSG_APP_NAME__", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.3_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "__MSG_APP_NAME__", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.0.0.3" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"__MSG_APP_DESCRIPTION__\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"nmmhkkegccagdldgiimedpiccmgmieda\",\"locale\":\"en\",\"name\":\"__MSG_APP_NAME__\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.3_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.0.0.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"historio.us extension for Chrome\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"ofhbgdkgggdidebbnlhdkcfaegjdggii\",\"locale\":\"\",\"name\":\"historious extension\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ofhbgdkgggdidebbnlhdkcfaegjdggii/1.3.3_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ofhbgdkgggdidebbnlhdkcfaegjdggii/1.3.3_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ofhbgdkgggdidebbnlhdkcfaegjdggii/1.3.3_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "gid_signed": "20", - "identifier": "ofhbgdkgggdidebbnlhdkcfaegjdggii", - "gid": "20", "description": "historio.us extension for Chrome", "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "1.3.3", + "gid": "20", + "gid_signed": "20", + "identifier": "ofhbgdkgggdidebbnlhdkcfaegjdggii", + "name": "historious extension", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ofhbgdkgggdidebbnlhdkcfaegjdggii/1.3.3_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "historious extension", "update_url": "http://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "1.3.3" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"historio.us extension for Chrome\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"ofhbgdkgggdidebbnlhdkcfaegjdggii\",\"locale\":\"\",\"name\":\"historious extension\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/ofhbgdkgggdidebbnlhdkcfaegjdggii/1.3.3_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"1.3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Fast, searchable email with less spam.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"pjkljhegncpnkpknbcohdijeoejaedia\",\"locale\":\"en\",\"name\":\"Gmail\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia/8.1_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"8.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia/8.1_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia/8.1_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Fast, searchable email with less spam.", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "pjkljhegncpnkpknbcohdijeoejaedia", - "gid": "20", - "description": "Fast, searchable email with less spam.", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "8.1", + "name": "Gmail", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia/8.1_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Gmail", "update_url": "http://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "8.1" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Fast, searchable email with less spam.\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"pjkljhegncpnkpknbcohdijeoejaedia\",\"locale\":\"en\",\"name\":\"Gmail\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia/8.1_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"http://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"8.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Provider for discovery and services for mirroring of Chrome Media Router\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"pkedcjkdefgpdelpbcmbmeomcjbeemfm\",\"locale\":\"en\",\"name\":\"Chrome Media Router\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm/6317.1002.0.5_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"6317.1002.0.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm/6317.1002.0.5_0/", - "uid": "501", + "directory": "/Users/tsg", "gid": "20", - "directory": "/Users/tsg" + "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm/6317.1002.0.5_0/", + "uid": "501" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { + "description": "Provider for discovery and services for mirroring of Chrome Media Router", + "directory": "/Users/tsg", + "gid": "20", "gid_signed": "20", "identifier": "pkedcjkdefgpdelpbcmbmeomcjbeemfm", - "gid": "20", - "description": "Provider for discovery and services for mirroring of Chrome Media Router", "locale": "en", - "directory": "/Users/tsg", - "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", - "version": "6317.1002.0.5", + "name": "Chrome Media Router", "path": "/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm/6317.1002.0.5_0/", - "uid": "501", + "persistent": "0", "shell": "/bin/zsh", + "uid": "501", "uid_signed": "501", - "name": "Chrome Media Router", "update_url": "https://clients2.google.com/service/update2/crx", - "persistent": "0", - "username": "tsg" + "username": "tsg", + "uuid": "C4ED9367-E74A-4B3B-8E57-F97695D3919C", + "version": "6317.1002.0.5" }, - "name": "pack_it-compliance_chrome_extensions", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_chrome_extensions", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_chrome_extensions" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"author\":\"\",\"description\":\"Provider for discovery and services for mirroring of Chrome Media Router\",\"directory\":\"/Users/tsg\",\"gid\":\"20\",\"gid_signed\":\"20\",\"identifier\":\"pkedcjkdefgpdelpbcmbmeomcjbeemfm\",\"locale\":\"en\",\"name\":\"Chrome Media Router\",\"path\":\"/Users/tsg/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm/6317.1002.0.5_0/\",\"persistent\":\"0\",\"shell\":\"/bin/zsh\",\"uid\":\"501\",\"uid_signed\":\"501\",\"update_url\":\"https://clients2.google.com/service/update2/crx\",\"username\":\"tsg\",\"uuid\":\"C4ED9367-E74A-4B3B-8E57-F97695D3919C\",\"version\":\"6317.1002.0.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_chrome_extensions\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"arguments\":\" \",\"device\":\"0DB444B2-AA24-47DE-82EE-8942733B7171\",\"path\":\"/System/Library/PrelinkedKernels/prelinkedkernel\",\"version\":\"17.2.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_kernel_info\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { "path": "/System/Library/PrelinkedKernels/prelinkedkernel" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "path": "/System/Library/PrelinkedKernels/prelinkedkernel", "arguments": " ", "device": "0DB444B2-AA24-47DE-82EE-8942733B7171", + "path": "/System/Library/PrelinkedKernels/prelinkedkernel", "version": "17.2.0" }, - "name": "pack_it-compliance_kernel_info", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_kernel_info", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_kernel_info" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"arguments\":\" \",\"device\":\"0DB444B2-AA24-47DE-82EE-8942733B7171\",\"path\":\"/System/Library/PrelinkedKernels/prelinkedkernel\",\"version\":\"17.2.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_kernel_info\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75966945\",\"blocks_free\":\"76925354\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s1\",\"device_alias\":\"/dev/disk1s1\",\"flags\":\"75550720\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036853222768\",\"path\":\"/\",\"type\":\"apfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "type": "apfs", - "path": "/" + "path": "/", + "type": "apfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "path": "/", "blocks": "122061322", - "inodes": "9223372036854775807", - "flags": "75550720", - "inodes_free": "9223372036853222768", - "blocks_size": "4096", "blocks_available": "75966945", - "type": "apfs", + "blocks_free": "76925354", + "blocks_size": "4096", "device": "/dev/disk1s1", "device_alias": "/dev/disk1s1", - "blocks_free": "76925354" + "flags": "75550720", + "inodes": "9223372036854775807", + "inodes_free": "9223372036853222768", + "path": "/", + "type": "apfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_mounts", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75966945\",\"blocks_free\":\"76925354\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s1\",\"device_alias\":\"/dev/disk1s1\",\"flags\":\"75550720\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036853222768\",\"path\":\"/\",\"type\":\"apfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"blocks\":\"386\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"512\",\"device\":\"devfs\",\"device_alias\":\"devfs\",\"flags\":\"68161536\",\"inodes\":\"669\",\"inodes_free\":\"0\",\"path\":\"/dev\",\"type\":\"devfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "type": "devfs", - "path": "/dev" + "path": "/dev", + "type": "devfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "path": "/dev", "blocks": "386", - "inodes": "669", - "flags": "68161536", - "inodes_free": "0", - "blocks_size": "512", "blocks_available": "0", - "type": "devfs", + "blocks_free": "0", + "blocks_size": "512", "device": "devfs", "device_alias": "devfs", - "blocks_free": "0" + "flags": "68161536", + "inodes": "669", + "inodes_free": "0", + "path": "/dev", + "type": "devfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_mounts", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"blocks\":\"386\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"512\",\"device\":\"devfs\",\"device_alias\":\"devfs\",\"flags\":\"68161536\",\"inodes\":\"669\",\"inodes_free\":\"0\",\"path\":\"/dev\",\"type\":\"devfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75966945\",\"blocks_free\":\"121274885\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s4\",\"device_alias\":\"/dev/disk1s4\",\"flags\":\"345018372\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036854775804\",\"path\":\"/private/var/vm\",\"type\":\"apfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "type": "apfs", - "path": "/private/var/vm" + "path": "/private/var/vm", + "type": "apfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "path": "/private/var/vm", "blocks": "122061322", - "inodes": "9223372036854775807", - "flags": "345018372", - "inodes_free": "9223372036854775804", - "blocks_size": "4096", "blocks_available": "75966945", - "type": "apfs", + "blocks_free": "121274885", + "blocks_size": "4096", "device": "/dev/disk1s4", "device_alias": "/dev/disk1s4", - "blocks_free": "121274885" + "flags": "345018372", + "inodes": "9223372036854775807", + "inodes_free": "9223372036854775804", + "path": "/private/var/vm", + "type": "apfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_mounts", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75966945\",\"blocks_free\":\"121274885\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s4\",\"device_alias\":\"/dev/disk1s4\",\"flags\":\"345018372\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036854775804\",\"path\":\"/private/var/vm\",\"type\":\"apfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"1024\",\"device\":\"map -hosts\",\"device_alias\":\"map -hosts\",\"flags\":\"72351752\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/net\",\"type\":\"autofs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "type": "autofs", - "path": "/net" + "path": "/net", + "type": "autofs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "path": "/net", "blocks": "0", - "inodes": "0", - "flags": "72351752", - "inodes_free": "0", - "blocks_size": "1024", "blocks_available": "0", - "type": "autofs", + "blocks_free": "0", + "blocks_size": "1024", "device": "map -hosts", "device_alias": "map -hosts", - "blocks_free": "0" + "flags": "72351752", + "inodes": "0", + "inodes_free": "0", + "path": "/net", + "type": "autofs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_mounts", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"1024\",\"device\":\"map -hosts\",\"device_alias\":\"map -hosts\",\"flags\":\"72351752\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/net\",\"type\":\"autofs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"1024\",\"device\":\"map auto_home\",\"device_alias\":\"map auto_home\",\"flags\":\"72351744\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/home\",\"type\":\"autofs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, "file": { - "type": "autofs", - "path": "/home" + "path": "/home", + "type": "autofs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "path": "/home", "blocks": "0", - "inodes": "0", - "flags": "72351744", - "inodes_free": "0", - "blocks_size": "1024", "blocks_available": "0", - "type": "autofs", + "blocks_free": "0", + "blocks_size": "1024", "device": "map auto_home", "device_alias": "map auto_home", - "blocks_free": "0" + "flags": "72351744", + "inodes": "0", + "inodes_free": "0", + "path": "/home", + "type": "autofs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_mounts", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"1024\",\"device\":\"map auto_home\",\"device_alias\":\"map auto_home\",\"flags\":\"72351744\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/home\",\"type\":\"autofs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"build_distro\":\"10.12\",\"build_platform\":\"darwin\",\"config_hash\":\"1581da8caee901b1a74d8735f1d15547ae2cb134\",\"config_valid\":\"1\",\"datetime\":\"2017-12-28T14:39:57Z\",\"day\":\"28\",\"extensions\":\"active\",\"hour\":\"14\",\"instance_id\":\"56b13ad9-0198-499c-89d3-d74fc403cdce\",\"iso_8601\":\"2017-12-28T14:39:57Z\",\"local_time\":\"1514471997\",\"local_timezone\":\"EET\",\"minutes\":\"39\",\"month\":\"12\",\"pid\":\"5651\",\"seconds\":\"57\",\"start_time\":\"1514471988\",\"timestamp\":\"Thu Dec 28 14:39:57 2017 UTC\",\"timezone\":\"UTC\",\"unix_time\":\"1514471997\",\"uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"version\":\"2.11.0\",\"watcher\":\"5650\",\"weekday\":\"Thursday\",\"year\":\"2017\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_osquery_info\",\"unixTime\":\"1514471997\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", "columns": { - "year": "2017", - "timezone": "UTC", - "unix_time": "1514471997", - "weekday": "Thursday", - "config_valid": "1", - "pid": "5651", - "uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", + "build_distro": "10.12", "build_platform": "darwin", + "config_hash": "1581da8caee901b1a74d8735f1d15547ae2cb134", + "config_valid": "1", "datetime": "2017-12-28T14:39:57Z", - "seconds": "57", + "day": "28", + "extensions": "active", "hour": "14", + "instance_id": "56b13ad9-0198-499c-89d3-d74fc403cdce", + "iso_8601": "2017-12-28T14:39:57Z", "local_time": "1514471997", "local_timezone": "EET", - "build_distro": "10.12", - "day": "28", - "timestamp": "Thu Dec 28 14:39:57 2017 UTC", - "watcher": "5650", "minutes": "39", - "version": "2.11.0", - "config_hash": "1581da8caee901b1a74d8735f1d15547ae2cb134", - "start_time": "1514471988", - "extensions": "active", - "instance_id": "56b13ad9-0198-499c-89d3-d74fc403cdce", "month": "12", - "iso_8601": "2017-12-28T14:39:57Z" + "pid": "5651", + "seconds": "57", + "start_time": "1514471988", + "timestamp": "Thu Dec 28 14:39:57 2017 UTC", + "timezone": "UTC", + "unix_time": "1514471997", + "uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", + "version": "2.11.0", + "watcher": "5650", + "weekday": "Thursday", + "year": "2017" }, - "name": "pack_it-compliance_osquery_info", - "unix_time": "1514471997", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:57 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_osquery_info", + "unix_time": "1514471997" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_osquery_info" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:57 2017 UTC\",\"columns\":{\"build_distro\":\"10.12\",\"build_platform\":\"darwin\",\"config_hash\":\"1581da8caee901b1a74d8735f1d15547ae2cb134\",\"config_valid\":\"1\",\"datetime\":\"2017-12-28T14:39:57Z\",\"day\":\"28\",\"extensions\":\"active\",\"hour\":\"14\",\"instance_id\":\"56b13ad9-0198-499c-89d3-d74fc403cdce\",\"iso_8601\":\"2017-12-28T14:39:57Z\",\"local_time\":\"1514471997\",\"local_timezone\":\"EET\",\"minutes\":\"39\",\"month\":\"12\",\"pid\":\"5651\",\"seconds\":\"57\",\"start_time\":\"1514471988\",\"timestamp\":\"Thu Dec 28 14:39:57 2017 UTC\",\"timezone\":\"UTC\",\"unix_time\":\"1514471997\",\"uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"version\":\"2.11.0\",\"watcher\":\"5650\",\"weekday\":\"Thursday\",\"year\":\"2017\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_osquery_info\",\"unixTime\":\"1514471997\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:58.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:58 2017 UTC\",\"columns\":{\"class\":\"\",\"model\":\"AppleUSBXHCI Root Hub Simulation\",\"model_id\":\"8007\",\"protocol\":\"\",\"removable\":\"0\",\"serial\":\"0\",\"subclass\":\"\",\"usb_address\":\"\",\"usb_port\":\"\",\"vendor\":\"Apple Inc.\",\"vendor_id\":\"05ac\",\"version\":\"0.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_usb_devices\",\"unixTime\":\"1514471998\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:58 2017 UTC", "columns": { - "serial": "0", + "model": "AppleUSBXHCI Root Hub Simulation", + "model_id": "8007", "removable": "0", + "serial": "0", "vendor": "Apple Inc.", "vendor_id": "05ac", - "model": "AppleUSBXHCI Root Hub Simulation", - "model_id": "8007", "version": "0.0" }, - "name": "pack_it-compliance_usb_devices", - "unix_time": "1514471998", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:58 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_usb_devices", + "unix_time": "1514471998" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_usb_devices" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:58 2017 UTC\",\"columns\":{\"class\":\"\",\"model\":\"AppleUSBXHCI Root Hub Simulation\",\"model_id\":\"8007\",\"protocol\":\"\",\"removable\":\"0\",\"serial\":\"0\",\"subclass\":\"\",\"usb_address\":\"\",\"usb_port\":\"\",\"vendor\":\"Apple Inc.\",\"vendor_id\":\"05ac\",\"version\":\"0.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_usb_devices\",\"unixTime\":\"1514471998\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:39:58.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:58 2017 UTC\",\"columns\":{\"class\":\"\",\"model\":\"iBridge\",\"model_id\":\"8600\",\"protocol\":\"\",\"removable\":\"0\",\"serial\":\"0\",\"subclass\":\"\",\"usb_address\":\"1\",\"usb_port\":\"1\",\"vendor\":\"Apple Inc.\",\"vendor_id\":\"05ac\",\"version\":\"1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_usb_devices\",\"unixTime\":\"1514471998\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:39:58 2017 UTC", "columns": { - "usb_address": "1", - "serial": "0", - "removable": "0", - "vendor": "Apple Inc.", - "vendor_id": "05ac", "model": "iBridge", "model_id": "8600", + "removable": "0", + "serial": "0", + "usb_address": "1", "usb_port": "1", + "vendor": "Apple Inc.", + "vendor_id": "05ac", "version": "1.1" }, - "name": "pack_it-compliance_usb_devices", - "unix_time": "1514471998", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 28 14:39:58 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_usb_devices", + "unix_time": "1514471998" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_usb_devices" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:39:58 2017 UTC\",\"columns\":{\"class\":\"\",\"model\":\"iBridge\",\"model_id\":\"8600\",\"protocol\":\"\",\"removable\":\"0\",\"serial\":\"0\",\"subclass\":\"\",\"usb_address\":\"1\",\"usb_port\":\"1\",\"vendor\":\"Apple Inc.\",\"vendor_id\":\"05ac\",\"version\":\"1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_usb_devices\",\"unixTime\":\"1514471998\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:40:08.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "removed", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"removed\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75966945\",\"blocks_free\":\"121274885\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s4\",\"device_alias\":\"/dev/disk1s4\",\"flags\":\"345018372\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036854775804\",\"path\":\"/private/var/vm\",\"type\":\"apfs\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514472008\"}", + "type": "info" + }, "file": { - "type": "apfs", - "path": "/private/var/vm" + "path": "/private/var/vm", + "type": "apfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "removed", + "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", "columns": { - "path": "/private/var/vm", "blocks": "122061322", - "inodes": "9223372036854775807", - "flags": "345018372", - "inodes_free": "9223372036854775804", - "blocks_size": "4096", "blocks_available": "75966945", - "type": "apfs", + "blocks_free": "121274885", + "blocks_size": "4096", "device": "/dev/disk1s4", "device_alias": "/dev/disk1s4", - "blocks_free": "121274885" + "flags": "345018372", + "inodes": "9223372036854775807", + "inodes_free": "9223372036854775804", + "path": "/private/var/vm", + "type": "apfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1514472008", - "action": "removed", + "counter": "1", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "1", - "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_mounts", + "unix_time": "1514472008" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "removed", - "original": "{\"action\":\"removed\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75966945\",\"blocks_free\":\"121274885\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s4\",\"device_alias\":\"/dev/disk1s4\",\"flags\":\"345018372\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036854775804\",\"path\":\"/private/var/vm\",\"type\":\"apfs\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514472008\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:40:08.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "removed", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"removed\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75966945\",\"blocks_free\":\"76925354\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s1\",\"device_alias\":\"/dev/disk1s1\",\"flags\":\"75550720\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036853222768\",\"path\":\"/\",\"type\":\"apfs\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514472008\"}", + "type": "info" + }, "file": { - "type": "apfs", - "path": "/" + "path": "/", + "type": "apfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "removed", + "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", "columns": { - "path": "/", "blocks": "122061322", - "inodes": "9223372036854775807", - "flags": "75550720", - "inodes_free": "9223372036853222768", - "blocks_size": "4096", "blocks_available": "75966945", - "type": "apfs", + "blocks_free": "76925354", + "blocks_size": "4096", "device": "/dev/disk1s1", "device_alias": "/dev/disk1s1", - "blocks_free": "76925354" + "flags": "75550720", + "inodes": "9223372036854775807", + "inodes_free": "9223372036853222768", + "path": "/", + "type": "apfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1514472008", - "action": "removed", + "counter": "1", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "1", - "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_mounts", + "unix_time": "1514472008" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "removed", - "original": "{\"action\":\"removed\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75966945\",\"blocks_free\":\"76925354\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s1\",\"device_alias\":\"/dev/disk1s1\",\"flags\":\"75550720\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036853222768\",\"path\":\"/\",\"type\":\"apfs\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514472008\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:40:08.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75967194\",\"blocks_free\":\"76925603\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s1\",\"device_alias\":\"/dev/disk1s1\",\"flags\":\"75550720\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036853222766\",\"path\":\"/\",\"type\":\"apfs\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514472008\"}", + "type": "info" + }, "file": { - "type": "apfs", - "path": "/" + "path": "/", + "type": "apfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", "columns": { - "path": "/", "blocks": "122061322", - "inodes": "9223372036854775807", - "flags": "75550720", - "inodes_free": "9223372036853222766", - "blocks_size": "4096", "blocks_available": "75967194", - "type": "apfs", + "blocks_free": "76925603", + "blocks_size": "4096", "device": "/dev/disk1s1", "device_alias": "/dev/disk1s1", - "blocks_free": "76925603" + "flags": "75550720", + "inodes": "9223372036854775807", + "inodes_free": "9223372036853222766", + "path": "/", + "type": "apfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1514472008", - "action": "added", + "counter": "1", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "1", - "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_mounts", + "unix_time": "1514472008" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75967194\",\"blocks_free\":\"76925603\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s1\",\"device_alias\":\"/dev/disk1s1\",\"flags\":\"75550720\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036853222766\",\"path\":\"/\",\"type\":\"apfs\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514472008\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:40:08.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75967194\",\"blocks_free\":\"121274885\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s4\",\"device_alias\":\"/dev/disk1s4\",\"flags\":\"345018372\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036854775804\",\"path\":\"/private/var/vm\",\"type\":\"apfs\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514472008\"}", + "type": "info" + }, "file": { - "type": "apfs", - "path": "/private/var/vm" + "path": "/private/var/vm", + "type": "apfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", "columns": { - "path": "/private/var/vm", "blocks": "122061322", - "inodes": "9223372036854775807", - "flags": "345018372", - "inodes_free": "9223372036854775804", - "blocks_size": "4096", "blocks_available": "75967194", - "type": "apfs", + "blocks_free": "121274885", + "blocks_size": "4096", "device": "/dev/disk1s4", "device_alias": "/dev/disk1s4", - "blocks_free": "121274885" + "flags": "345018372", + "inodes": "9223372036854775807", + "inodes_free": "9223372036854775804", + "path": "/private/var/vm", + "type": "apfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1514472008", - "action": "added", + "counter": "1", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "1", - "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_mounts", + "unix_time": "1514472008" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" - ] - }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" + ], + "user": [ + "tsg" + ] }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"75967194\",\"blocks_free\":\"121274885\",\"blocks_size\":\"4096\",\"device\":\"/dev/disk1s4\",\"device_alias\":\"/dev/disk1s4\",\"flags\":\"345018372\",\"inodes\":\"9223372036854775807\",\"inodes_free\":\"9223372036854775804\",\"path\":\"/private/var/vm\",\"type\":\"apfs\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1514472008\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "removed", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"removed\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"build_distro\":\"10.12\",\"build_platform\":\"darwin\",\"config_hash\":\"1581da8caee901b1a74d8735f1d15547ae2cb134\",\"config_valid\":\"1\",\"datetime\":\"2017-12-28T14:39:57Z\",\"day\":\"28\",\"extensions\":\"active\",\"hour\":\"14\",\"instance_id\":\"56b13ad9-0198-499c-89d3-d74fc403cdce\",\"iso_8601\":\"2017-12-28T14:39:57Z\",\"local_time\":\"1514471997\",\"local_timezone\":\"EET\",\"minutes\":\"39\",\"month\":\"12\",\"pid\":\"5651\",\"seconds\":\"57\",\"start_time\":\"1514471988\",\"timestamp\":\"Thu Dec 28 14:39:57 2017 UTC\",\"timezone\":\"UTC\",\"unix_time\":\"1514471997\",\"uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"version\":\"2.11.0\",\"watcher\":\"5650\",\"weekday\":\"Thursday\",\"year\":\"2017\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_osquery_info\",\"unixTime\":\"1514472008\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "removed", + "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", "columns": { - "year": "2017", - "timezone": "UTC", - "unix_time": "1514471997", - "weekday": "Thursday", - "config_valid": "1", - "pid": "5651", - "uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", + "build_distro": "10.12", "build_platform": "darwin", + "config_hash": "1581da8caee901b1a74d8735f1d15547ae2cb134", + "config_valid": "1", "datetime": "2017-12-28T14:39:57Z", - "seconds": "57", + "day": "28", + "extensions": "active", "hour": "14", + "instance_id": "56b13ad9-0198-499c-89d3-d74fc403cdce", + "iso_8601": "2017-12-28T14:39:57Z", "local_time": "1514471997", "local_timezone": "EET", - "build_distro": "10.12", - "day": "28", - "timestamp": "Thu Dec 28 14:39:57 2017 UTC", - "watcher": "5650", "minutes": "39", - "version": "2.11.0", - "config_hash": "1581da8caee901b1a74d8735f1d15547ae2cb134", - "start_time": "1514471988", - "extensions": "active", - "instance_id": "56b13ad9-0198-499c-89d3-d74fc403cdce", "month": "12", - "iso_8601": "2017-12-28T14:39:57Z" + "pid": "5651", + "seconds": "57", + "start_time": "1514471988", + "timestamp": "Thu Dec 28 14:39:57 2017 UTC", + "timezone": "UTC", + "unix_time": "1514471997", + "uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", + "version": "2.11.0", + "watcher": "5650", + "weekday": "Thursday", + "year": "2017" }, - "name": "pack_it-compliance_osquery_info", - "unix_time": "1514472008", - "action": "removed", + "counter": "1", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "1", - "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_osquery_info", + "unix_time": "1514472008" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_osquery_info" }, - "event": { - "action": "removed", - "original": "{\"action\":\"removed\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"build_distro\":\"10.12\",\"build_platform\":\"darwin\",\"config_hash\":\"1581da8caee901b1a74d8735f1d15547ae2cb134\",\"config_valid\":\"1\",\"datetime\":\"2017-12-28T14:39:57Z\",\"day\":\"28\",\"extensions\":\"active\",\"hour\":\"14\",\"instance_id\":\"56b13ad9-0198-499c-89d3-d74fc403cdce\",\"iso_8601\":\"2017-12-28T14:39:57Z\",\"local_time\":\"1514471997\",\"local_timezone\":\"EET\",\"minutes\":\"39\",\"month\":\"12\",\"pid\":\"5651\",\"seconds\":\"57\",\"start_time\":\"1514471988\",\"timestamp\":\"Thu Dec 28 14:39:57 2017 UTC\",\"timezone\":\"UTC\",\"unix_time\":\"1514471997\",\"uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"version\":\"2.11.0\",\"watcher\":\"5650\",\"weekday\":\"Thursday\",\"year\":\"2017\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_osquery_info\",\"unixTime\":\"1514472008\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"build_distro\":\"10.12\",\"build_platform\":\"darwin\",\"config_hash\":\"1581da8caee901b1a74d8735f1d15547ae2cb134\",\"config_valid\":\"1\",\"datetime\":\"2017-12-28T14:40:08Z\",\"day\":\"28\",\"extensions\":\"active\",\"hour\":\"14\",\"instance_id\":\"56b13ad9-0198-499c-89d3-d74fc403cdce\",\"iso_8601\":\"2017-12-28T14:40:08Z\",\"local_time\":\"1514472008\",\"local_timezone\":\"EET\",\"minutes\":\"40\",\"month\":\"12\",\"pid\":\"5651\",\"seconds\":\"8\",\"start_time\":\"1514471988\",\"timestamp\":\"Thu Dec 28 14:40:08 2017 UTC\",\"timezone\":\"UTC\",\"unix_time\":\"1514472008\",\"uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"version\":\"2.11.0\",\"watcher\":\"5650\",\"weekday\":\"Thursday\",\"year\":\"2017\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_osquery_info\",\"unixTime\":\"1514472008\"}", + "type": "info" + }, + "host": { + "hostname": "192-168-0-4.rdsnet.ro", + "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", "columns": { - "year": "2017", - "timezone": "UTC", - "unix_time": "1514472008", - "weekday": "Thursday", - "config_valid": "1", - "pid": "5651", - "uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", + "build_distro": "10.12", "build_platform": "darwin", + "config_hash": "1581da8caee901b1a74d8735f1d15547ae2cb134", + "config_valid": "1", "datetime": "2017-12-28T14:40:08Z", - "seconds": "8", + "day": "28", + "extensions": "active", "hour": "14", + "instance_id": "56b13ad9-0198-499c-89d3-d74fc403cdce", + "iso_8601": "2017-12-28T14:40:08Z", "local_time": "1514472008", "local_timezone": "EET", - "build_distro": "10.12", - "day": "28", - "timestamp": "Thu Dec 28 14:40:08 2017 UTC", - "watcher": "5650", "minutes": "40", - "version": "2.11.0", - "config_hash": "1581da8caee901b1a74d8735f1d15547ae2cb134", - "start_time": "1514471988", - "extensions": "active", - "instance_id": "56b13ad9-0198-499c-89d3-d74fc403cdce", "month": "12", - "iso_8601": "2017-12-28T14:40:08Z" + "pid": "5651", + "seconds": "8", + "start_time": "1514471988", + "timestamp": "Thu Dec 28 14:40:08 2017 UTC", + "timezone": "UTC", + "unix_time": "1514472008", + "uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", + "version": "2.11.0", + "watcher": "5650", + "weekday": "Thursday", + "year": "2017" }, - "name": "pack_it-compliance_osquery_info", - "unix_time": "1514472008", - "action": "added", + "counter": "1", "decorations": { "host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", "username": "tsg" }, "epoch": "0", - "counter": "1", - "calendar_time": "Thu Dec 28 14:40:08 2017 UTC", - "host_identifier": "192-168-0-4.rdsnet.ro" + "host_identifier": "192-168-0-4.rdsnet.ro", + "name": "pack_it-compliance_osquery_info", + "unix_time": "1514472008" } }, "related": { - "user": [ - "tsg" - ], "hosts": [ "192-168-0-4.rdsnet.ro" + ], + "user": [ + "tsg" ] }, - "host": { - "hostname": "192-168-0-4.rdsnet.ro", - "id": "4AB2906D-5516-5794-AF54-86D1D7F533F3" - }, "rule": { "name": "pack_it-compliance_osquery_info" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 28 14:40:08 2017 UTC\",\"columns\":{\"build_distro\":\"10.12\",\"build_platform\":\"darwin\",\"config_hash\":\"1581da8caee901b1a74d8735f1d15547ae2cb134\",\"config_valid\":\"1\",\"datetime\":\"2017-12-28T14:40:08Z\",\"day\":\"28\",\"extensions\":\"active\",\"hour\":\"14\",\"instance_id\":\"56b13ad9-0198-499c-89d3-d74fc403cdce\",\"iso_8601\":\"2017-12-28T14:40:08Z\",\"local_time\":\"1514472008\",\"local_timezone\":\"EET\",\"minutes\":\"40\",\"month\":\"12\",\"pid\":\"5651\",\"seconds\":\"8\",\"start_time\":\"1514471988\",\"timestamp\":\"Thu Dec 28 14:40:08 2017 UTC\",\"timezone\":\"UTC\",\"unix_time\":\"1514472008\",\"uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"version\":\"2.11.0\",\"watcher\":\"5650\",\"weekday\":\"Thursday\",\"year\":\"2017\"},\"counter\":\"1\",\"decorations\":{\"host_uuid\":\"4AB2906D-5516-5794-AF54-86D1D7F533F3\",\"username\":\"tsg\"},\"epoch\":\"0\",\"hostIdentifier\":\"192-168-0-4.rdsnet.ro\",\"name\":\"pack_it-compliance_osquery_info\",\"unixTime\":\"1514472008\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "tsg" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "tsg" + } }, { "@timestamp": "2017-12-07T12:21:20.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 12:21:20 2017 UTC\",\"columns\":{\"cpu_brand\":\"Intel(R) Core(TM) i7-7567U CPU @ 3.50GHz\",\"hostname\":\"ubuntu-xenial\",\"physical_memory\":\"1040322560\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"name\":\"osqueryd\",\"path\":\"/usr/bin/osqueryd\",\"pid\":\"10917\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"system_info\",\"unixTime\":\"1512649280\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 12:21:20 2017 UTC", "columns": { - "hostname": "ubuntu-xenial", "cpu_brand": "Intel(R) Core(TM) i7-7567U CPU @ 3.50GHz", + "hostname": "ubuntu-xenial", "physical_memory": "1040322560" }, - "name": "system_info", - "unix_time": "1512649280", - "action": "added", + "counter": "0", "decorations": { + "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "name": "osqueryd", "path": "/usr/bin/osqueryd", "pid": "10917", - "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 12:21:20 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "system_info", + "unix_time": "1512649280" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "system_info" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 12:21:20 2017 UTC\",\"columns\":{\"cpu_brand\":\"Intel(R) Core(TM) i7-7567U CPU @ 3.50GHz\",\"hostname\":\"ubuntu-xenial\",\"physical_memory\":\"1040322560\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"name\":\"osqueryd\",\"path\":\"/usr/bin/osqueryd\",\"pid\":\"10917\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"system_info\",\"unixTime\":\"1512649280\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0380000\",\"name\":\"ufs\",\"size\":\"73728\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 73728 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "ufs", "address": "0xffffffffc0380000", + "name": "ufs", "size": "73728", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0380000\",\"name\":\"ufs\",\"size\":\"73728\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc032c000\",\"name\":\"msdos\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 20480 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "msdos", "address": "0xffffffffc032c000", + "name": "msdos", "size": "20480", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc032c000\",\"name\":\"msdos\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc03e2000\",\"name\":\"xfs\",\"size\":\"974848\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 974848 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "xfs", "address": "0xffffffffc03e2000", + "name": "xfs", "size": "974848", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc03e2000\",\"name\":\"xfs\",\"size\":\"974848\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0373000\",\"name\":\"vboxsf\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 49152 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "vboxsf", "address": "0xffffffffc0373000", + "name": "vboxsf", "size": "49152", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0373000\",\"name\":\"vboxsf\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0368000\",\"name\":\"isofs\",\"size\":\"40960\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 40960 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "isofs", "address": "0xffffffffc0368000", + "name": "isofs", "size": "40960", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0368000\",\"name\":\"isofs\",\"size\":\"40960\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02a5000\",\"name\":\"ppdev\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 20480 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "ppdev", "address": "0xffffffffc02a5000", + "name": "ppdev", "size": "20480", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02a5000\",\"name\":\"ppdev\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc030a000\",\"name\":\"input_leds\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "input_leds", "address": "0xffffffffc030a000", + "name": "input_leds", "size": "16384", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc030a000\",\"name\":\"input_leds\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0171000\",\"name\":\"serio_raw\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "serio_raw", "address": "0xffffffffc0171000", + "name": "serio_raw", "size": "16384", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0171000\",\"name\":\"serio_raw\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc039b000\",\"name\":\"vboxguest\",\"size\":\"286720\",\"status\":\"Live\",\"used_by\":\"vboxsf\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 286720 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "vboxguest", "address": "0xffffffffc039b000", + "name": "vboxguest", "size": "286720", - "used_by": "vboxsf", - "status": "Live" + "status": "Live", + "used_by": "vboxsf" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc039b000\",\"name\":\"vboxguest\",\"size\":\"286720\",\"status\":\"Live\",\"used_by\":\"vboxsf\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc035f000\",\"name\":\"parport_pc\",\"size\":\"32768\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 32768 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "parport_pc", "address": "0xffffffffc035f000", + "name": "parport_pc", "size": "32768", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc035f000\",\"name\":\"parport_pc\",\"size\":\"32768\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02e7000\",\"name\":\"video\",\"size\":\"40960\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 40960 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "video", "address": "0xffffffffc02e7000", + "name": "video", "size": "40960", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02e7000\",\"name\":\"video\",\"size\":\"40960\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0352000\",\"name\":\"parport\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"ppdev,parport_pc\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 49152 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "parport", "address": "0xffffffffc0352000", + "name": "parport", "size": "49152", - "used_by": "ppdev,parport_pc", - "status": "Live" + "status": "Live", + "used_by": "ppdev,parport_pc" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0352000\",\"name\":\"parport\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"ppdev,parport_pc\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0345000\",\"name\":\"ib_iser\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 49152 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "ib_iser", "address": "0xffffffffc0345000", + "name": "ib_iser", "size": "49152", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0345000\",\"name\":\"ib_iser\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0332000\",\"name\":\"rdma_cm\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"ib_iser\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 49152 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "rdma_cm", "address": "0xffffffffc0332000", + "name": "rdma_cm", "size": "49152", - "used_by": "ib_iser", - "status": "Live" + "status": "Live", + "used_by": "ib_iser" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0332000\",\"name\":\"rdma_cm\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"ib_iser\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0320000\",\"name\":\"iw_cm\",\"size\":\"45056\",\"status\":\"Live\",\"used_by\":\"rdma_cm\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 45056 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "iw_cm", "address": "0xffffffffc0320000", + "name": "iw_cm", "size": "45056", - "used_by": "rdma_cm", - "status": "Live" + "status": "Live", + "used_by": "rdma_cm" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0320000\",\"name\":\"iw_cm\",\"size\":\"45056\",\"status\":\"Live\",\"used_by\":\"rdma_cm\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc030f000\",\"name\":\"ib_cm\",\"size\":\"45056\",\"status\":\"Live\",\"used_by\":\"rdma_cm\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 45056 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "ib_cm", "address": "0xffffffffc030f000", + "name": "ib_cm", "size": "45056", - "used_by": "rdma_cm", - "status": "Live" + "status": "Live", + "used_by": "rdma_cm" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc030f000\",\"name\":\"ib_cm\",\"size\":\"45056\",\"status\":\"Live\",\"used_by\":\"rdma_cm\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0300000\",\"name\":\"ib_sa\",\"size\":\"36864\",\"status\":\"Live\",\"used_by\":\"rdma_cm,ib_cm\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 36864 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "ib_sa", "address": "0xffffffffc0300000", + "name": "ib_sa", "size": "36864", - "used_by": "rdma_cm,ib_cm", - "status": "Live" + "status": "Live", + "used_by": "rdma_cm,ib_cm" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0300000\",\"name\":\"ib_sa\",\"size\":\"36864\",\"status\":\"Live\",\"used_by\":\"rdma_cm,ib_cm\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02f3000\",\"name\":\"ib_mad\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"ib_cm,ib_sa\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 49152 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "ib_mad", "address": "0xffffffffc02f3000", + "name": "ib_mad", "size": "49152", - "used_by": "ib_cm,ib_sa", - "status": "Live" + "status": "Live", + "used_by": "ib_cm,ib_sa" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02f3000\",\"name\":\"ib_mad\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"ib_cm,ib_sa\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02cc000\",\"name\":\"ib_core\",\"size\":\"106496\",\"status\":\"Live\",\"used_by\":\"ib_iser,rdma_cm,iw_cm,ib_cm,ib_sa,ib_mad\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 106496 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "ib_core", "address": "0xffffffffc02cc000", + "name": "ib_core", "size": "106496", - "used_by": "ib_iser,rdma_cm,iw_cm,ib_cm,ib_sa,ib_mad", - "status": "Live" + "status": "Live", + "used_by": "ib_iser,rdma_cm,iw_cm,ib_cm,ib_sa,ib_mad" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02cc000\",\"name\":\"ib_core\",\"size\":\"106496\",\"status\":\"Live\",\"used_by\":\"ib_iser,rdma_cm,iw_cm,ib_cm,ib_sa,ib_mad\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02a0000\",\"name\":\"ib_addr\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"rdma_cm,ib_core\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "ib_addr", "address": "0xffffffffc02a0000", + "name": "ib_addr", "size": "16384", - "used_by": "rdma_cm,ib_core", - "status": "Live" + "status": "Live", + "used_by": "rdma_cm,ib_core" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02a0000\",\"name\":\"ib_addr\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"rdma_cm,ib_core\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02c2000\",\"name\":\"iscsi_tcp\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 20480 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "iscsi_tcp", "address": "0xffffffffc02c2000", + "name": "iscsi_tcp", "size": "20480", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02c2000\",\"name\":\"iscsi_tcp\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02bb000\",\"name\":\"libiscsi_tcp\",\"size\":\"24576\",\"status\":\"Live\",\"used_by\":\"iscsi_tcp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 24576 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "libiscsi_tcp", "address": "0xffffffffc02bb000", + "name": "libiscsi_tcp", "size": "24576", - "used_by": "iscsi_tcp", - "status": "Live" + "status": "Live", + "used_by": "iscsi_tcp" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02bb000\",\"name\":\"libiscsi_tcp\",\"size\":\"24576\",\"status\":\"Live\",\"used_by\":\"iscsi_tcp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02ad000\",\"name\":\"libiscsi\",\"size\":\"53248\",\"status\":\"Live\",\"used_by\":\"ib_iser,iscsi_tcp,libiscsi_tcp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 53248 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "libiscsi", "address": "0xffffffffc02ad000", + "name": "libiscsi", "size": "53248", - "used_by": "ib_iser,iscsi_tcp,libiscsi_tcp", - "status": "Live" + "status": "Live", + "used_by": "ib_iser,iscsi_tcp,libiscsi_tcp" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc02ad000\",\"name\":\"libiscsi\",\"size\":\"53248\",\"status\":\"Live\",\"used_by\":\"ib_iser,iscsi_tcp,libiscsi_tcp\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0287000\",\"name\":\"scsi_transport_iscsi\",\"size\":\"98304\",\"status\":\"Live\",\"used_by\":\"ib_iser,iscsi_tcp,libiscsi\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 98304 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "scsi_transport_iscsi", "address": "0xffffffffc0287000", + "name": "scsi_transport_iscsi", "size": "98304", - "used_by": "ib_iser,iscsi_tcp,libiscsi", - "status": "Live" + "status": "Live", + "used_by": "ib_iser,iscsi_tcp,libiscsi" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0287000\",\"name\":\"scsi_transport_iscsi\",\"size\":\"98304\",\"status\":\"Live\",\"used_by\":\"ib_iser,iscsi_tcp,libiscsi\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc027c000\",\"name\":\"autofs4\",\"size\":\"40960\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 40960 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "autofs4", "address": "0xffffffffc027c000", + "name": "autofs4", "size": "40960", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc027c000\",\"name\":\"autofs4\",\"size\":\"40960\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0189000\",\"name\":\"btrfs\",\"size\":\"991232\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 991232 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "btrfs", "address": "0xffffffffc0189000", + "name": "btrfs", "size": "991232", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0189000\",\"name\":\"btrfs\",\"size\":\"991232\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0178000\",\"name\":\"raid10\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 49152 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "raid10", "address": "0xffffffffc0178000", + "name": "raid10", "size": "49152", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0178000\",\"name\":\"raid10\",\"size\":\"49152\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0155000\",\"name\":\"raid456\",\"size\":\"110592\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 110592 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "raid456", "address": "0xffffffffc0155000", + "name": "raid456", "size": "110592", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0155000\",\"name\":\"raid456\",\"size\":\"110592\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc014f000\",\"name\":\"async_raid6_recov\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"raid456\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 20480 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "async_raid6_recov", "address": "0xffffffffc014f000", + "name": "async_raid6_recov", "size": "20480", - "used_by": "raid456", - "status": "Live" + "status": "Live", + "used_by": "raid456" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc014f000\",\"name\":\"async_raid6_recov\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"raid456\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc000e000\",\"name\":\"async_memcpy\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"raid456,async_raid6_recov\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "async_memcpy", "address": "0xffffffffc000e000", + "name": "async_memcpy", "size": "16384", - "used_by": "raid456,async_raid6_recov", - "status": "Live" + "status": "Live", + "used_by": "raid456,async_raid6_recov" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc000e000\",\"name\":\"async_memcpy\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"raid456,async_raid6_recov\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc014a000\",\"name\":\"async_pq\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"raid456,async_raid6_recov\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "async_pq", "address": "0xffffffffc014a000", + "name": "async_pq", "size": "16384", - "used_by": "raid456,async_raid6_recov", - "status": "Live" + "status": "Live", + "used_by": "raid456,async_raid6_recov" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc014a000\",\"name\":\"async_pq\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"raid456,async_raid6_recov\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0119000\",\"name\":\"async_xor\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"raid456,async_raid6_recov,async_pq\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "async_xor", "address": "0xffffffffc0119000", + "name": "async_xor", "size": "16384", - "used_by": "raid456,async_raid6_recov,async_pq", - "status": "Live" + "status": "Live", + "used_by": "raid456,async_raid6_recov,async_pq" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0119000\",\"name\":\"async_xor\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"raid456,async_raid6_recov,async_pq\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0114000\",\"name\":\"async_tx\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"raid456,async_raid6_recov,async_memcpy,async_pq,async_xor\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "async_tx", "address": "0xffffffffc0114000", + "name": "async_tx", "size": "16384", - "used_by": "raid456,async_raid6_recov,async_memcpy,async_pq,async_xor", - "status": "Live" + "status": "Live", + "used_by": "raid456,async_raid6_recov,async_memcpy,async_pq,async_xor" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0114000\",\"name\":\"async_tx\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"raid456,async_raid6_recov,async_memcpy,async_pq,async_xor\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00b6000\",\"name\":\"xor\",\"size\":\"24576\",\"status\":\"Live\",\"used_by\":\"btrfs,async_xor\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 24576 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "xor", "address": "0xffffffffc00b6000", + "name": "xor", "size": "24576", - "used_by": "btrfs,async_xor", - "status": "Live" + "status": "Live", + "used_by": "btrfs,async_xor" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00b6000\",\"name\":\"xor\",\"size\":\"24576\",\"status\":\"Live\",\"used_by\":\"btrfs,async_xor\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0055000\",\"name\":\"raid6_pq\",\"size\":\"102400\",\"status\":\"Live\",\"used_by\":\"btrfs,raid456,async_raid6_recov,async_pq\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 102400 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "raid6_pq", "address": "0xffffffffc0055000", + "name": "raid6_pq", "size": "102400", - "used_by": "btrfs,raid456,async_raid6_recov,async_pq", - "status": "Live" + "status": "Live", + "used_by": "btrfs,raid456,async_raid6_recov,async_pq" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0055000\",\"name\":\"raid6_pq\",\"size\":\"102400\",\"status\":\"Live\",\"used_by\":\"btrfs,raid456,async_raid6_recov,async_pq\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc004d000\",\"name\":\"libcrc32c\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"xfs,raid456\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "libcrc32c", "address": "0xffffffffc004d000", + "name": "libcrc32c", "size": "16384", - "used_by": "xfs,raid456", - "status": "Live" + "status": "Live", + "used_by": "xfs,raid456" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc004d000\",\"name\":\"libcrc32c\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"xfs,raid456\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc003f000\",\"name\":\"raid1\",\"size\":\"36864\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 36864 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "raid1", "address": "0xffffffffc003f000", + "name": "raid1", "size": "36864", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc003f000\",\"name\":\"raid1\",\"size\":\"36864\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0008000\",\"name\":\"raid0\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 20480 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "raid0", "address": "0xffffffffc0008000", + "name": "raid0", "size": "20480", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0008000\",\"name\":\"raid0\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0000000\",\"name\":\"multipath\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "multipath", "address": "0xffffffffc0000000", + "name": "multipath", "size": "16384", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0000000\",\"name\":\"multipath\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0013000\",\"name\":\"linear\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "linear", "address": "0xffffffffc0013000", + "name": "linear", "size": "16384", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0013000\",\"name\":\"linear\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00e9000\",\"name\":\"crct10dif_pclmul\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "crct10dif_pclmul", "address": "0xffffffffc00e9000", + "name": "crct10dif_pclmul", "size": "16384", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00e9000\",\"name\":\"crct10dif_pclmul\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00cc000\",\"name\":\"crc32_pclmul\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "crc32_pclmul", "address": "0xffffffffc00cc000", + "name": "crc32_pclmul", "size": "16384", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00cc000\",\"name\":\"crc32_pclmul\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc008a000\",\"name\":\"ghash_clmulni_intel\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "ghash_clmulni_intel", "address": "0xffffffffc008a000", + "name": "ghash_clmulni_intel", "size": "16384", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc008a000\",\"name\":\"ghash_clmulni_intel\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0120000\",\"name\":\"aesni_intel\",\"size\":\"167936\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 167936 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "aesni_intel", "address": "0xffffffffc0120000", + "name": "aesni_intel", "size": "167936", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0120000\",\"name\":\"aesni_intel\",\"size\":\"167936\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc010e000\",\"name\":\"aes_x86_64\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"aesni_intel\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 20480 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "aes_x86_64", "address": "0xffffffffc010e000", + "name": "aes_x86_64", "size": "20480", - "used_by": "aesni_intel", - "status": "Live" + "status": "Live", + "used_by": "aesni_intel" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc010e000\",\"name\":\"aes_x86_64\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"aesni_intel\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0106000\",\"name\":\"lrw\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"aesni_intel\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "lrw", "address": "0xffffffffc0106000", + "name": "lrw", "size": "16384", - "used_by": "aesni_intel", - "status": "Live" + "status": "Live", + "used_by": "aesni_intel" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0106000\",\"name\":\"lrw\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"aesni_intel\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0101000\",\"name\":\"gf128mul\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"lrw\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "gf128mul", "address": "0xffffffffc0101000", + "name": "gf128mul", "size": "16384", - "used_by": "lrw", - "status": "Live" + "status": "Live", + "used_by": "lrw" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0101000\",\"name\":\"gf128mul\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"lrw\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00c7000\",\"name\":\"glue_helper\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"aesni_intel\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "glue_helper", "address": "0xffffffffc00c7000", + "name": "glue_helper", "size": "16384", - "used_by": "aesni_intel", - "status": "Live" + "status": "Live", + "used_by": "aesni_intel" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00c7000\",\"name\":\"glue_helper\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"aesni_intel\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00fa000\",\"name\":\"ablk_helper\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"aesni_intel\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 16384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "ablk_helper", "address": "0xffffffffc00fa000", + "name": "ablk_helper", "size": "16384", - "used_by": "aesni_intel", - "status": "Live" + "status": "Live", + "used_by": "aesni_intel" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00fa000\",\"name\":\"ablk_helper\",\"size\":\"16384\",\"status\":\"Live\",\"used_by\":\"aesni_intel\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00ef000\",\"name\":\"mptspi\",\"size\":\"24576\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 24576 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "mptspi", "address": "0xffffffffc00ef000", + "name": "mptspi", "size": "24576", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00ef000\",\"name\":\"mptspi\",\"size\":\"24576\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00e0000\",\"name\":\"scsi_transport_spi\",\"size\":\"32768\",\"status\":\"Live\",\"used_by\":\"mptspi\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 32768 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "scsi_transport_spi", "address": "0xffffffffc00e0000", + "name": "scsi_transport_spi", "size": "32768", - "used_by": "mptspi", - "status": "Live" + "status": "Live", + "used_by": "mptspi" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00e0000\",\"name\":\"scsi_transport_spi\",\"size\":\"32768\",\"status\":\"Live\",\"used_by\":\"mptspi\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00d1000\",\"name\":\"mptscsih\",\"size\":\"40960\",\"status\":\"Live\",\"used_by\":\"mptspi\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 40960 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "mptscsih", "address": "0xffffffffc00d1000", + "name": "mptscsih", "size": "40960", - "used_by": "mptspi", - "status": "Live" + "status": "Live", + "used_by": "mptspi" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00d1000\",\"name\":\"mptscsih\",\"size\":\"40960\",\"status\":\"Live\",\"used_by\":\"mptspi\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00bd000\",\"name\":\"cryptd\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"ghash_clmulni_intel,aesni_intel,ablk_helper\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 20480 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "cryptd", "address": "0xffffffffc00bd000", + "name": "cryptd", "size": "20480", - "used_by": "ghash_clmulni_intel,aesni_intel,ablk_helper", - "status": "Live" + "status": "Live", + "used_by": "ghash_clmulni_intel,aesni_intel,ablk_helper" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc00bd000\",\"name\":\"cryptd\",\"size\":\"20480\",\"status\":\"Live\",\"used_by\":\"ghash_clmulni_intel,aesni_intel,ablk_helper\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0091000\",\"name\":\"psmouse\",\"size\":\"131072\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 131072 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "psmouse", "address": "0xffffffffc0091000", + "name": "psmouse", "size": "131072", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0091000\",\"name\":\"psmouse\",\"size\":\"131072\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0070000\",\"name\":\"mptbase\",\"size\":\"102400\",\"status\":\"Live\",\"used_by\":\"mptspi,mptscsih\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 102400 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "mptbase", "address": "0xffffffffc0070000", + "name": "mptbase", "size": "102400", - "used_by": "mptspi,mptscsih", - "status": "Live" + "status": "Live", + "used_by": "mptspi,mptscsih" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" - ] - }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, - "rule": { - "name": "pack_it-compliance_kernel_modules" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc0070000\",\"name\":\"mptbase\",\"size\":\"102400\",\"status\":\"Live\",\"used_by\":\"mptspi,mptscsih\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ], + "user": [ + "ubuntu" + ] }, - "user": { - "name": "ubuntu" + "rule": { + "name": "pack_it-compliance_kernel_modules" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:15.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc001a000\",\"name\":\"e1000\",\"size\":\"135168\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", + "type": "info" + }, "file": { "size": 135168 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", "columns": { - "name": "e1000", "address": "0xffffffffc001a000", + "name": "e1000", "size": "135168", - "used_by": "-", - "status": "Live" + "status": "Live", + "used_by": "-" }, - "name": "pack_it-compliance_kernel_modules", - "unix_time": "1512669435", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:15 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_kernel_modules", + "unix_time": "1512669435" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_kernel_modules" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:15 2017 UTC\",\"columns\":{\"address\":\"0xffffffffc001a000\",\"name\":\"e1000\",\"size\":\"135168\",\"status\":\"Live\",\"used_by\":\"-\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_kernel_modules\",\"unixTime\":\"1512669435\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sda\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/sda" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sda\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sda1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"ce24233e-85c4-4f5b-a084-25bb2493ad65\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/sda1", "uuid": "ce24233e-85c4-4f5b-a084-25bb2493ad65" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sda1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"ce24233e-85c4-4f5b-a084-25bb2493ad65\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sdb\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"2017-08-31-09-16-31-00\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/sdb", "uuid": "2017-08-31-09-16-31-00" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sdb\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"2017-08-31-09-16-31-00\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop0\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop0" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop0\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop1" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop2\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop2" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop2\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop3\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop3" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop3\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop4\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop4" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop4\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop5\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop5" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop5\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop6\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop6" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop6\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop7\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop7" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop7\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"build\":\"\",\"codename\":\"xenial\",\"major\":\"16\",\"minor\":\"4\",\"name\":\"Ubuntu\",\"patch\":\"0\",\"platform\":\"ubuntu\",\"platform_like\":\"debian\",\"version\":\"16.04.3 LTS (Xenial Xerus)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_os_version\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { - "patch": "0", + "codename": "xenial", "major": "16", "minor": "4", - "codename": "xenial", "name": "Ubuntu", + "patch": "0", + "platform": "ubuntu", "platform_like": "debian", - "version": "16.04.3 LTS (Xenial Xerus)", - "platform": "ubuntu" + "version": "16.04.3 LTS (Xenial Xerus)" }, - "name": "pack_it-compliance_os_version", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_os_version", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" - ] - }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" + ], + "user": [ + "ubuntu" + ] }, "rule": { "name": "pack_it-compliance_os_version" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"build\":\"\",\"codename\":\"xenial\",\"major\":\"16\",\"minor\":\"4\",\"name\":\"Ubuntu\",\"patch\":\"0\",\"platform\":\"ubuntu\",\"platform_like\":\"debian\",\"version\":\"16.04.3 LTS (Xenial Xerus)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_os_version\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"build_distro\":\"xenial\",\"build_platform\":\"ubuntu\",\"config_hash\":\"316a3b407f3a225961bbcdb703efd3dc5d1a2d94\",\"config_valid\":\"1\",\"datetime\":\"2017-12-07T17:57:18Z\",\"day\":\"7\",\"extensions\":\"active\",\"hour\":\"17\",\"instance_id\":\"5a1e5efb-abc0-4230-9ec2-290e72fe098c\",\"iso_8601\":\"2017-12-07T17:57:18Z\",\"local_time\":\"1512669438\",\"local_timezone\":\"CET\",\"minutes\":\"57\",\"month\":\"12\",\"pid\":\"11550\",\"seconds\":\"18\",\"start_time\":\"1512669421\",\"timestamp\":\"Thu Dec 7 17:57:18 2017 UTC\",\"timezone\":\"GMT\",\"unix_time\":\"1512669438\",\"uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"version\":\"2.10.2\",\"watcher\":\"1\",\"weekday\":\"Thursday\",\"year\":\"2017\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_osquery_info\",\"unixTime\":\"1512669438\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", "columns": { - "year": "2017", - "timezone": "GMT", - "unix_time": "1512669438", - "weekday": "Thursday", - "config_valid": "1", - "pid": "11550", - "uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", + "build_distro": "xenial", "build_platform": "ubuntu", + "config_hash": "316a3b407f3a225961bbcdb703efd3dc5d1a2d94", + "config_valid": "1", "datetime": "2017-12-07T17:57:18Z", - "seconds": "18", + "day": "7", + "extensions": "active", "hour": "17", + "instance_id": "5a1e5efb-abc0-4230-9ec2-290e72fe098c", + "iso_8601": "2017-12-07T17:57:18Z", "local_time": "1512669438", "local_timezone": "CET", - "build_distro": "xenial", - "day": "7", - "timestamp": "Thu Dec 7 17:57:18 2017 UTC", - "watcher": "1", "minutes": "57", - "version": "2.10.2", - "config_hash": "316a3b407f3a225961bbcdb703efd3dc5d1a2d94", - "start_time": "1512669421", - "extensions": "active", - "instance_id": "5a1e5efb-abc0-4230-9ec2-290e72fe098c", "month": "12", - "iso_8601": "2017-12-07T17:57:18Z" + "pid": "11550", + "seconds": "18", + "start_time": "1512669421", + "timestamp": "Thu Dec 7 17:57:18 2017 UTC", + "timezone": "GMT", + "unix_time": "1512669438", + "uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", + "version": "2.10.2", + "watcher": "1", + "weekday": "Thursday", + "year": "2017" }, - "name": "pack_it-compliance_osquery_info", - "unix_time": "1512669438", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:18 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_osquery_info", + "unix_time": "1512669438" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_osquery_info" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:18 2017 UTC\",\"columns\":{\"build_distro\":\"xenial\",\"build_platform\":\"ubuntu\",\"config_hash\":\"316a3b407f3a225961bbcdb703efd3dc5d1a2d94\",\"config_valid\":\"1\",\"datetime\":\"2017-12-07T17:57:18Z\",\"day\":\"7\",\"extensions\":\"active\",\"hour\":\"17\",\"instance_id\":\"5a1e5efb-abc0-4230-9ec2-290e72fe098c\",\"iso_8601\":\"2017-12-07T17:57:18Z\",\"local_time\":\"1512669438\",\"local_timezone\":\"CET\",\"minutes\":\"57\",\"month\":\"12\",\"pid\":\"11550\",\"seconds\":\"18\",\"start_time\":\"1512669421\",\"timestamp\":\"Thu Dec 7 17:57:18 2017 UTC\",\"timezone\":\"GMT\",\"unix_time\":\"1512669438\",\"uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"version\":\"2.10.2\",\"watcher\":\"1\",\"weekday\":\"Thursday\",\"year\":\"2017\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_osquery_info\",\"unixTime\":\"1512669438\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sda\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/sda" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sda\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sda1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"ce24233e-85c4-4f5b-a084-25bb2493ad65\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/sda1", "uuid": "ce24233e-85c4-4f5b-a084-25bb2493ad65" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sda1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"ce24233e-85c4-4f5b-a084-25bb2493ad65\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sdb\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"2017-08-31-09-16-31-00\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/sdb", "uuid": "2017-08-31-09-16-31-00" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/sdb\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"2017-08-31-09-16-31-00\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop0\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop0" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop0\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop1" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop1\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop2\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop2" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop2\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop3\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop3" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop3\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop4\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop4" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop4\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop5\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop5" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop5\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop6\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop6" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_disk_encryption" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop6\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop7\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { "encrypted": "0", "name": "/dev/loop7" }, - "name": "pack_it-compliance_disk_encryption", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_disk_encryption", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" - ] - }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, - "rule": { - "name": "pack_it-compliance_disk_encryption" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"encrypted\":\"0\",\"name\":\"/dev/loop7\",\"type\":\"\",\"uid\":\"\",\"user_uuid\":\"\",\"uuid\":\"\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_disk_encryption\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ], + "user": [ + "ubuntu" + ] }, - "user": { - "name": "ubuntu" + "rule": { + "name": "pack_it-compliance_disk_encryption" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"build\":\"\",\"codename\":\"xenial\",\"major\":\"16\",\"minor\":\"4\",\"name\":\"Ubuntu\",\"patch\":\"0\",\"platform\":\"ubuntu\",\"platform_like\":\"debian\",\"version\":\"16.04.3 LTS (Xenial Xerus)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_os_version\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { - "patch": "0", + "codename": "xenial", "major": "16", "minor": "4", - "codename": "xenial", "name": "Ubuntu", + "patch": "0", + "platform": "ubuntu", "platform_like": "debian", - "version": "16.04.3 LTS (Xenial Xerus)", - "platform": "ubuntu" + "version": "16.04.3 LTS (Xenial Xerus)" }, - "name": "pack_it-compliance_os_version", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_os_version", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_os_version" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"build\":\"\",\"codename\":\"xenial\",\"major\":\"16\",\"minor\":\"4\",\"name\":\"Ubuntu\",\"patch\":\"0\",\"platform\":\"ubuntu\",\"platform_like\":\"debian\",\"version\":\"16.04.3 LTS (Xenial Xerus)\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_os_version\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"build_distro\":\"xenial\",\"build_platform\":\"ubuntu\",\"config_hash\":\"316a3b407f3a225961bbcdb703efd3dc5d1a2d94\",\"config_valid\":\"1\",\"datetime\":\"2017-12-07T17:57:19Z\",\"day\":\"7\",\"extensions\":\"active\",\"hour\":\"17\",\"instance_id\":\"5a1e5efb-abc0-4230-9ec2-290e72fe098c\",\"iso_8601\":\"2017-12-07T17:57:19Z\",\"local_time\":\"1512669439\",\"local_timezone\":\"CET\",\"minutes\":\"57\",\"month\":\"12\",\"pid\":\"11631\",\"seconds\":\"19\",\"start_time\":\"1512669436\",\"timestamp\":\"Thu Dec 7 17:57:19 2017 UTC\",\"timezone\":\"GMT\",\"unix_time\":\"1512669439\",\"uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"version\":\"2.10.2\",\"watcher\":\"11629\",\"weekday\":\"Thursday\",\"year\":\"2017\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_osquery_info\",\"unixTime\":\"1512669439\"}", + "type": "info" + }, + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", "columns": { - "year": "2017", - "timezone": "GMT", - "unix_time": "1512669439", - "weekday": "Thursday", - "config_valid": "1", - "pid": "11631", - "uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", + "build_distro": "xenial", "build_platform": "ubuntu", + "config_hash": "316a3b407f3a225961bbcdb703efd3dc5d1a2d94", + "config_valid": "1", "datetime": "2017-12-07T17:57:19Z", - "seconds": "19", + "day": "7", + "extensions": "active", "hour": "17", + "instance_id": "5a1e5efb-abc0-4230-9ec2-290e72fe098c", + "iso_8601": "2017-12-07T17:57:19Z", "local_time": "1512669439", "local_timezone": "CET", - "build_distro": "xenial", - "day": "7", - "timestamp": "Thu Dec 7 17:57:19 2017 UTC", - "watcher": "11629", "minutes": "57", - "version": "2.10.2", - "config_hash": "316a3b407f3a225961bbcdb703efd3dc5d1a2d94", - "start_time": "1512669436", - "extensions": "active", - "instance_id": "5a1e5efb-abc0-4230-9ec2-290e72fe098c", "month": "12", - "iso_8601": "2017-12-07T17:57:19Z" + "pid": "11631", + "seconds": "19", + "start_time": "1512669436", + "timestamp": "Thu Dec 7 17:57:19 2017 UTC", + "timezone": "GMT", + "unix_time": "1512669439", + "uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", + "version": "2.10.2", + "watcher": "11629", + "weekday": "Thursday", + "year": "2017" }, - "name": "pack_it-compliance_osquery_info", - "unix_time": "1512669439", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:19 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_osquery_info", + "unix_time": "1512669439" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_osquery_info" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:19 2017 UTC\",\"columns\":{\"build_distro\":\"xenial\",\"build_platform\":\"ubuntu\",\"config_hash\":\"316a3b407f3a225961bbcdb703efd3dc5d1a2d94\",\"config_valid\":\"1\",\"datetime\":\"2017-12-07T17:57:19Z\",\"day\":\"7\",\"extensions\":\"active\",\"hour\":\"17\",\"instance_id\":\"5a1e5efb-abc0-4230-9ec2-290e72fe098c\",\"iso_8601\":\"2017-12-07T17:57:19Z\",\"local_time\":\"1512669439\",\"local_timezone\":\"CET\",\"minutes\":\"57\",\"month\":\"12\",\"pid\":\"11631\",\"seconds\":\"19\",\"start_time\":\"1512669436\",\"timestamp\":\"Thu Dec 7 17:57:19 2017 UTC\",\"timezone\":\"GMT\",\"unix_time\":\"1512669439\",\"uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"version\":\"2.10.2\",\"watcher\":\"11629\",\"weekday\":\"Thursday\",\"year\":\"2017\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_osquery_info\",\"unixTime\":\"1512669439\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"sysfs\",\"device_alias\":\"sysfs\",\"flags\":\"rw,nosuid,nodev,noexec,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys\",\"type\":\"sysfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "sysfs", - "path": "/sys" + "path": "/sys", + "type": "sysfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "sysfs", + "blocks_free": "0", + "blocks_size": "4096", "device": "sysfs", "device_alias": "sysfs", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime", + "inodes": "0", + "inodes_free": "0", + "path": "/sys", + "type": "sysfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"sysfs\",\"device_alias\":\"sysfs\",\"flags\":\"rw,nosuid,nodev,noexec,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys\",\"type\":\"sysfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"proc\",\"device_alias\":\"/proc\",\"flags\":\"rw,nosuid,nodev,noexec,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/proc\",\"type\":\"proc\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "proc", - "path": "/proc" + "path": "/proc", + "type": "proc" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/proc", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "proc", + "blocks_free": "0", + "blocks_size": "4096", "device": "proc", "device_alias": "/proc", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime", + "inodes": "0", + "inodes_free": "0", + "path": "/proc", + "type": "proc" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"proc\",\"device_alias\":\"/proc\",\"flags\":\"rw,nosuid,nodev,noexec,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/proc\",\"type\":\"proc\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"124670\",\"blocks_available\":\"124670\",\"blocks_free\":\"124670\",\"blocks_size\":\"4096\",\"device\":\"udev\",\"device_alias\":\"udev\",\"flags\":\"rw,nosuid,relatime,size=498680k,nr_inodes=124670,mode=755\",\"inodes\":\"124670\",\"inodes_free\":\"124285\",\"path\":\"/dev\",\"type\":\"devtmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "devtmpfs", - "path": "/dev" + "path": "/dev", + "type": "devtmpfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/dev", "blocks": "124670", - "inodes": "124670", - "flags": "rw,nosuid,relatime,size=498680k,nr_inodes=124670,mode=755", - "inodes_free": "124285", - "blocks_size": "4096", "blocks_available": "124670", - "type": "devtmpfs", + "blocks_free": "124670", + "blocks_size": "4096", "device": "udev", "device_alias": "udev", - "blocks_free": "124670" + "flags": "rw,nosuid,relatime,size=498680k,nr_inodes=124670,mode=755", + "inodes": "124670", + "inodes_free": "124285", + "path": "/dev", + "type": "devtmpfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"124670\",\"blocks_available\":\"124670\",\"blocks_free\":\"124670\",\"blocks_size\":\"4096\",\"device\":\"udev\",\"device_alias\":\"udev\",\"flags\":\"rw,nosuid,relatime,size=498680k,nr_inodes=124670,mode=755\",\"inodes\":\"124670\",\"inodes_free\":\"124285\",\"path\":\"/dev\",\"type\":\"devtmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"devpts\",\"device_alias\":\"devpts\",\"flags\":\"rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/dev/pts\",\"type\":\"devpts\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "devpts", - "path": "/dev/pts" + "path": "/dev/pts", + "type": "devpts" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/dev/pts", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "devpts", + "blocks_free": "0", + "blocks_size": "4096", "device": "devpts", "device_alias": "devpts", - "blocks_free": "0" + "flags": "rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000", + "inodes": "0", + "inodes_free": "0", + "path": "/dev/pts", + "type": "devpts" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"devpts\",\"device_alias\":\"devpts\",\"flags\":\"rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/dev/pts\",\"type\":\"devpts\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"25399\",\"blocks_available\":\"24296\",\"blocks_free\":\"24296\",\"blocks_size\":\"4096\",\"device\":\"tmpfs\",\"device_alias\":\"tmpfs\",\"flags\":\"rw,nosuid,noexec,relatime,size=101596k,mode=755\",\"inodes\":\"126992\",\"inodes_free\":\"126503\",\"path\":\"/run\",\"type\":\"tmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "tmpfs", - "path": "/run" + "path": "/run", + "type": "tmpfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/run", "blocks": "25399", - "inodes": "126992", - "flags": "rw,nosuid,noexec,relatime,size=101596k,mode=755", - "inodes_free": "126503", - "blocks_size": "4096", "blocks_available": "24296", - "type": "tmpfs", + "blocks_free": "24296", + "blocks_size": "4096", "device": "tmpfs", "device_alias": "tmpfs", - "blocks_free": "24296" + "flags": "rw,nosuid,noexec,relatime,size=101596k,mode=755", + "inodes": "126992", + "inodes_free": "126503", + "path": "/run", + "type": "tmpfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"25399\",\"blocks_available\":\"24296\",\"blocks_free\":\"24296\",\"blocks_size\":\"4096\",\"device\":\"tmpfs\",\"device_alias\":\"tmpfs\",\"flags\":\"rw,nosuid,noexec,relatime,size=101596k,mode=755\",\"inodes\":\"126992\",\"inodes_free\":\"126503\",\"path\":\"/run\",\"type\":\"tmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"2524617\",\"blocks_available\":\"1982549\",\"blocks_free\":\"1986645\",\"blocks_size\":\"4096\",\"device\":\"/dev/sda1\",\"device_alias\":\"/dev/sda1\",\"flags\":\"rw,relatime,data=ordered\",\"inodes\":\"1280000\",\"inodes_free\":\"1159125\",\"path\":\"/\",\"type\":\"ext4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "ext4", - "path": "/" + "path": "/", + "type": "ext4" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/", "blocks": "2524617", - "inodes": "1280000", - "flags": "rw,relatime,data=ordered", - "inodes_free": "1159125", - "blocks_size": "4096", "blocks_available": "1982549", - "type": "ext4", + "blocks_free": "1986645", + "blocks_size": "4096", "device": "/dev/sda1", "device_alias": "/dev/sda1", - "blocks_free": "1986645" + "flags": "rw,relatime,data=ordered", + "inodes": "1280000", + "inodes_free": "1159125", + "path": "/", + "type": "ext4" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"2524617\",\"blocks_available\":\"1982549\",\"blocks_free\":\"1986645\",\"blocks_size\":\"4096\",\"device\":\"/dev/sda1\",\"device_alias\":\"/dev/sda1\",\"flags\":\"rw,relatime,data=ordered\",\"inodes\":\"1280000\",\"inodes_free\":\"1159125\",\"path\":\"/\",\"type\":\"ext4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"securityfs\",\"device_alias\":\"securityfs\",\"flags\":\"rw,nosuid,nodev,noexec,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/kernel/security\",\"type\":\"securityfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "securityfs", - "path": "/sys/kernel/security" + "path": "/sys/kernel/security", + "type": "securityfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/kernel/security", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "securityfs", + "blocks_free": "0", + "blocks_size": "4096", "device": "securityfs", "device_alias": "securityfs", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/kernel/security", + "type": "securityfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"securityfs\",\"device_alias\":\"securityfs\",\"flags\":\"rw,nosuid,nodev,noexec,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/kernel/security\",\"type\":\"securityfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"126992\",\"blocks_available\":\"126992\",\"blocks_free\":\"126992\",\"blocks_size\":\"4096\",\"device\":\"tmpfs\",\"device_alias\":\"tmpfs\",\"flags\":\"rw,nosuid,nodev\",\"inodes\":\"126992\",\"inodes_free\":\"126991\",\"path\":\"/dev/shm\",\"type\":\"tmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "tmpfs", - "path": "/dev/shm" + "path": "/dev/shm", + "type": "tmpfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/dev/shm", "blocks": "126992", - "inodes": "126992", - "flags": "rw,nosuid,nodev", - "inodes_free": "126991", - "blocks_size": "4096", "blocks_available": "126992", - "type": "tmpfs", + "blocks_free": "126992", + "blocks_size": "4096", "device": "tmpfs", "device_alias": "tmpfs", - "blocks_free": "126992" + "flags": "rw,nosuid,nodev", + "inodes": "126992", + "inodes_free": "126991", + "path": "/dev/shm", + "type": "tmpfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"126992\",\"blocks_available\":\"126992\",\"blocks_free\":\"126992\",\"blocks_size\":\"4096\",\"device\":\"tmpfs\",\"device_alias\":\"tmpfs\",\"flags\":\"rw,nosuid,nodev\",\"inodes\":\"126992\",\"inodes_free\":\"126991\",\"path\":\"/dev/shm\",\"type\":\"tmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"1280\",\"blocks_available\":\"1280\",\"blocks_free\":\"1280\",\"blocks_size\":\"4096\",\"device\":\"tmpfs\",\"device_alias\":\"tmpfs\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,size=5120k\",\"inodes\":\"126992\",\"inodes_free\":\"126989\",\"path\":\"/run/lock\",\"type\":\"tmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "tmpfs", - "path": "/run/lock" + "path": "/run/lock", + "type": "tmpfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/run/lock", "blocks": "1280", - "inodes": "126992", - "flags": "rw,nosuid,nodev,noexec,relatime,size=5120k", - "inodes_free": "126989", - "blocks_size": "4096", "blocks_available": "1280", - "type": "tmpfs", + "blocks_free": "1280", + "blocks_size": "4096", "device": "tmpfs", "device_alias": "tmpfs", - "blocks_free": "1280" + "flags": "rw,nosuid,nodev,noexec,relatime,size=5120k", + "inodes": "126992", + "inodes_free": "126989", + "path": "/run/lock", + "type": "tmpfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"1280\",\"blocks_available\":\"1280\",\"blocks_free\":\"1280\",\"blocks_size\":\"4096\",\"device\":\"tmpfs\",\"device_alias\":\"tmpfs\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,size=5120k\",\"inodes\":\"126992\",\"inodes_free\":\"126989\",\"path\":\"/run/lock\",\"type\":\"tmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"126992\",\"blocks_available\":\"126992\",\"blocks_free\":\"126992\",\"blocks_size\":\"4096\",\"device\":\"tmpfs\",\"device_alias\":\"tmpfs\",\"flags\":\"ro,nosuid,nodev,noexec,mode=755\",\"inodes\":\"126992\",\"inodes_free\":\"126976\",\"path\":\"/sys/fs/cgroup\",\"type\":\"tmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "tmpfs", - "path": "/sys/fs/cgroup" + "path": "/sys/fs/cgroup", + "type": "tmpfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup", "blocks": "126992", - "inodes": "126992", - "flags": "ro,nosuid,nodev,noexec,mode=755", - "inodes_free": "126976", - "blocks_size": "4096", "blocks_available": "126992", - "type": "tmpfs", + "blocks_free": "126992", + "blocks_size": "4096", "device": "tmpfs", "device_alias": "tmpfs", - "blocks_free": "126992" + "flags": "ro,nosuid,nodev,noexec,mode=755", + "inodes": "126992", + "inodes_free": "126976", + "path": "/sys/fs/cgroup", + "type": "tmpfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"126992\",\"blocks_available\":\"126992\",\"blocks_free\":\"126992\",\"blocks_size\":\"4096\",\"device\":\"tmpfs\",\"device_alias\":\"tmpfs\",\"flags\":\"ro,nosuid,nodev,noexec,mode=755\",\"inodes\":\"126992\",\"inodes_free\":\"126976\",\"path\":\"/sys/fs/cgroup\",\"type\":\"tmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/systemd\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/systemd" + "path": "/sys/fs/cgroup/systemd", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/systemd", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/systemd", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/systemd\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"pstore\",\"device_alias\":\"pstore\",\"flags\":\"rw,nosuid,nodev,noexec,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/pstore\",\"type\":\"pstore\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "pstore", - "path": "/sys/fs/pstore" + "path": "/sys/fs/pstore", + "type": "pstore" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/pstore", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "pstore", + "blocks_free": "0", + "blocks_size": "4096", "device": "pstore", "device_alias": "pstore", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/pstore", + "type": "pstore" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"pstore\",\"device_alias\":\"pstore\",\"flags\":\"rw,nosuid,nodev,noexec,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/pstore\",\"type\":\"pstore\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,cpu,cpuacct\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/cpu,cpuacct\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/cpu,cpuacct" + "path": "/sys/fs/cgroup/cpu,cpuacct", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/cpu,cpuacct", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,cpu,cpuacct", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,cpu,cpuacct", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/cpu,cpuacct", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,cpu,cpuacct\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/cpu,cpuacct\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,perf_event\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/perf_event\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/perf_event" + "path": "/sys/fs/cgroup/perf_event", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/perf_event", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,perf_event", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,perf_event", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/perf_event", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,perf_event\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/perf_event\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,pids\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/pids\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/pids" + "path": "/sys/fs/cgroup/pids", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/pids", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,pids", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,pids", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/pids", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,pids\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/pids\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,cpuset\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/cpuset\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/cpuset" + "path": "/sys/fs/cgroup/cpuset", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/cpuset", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,cpuset", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,cpuset", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/cpuset", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,cpuset\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/cpuset\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,blkio\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/blkio\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/blkio" + "path": "/sys/fs/cgroup/blkio", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/blkio", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,blkio", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,blkio", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/blkio", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,blkio\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/blkio\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,freezer\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/freezer\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/freezer" + "path": "/sys/fs/cgroup/freezer", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/freezer", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,freezer", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,freezer", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/freezer", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } - }, - "related": { - "user": [ - "ubuntu" - ], + }, + "related": { "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,freezer\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/freezer\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,memory\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/memory\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/memory" + "path": "/sys/fs/cgroup/memory", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/memory", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,memory", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,memory", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/memory", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,memory\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/memory\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,net_cls,net_prio\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/net_cls,net_prio\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/net_cls,net_prio" + "path": "/sys/fs/cgroup/net_cls,net_prio", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/net_cls,net_prio", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,net_cls,net_prio", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,net_cls,net_prio", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/net_cls,net_prio", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,net_cls,net_prio\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/net_cls,net_prio\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,devices\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/devices\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/devices" + "path": "/sys/fs/cgroup/devices", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/devices", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,devices", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,devices", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/devices", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,devices\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/devices\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,hugetlb\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/hugetlb\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "cgroup", - "path": "/sys/fs/cgroup/hugetlb" + "path": "/sys/fs/cgroup/hugetlb", + "type": "cgroup" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/cgroup/hugetlb", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,noexec,relatime,hugetlb", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "cgroup", + "blocks_free": "0", + "blocks_size": "4096", "device": "cgroup", "device_alias": "cgroup", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,noexec,relatime,hugetlb", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/cgroup/hugetlb", + "type": "cgroup" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"cgroup\",\"device_alias\":\"cgroup\",\"flags\":\"rw,nosuid,nodev,noexec,relatime,hugetlb\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/cgroup/hugetlb\",\"type\":\"cgroup\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"2097152\",\"device\":\"hugetlbfs\",\"device_alias\":\"hugetlbfs\",\"flags\":\"rw,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/dev/hugepages\",\"type\":\"hugetlbfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "hugetlbfs", - "path": "/dev/hugepages" + "path": "/dev/hugepages", + "type": "hugetlbfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/dev/hugepages", "blocks": "0", - "inodes": "0", - "flags": "rw,relatime", - "inodes_free": "0", - "blocks_size": "2097152", "blocks_available": "0", - "type": "hugetlbfs", + "blocks_free": "0", + "blocks_size": "2097152", "device": "hugetlbfs", "device_alias": "hugetlbfs", - "blocks_free": "0" + "flags": "rw,relatime", + "inodes": "0", + "inodes_free": "0", + "path": "/dev/hugepages", + "type": "hugetlbfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"2097152\",\"device\":\"hugetlbfs\",\"device_alias\":\"hugetlbfs\",\"flags\":\"rw,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/dev/hugepages\",\"type\":\"hugetlbfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"debugfs\",\"device_alias\":\"debugfs\",\"flags\":\"rw,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/kernel/debug\",\"type\":\"debugfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "debugfs", - "path": "/sys/kernel/debug" + "path": "/sys/kernel/debug", + "type": "debugfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/kernel/debug", "blocks": "0", - "inodes": "0", - "flags": "rw,relatime", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "debugfs", + "blocks_free": "0", + "blocks_size": "4096", "device": "debugfs", "device_alias": "debugfs", - "blocks_free": "0" + "flags": "rw,relatime", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/kernel/debug", + "type": "debugfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"debugfs\",\"device_alias\":\"debugfs\",\"flags\":\"rw,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/kernel/debug\",\"type\":\"debugfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"systemd-1\",\"device_alias\":\"systemd-1\",\"flags\":\"rw,relatime,fd=31,pgrp=1,timeout=0,minproto=5,maxproto=5,direct\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/proc/sys/fs/binfmt_misc\",\"type\":\"autofs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "autofs", - "path": "/proc/sys/fs/binfmt_misc" + "path": "/proc/sys/fs/binfmt_misc", + "type": "autofs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/proc/sys/fs/binfmt_misc", "blocks": "0", - "inodes": "0", - "flags": "rw,relatime,fd=31,pgrp=1,timeout=0,minproto=5,maxproto=5,direct", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "autofs", + "blocks_free": "0", + "blocks_size": "4096", "device": "systemd-1", "device_alias": "systemd-1", - "blocks_free": "0" + "flags": "rw,relatime,fd=31,pgrp=1,timeout=0,minproto=5,maxproto=5,direct", + "inodes": "0", + "inodes_free": "0", + "path": "/proc/sys/fs/binfmt_misc", + "type": "autofs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"systemd-1\",\"device_alias\":\"systemd-1\",\"flags\":\"rw,relatime,fd=31,pgrp=1,timeout=0,minproto=5,maxproto=5,direct\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/proc/sys/fs/binfmt_misc\",\"type\":\"autofs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"mqueue\",\"device_alias\":\"mqueue\",\"flags\":\"rw,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/dev/mqueue\",\"type\":\"mqueue\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "mqueue", - "path": "/dev/mqueue" + "path": "/dev/mqueue", + "type": "mqueue" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/dev/mqueue", "blocks": "0", - "inodes": "0", - "flags": "rw,relatime", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "mqueue", + "blocks_free": "0", + "blocks_size": "4096", "device": "mqueue", "device_alias": "mqueue", - "blocks_free": "0" + "flags": "rw,relatime", + "inodes": "0", + "inodes_free": "0", + "path": "/dev/mqueue", + "type": "mqueue" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"mqueue\",\"device_alias\":\"mqueue\",\"flags\":\"rw,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/dev/mqueue\",\"type\":\"mqueue\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"fusectl\",\"device_alias\":\"fusectl\",\"flags\":\"rw,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/fuse/connections\",\"type\":\"fusectl\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "fusectl", - "path": "/sys/fs/fuse/connections" + "path": "/sys/fs/fuse/connections", + "type": "fusectl" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/sys/fs/fuse/connections", "blocks": "0", - "inodes": "0", - "flags": "rw,relatime", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "fusectl", + "blocks_free": "0", + "blocks_size": "4096", "device": "fusectl", "device_alias": "fusectl", - "blocks_free": "0" + "flags": "rw,relatime", + "inodes": "0", + "inodes_free": "0", + "path": "/sys/fs/fuse/connections", + "type": "fusectl" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"fusectl\",\"device_alias\":\"fusectl\",\"flags\":\"rw,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/sys/fs/fuse/connections\",\"type\":\"fusectl\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"512\",\"device\":\"lxcfs\",\"device_alias\":\"lxcfs\",\"flags\":\"rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/var/lib/lxcfs\",\"type\":\"fuse.lxcfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "fuse.lxcfs", - "path": "/var/lib/lxcfs" + "path": "/var/lib/lxcfs", + "type": "fuse.lxcfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/var/lib/lxcfs", "blocks": "0", - "inodes": "0", - "flags": "rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other", - "inodes_free": "0", - "blocks_size": "512", "blocks_available": "0", - "type": "fuse.lxcfs", + "blocks_free": "0", + "blocks_size": "512", "device": "lxcfs", "device_alias": "lxcfs", - "blocks_free": "0" + "flags": "rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other", + "inodes": "0", + "inodes_free": "0", + "path": "/var/lib/lxcfs", + "type": "fuse.lxcfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"512\",\"device\":\"lxcfs\",\"device_alias\":\"lxcfs\",\"flags\":\"rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/var/lib/lxcfs\",\"type\":\"fuse.lxcfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"85810244\",\"blocks_free\":\"85810244\",\"blocks_size\":\"4096\",\"device\":\"vagrant\",\"device_alias\":\"/vagrant\",\"flags\":\"rw,nodev,relatime\",\"inodes\":\"1000\",\"inodes_free\":\"1000\",\"path\":\"/vagrant\",\"type\":\"vboxsf\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "vboxsf", - "path": "/vagrant" + "path": "/vagrant", + "type": "vboxsf" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/vagrant", "blocks": "122061322", - "inodes": "1000", - "flags": "rw,nodev,relatime", - "inodes_free": "1000", - "blocks_size": "4096", "blocks_available": "85810244", - "type": "vboxsf", + "blocks_free": "85810244", + "blocks_size": "4096", "device": "vagrant", "device_alias": "/vagrant", - "blocks_free": "85810244" + "flags": "rw,nodev,relatime", + "inodes": "1000", + "inodes_free": "1000", + "path": "/vagrant", + "type": "vboxsf" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"122061322\",\"blocks_available\":\"85810244\",\"blocks_free\":\"85810244\",\"blocks_size\":\"4096\",\"device\":\"vagrant\",\"device_alias\":\"/vagrant\",\"flags\":\"rw,nodev,relatime\",\"inodes\":\"1000\",\"inodes_free\":\"1000\",\"path\":\"/vagrant\",\"type\":\"vboxsf\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"25399\",\"blocks_available\":\"25399\",\"blocks_free\":\"25399\",\"blocks_size\":\"4096\",\"device\":\"tmpfs\",\"device_alias\":\"tmpfs\",\"flags\":\"rw,nosuid,nodev,relatime,size=101596k,mode=700,uid=1000,gid=1000\",\"inodes\":\"126992\",\"inodes_free\":\"126988\",\"path\":\"/run/user/1000\",\"type\":\"tmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "tmpfs", - "path": "/run/user/1000" + "path": "/run/user/1000", + "type": "tmpfs" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/run/user/1000", "blocks": "25399", - "inodes": "126992", - "flags": "rw,nosuid,nodev,relatime,size=101596k,mode=700,uid=1000,gid=1000", - "inodes_free": "126988", - "blocks_size": "4096", "blocks_available": "25399", - "type": "tmpfs", + "blocks_free": "25399", + "blocks_size": "4096", "device": "tmpfs", "device_alias": "tmpfs", - "blocks_free": "25399" + "flags": "rw,nosuid,nodev,relatime,size=101596k,mode=700,uid=1000,gid=1000", + "inodes": "126992", + "inodes_free": "126988", + "path": "/run/user/1000", + "type": "tmpfs" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"25399\",\"blocks_available\":\"25399\",\"blocks_free\":\"25399\",\"blocks_size\":\"4096\",\"device\":\"tmpfs\",\"device_alias\":\"tmpfs\",\"flags\":\"rw,nosuid,nodev,relatime,size=101596k,mode=700,uid=1000,gid=1000\",\"inodes\":\"126992\",\"inodes_free\":\"126988\",\"path\":\"/run/user/1000\",\"type\":\"tmpfs\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:21.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"binfmt_misc\",\"device_alias\":\"binfmt_misc\",\"flags\":\"rw,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/proc/sys/fs/binfmt_misc\",\"type\":\"binfmt_misc\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", + "type": "info" + }, "file": { - "type": "binfmt_misc", - "path": "/proc/sys/fs/binfmt_misc" + "path": "/proc/sys/fs/binfmt_misc", + "type": "binfmt_misc" }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", "columns": { - "path": "/proc/sys/fs/binfmt_misc", "blocks": "0", - "inodes": "0", - "flags": "rw,relatime", - "inodes_free": "0", - "blocks_size": "4096", "blocks_available": "0", - "type": "binfmt_misc", + "blocks_free": "0", + "blocks_size": "4096", "device": "binfmt_misc", "device_alias": "binfmt_misc", - "blocks_free": "0" + "flags": "rw,relatime", + "inodes": "0", + "inodes_free": "0", + "path": "/proc/sys/fs/binfmt_misc", + "type": "binfmt_misc" }, - "name": "pack_it-compliance_mounts", - "unix_time": "1512669441", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:21 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_mounts", + "unix_time": "1512669441" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_mounts" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:21 2017 UTC\",\"columns\":{\"blocks\":\"0\",\"blocks_available\":\"0\",\"blocks_free\":\"0\",\"blocks_size\":\"4096\",\"device\":\"binfmt_misc\",\"device_alias\":\"binfmt_misc\",\"flags\":\"rw,relatime\",\"inodes\":\"0\",\"inodes_free\":\"0\",\"path\":\"/proc/sys/fs/binfmt_misc\",\"type\":\"binfmt_misc\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_mounts\",\"unixTime\":\"1512669441\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"accountsservice\",\"revision\":\"2ubuntu11.3\",\"size\":\"428\",\"source\":\"\",\"version\":\"0.6.40-2ubuntu11.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 428 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "accountsservice", "arch": "amd64", + "name": "accountsservice", + "revision": "2ubuntu11.3", "size": "428", - "version": "0.6.40-2ubuntu11.3", - "revision": "2ubuntu11.3" + "version": "0.6.40-2ubuntu11.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"accountsservice\",\"revision\":\"2ubuntu11.3\",\"size\":\"428\",\"source\":\"\",\"version\":\"0.6.40-2ubuntu11.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"acl\",\"revision\":\"3\",\"size\":\"200\",\"source\":\"\",\"version\":\"2.2.52-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 200 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "acl", "arch": "amd64", + "name": "acl", + "revision": "3", "size": "200", - "version": "2.2.52-3", - "revision": "3" + "version": "2.2.52-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"acl\",\"revision\":\"3\",\"size\":\"200\",\"source\":\"\",\"version\":\"2.2.52-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"acpid\",\"revision\":\"1ubuntu2\",\"size\":\"134\",\"source\":\"\",\"version\":\"1:2.0.26-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 134 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "acpid", "arch": "amd64", + "name": "acpid", + "revision": "1ubuntu2", "size": "134", - "version": "1:2.0.26-1ubuntu2", - "revision": "1ubuntu2" + "version": "1:2.0.26-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"acpid\",\"revision\":\"1ubuntu2\",\"size\":\"134\",\"source\":\"\",\"version\":\"1:2.0.26-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"adduser\",\"revision\":\"\",\"size\":\"648\",\"source\":\"\",\"version\":\"3.113+nmu3ubuntu4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 648 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "adduser", "arch": "all", + "name": "adduser", "size": "648", "version": "3.113+nmu3ubuntu4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"adduser\",\"revision\":\"\",\"size\":\"648\",\"source\":\"\",\"version\":\"3.113+nmu3ubuntu4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"apparmor\",\"revision\":\"0ubuntu2.6\",\"size\":\"1649\",\"source\":\"\",\"version\":\"2.10.95-0ubuntu2.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1649 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "apparmor", "arch": "amd64", + "name": "apparmor", + "revision": "0ubuntu2.6", "size": "1649", - "version": "2.10.95-0ubuntu2.6", - "revision": "0ubuntu2.6" + "version": "2.10.95-0ubuntu2.6" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"apparmor\",\"revision\":\"0ubuntu2.6\",\"size\":\"1649\",\"source\":\"\",\"version\":\"2.10.95-0ubuntu2.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"apport\",\"revision\":\"0ubuntu2.13\",\"size\":\"760\",\"source\":\"\",\"version\":\"2.20.1-0ubuntu2.13\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 760 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "apport", "arch": "all", + "name": "apport", + "revision": "0ubuntu2.13", "size": "760", - "version": "2.20.1-0ubuntu2.13", - "revision": "0ubuntu2.13" + "version": "2.20.1-0ubuntu2.13" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"apport\",\"revision\":\"0ubuntu2.13\",\"size\":\"760\",\"source\":\"\",\"version\":\"2.20.1-0ubuntu2.13\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"apport-symptoms\",\"revision\":\"\",\"size\":\"75\",\"source\":\"\",\"version\":\"0.20\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 75 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "apport-symptoms", "arch": "all", + "name": "apport-symptoms", "size": "75", "version": "0.20" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"apport-symptoms\",\"revision\":\"\",\"size\":\"75\",\"source\":\"\",\"version\":\"0.20\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"apt\",\"revision\":\"\",\"size\":\"3349\",\"source\":\"\",\"version\":\"1.2.24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 3349 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "apt", "arch": "amd64", + "name": "apt", "size": "3349", "version": "1.2.24" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" - ] - }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, - "rule": { - "name": "pack_it-compliance_deb_packages" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"apt\",\"revision\":\"\",\"size\":\"3349\",\"source\":\"\",\"version\":\"1.2.24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ], + "user": [ + "ubuntu" + ] }, - "user": { - "name": "ubuntu" + "rule": { + "name": "pack_it-compliance_deb_packages" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"apt-transport-https\",\"revision\":\"\",\"size\":\"210\",\"source\":\"apt\",\"version\":\"1.2.24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 210 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "apt-transport-https", "arch": "amd64", - "source": "apt", + "name": "apt-transport-https", "size": "210", + "source": "apt", "version": "1.2.24" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"apt-transport-https\",\"revision\":\"\",\"size\":\"210\",\"source\":\"apt\",\"version\":\"1.2.24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"apt-utils\",\"revision\":\"\",\"size\":\"716\",\"source\":\"apt\",\"version\":\"1.2.24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 716 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "apt-utils", "arch": "amd64", - "source": "apt", + "name": "apt-utils", "size": "716", + "source": "apt", "version": "1.2.24" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"apt-utils\",\"revision\":\"\",\"size\":\"716\",\"source\":\"apt\",\"version\":\"1.2.24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"at\",\"revision\":\"2ubuntu1\",\"size\":\"150\",\"source\":\"\",\"version\":\"3.1.18-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 150 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "at", "arch": "amd64", + "name": "at", + "revision": "2ubuntu1", "size": "150", - "version": "3.1.18-2ubuntu1", - "revision": "2ubuntu1" + "version": "3.1.18-2ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"at\",\"revision\":\"2ubuntu1\",\"size\":\"150\",\"source\":\"\",\"version\":\"3.1.18-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"base-files\",\"revision\":\"\",\"size\":\"312\",\"source\":\"\",\"version\":\"9.4ubuntu4.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 312 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "base-files", "arch": "amd64", + "name": "base-files", "size": "312", "version": "9.4ubuntu4.5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"base-files\",\"revision\":\"\",\"size\":\"312\",\"source\":\"\",\"version\":\"9.4ubuntu4.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"base-passwd\",\"revision\":\"\",\"size\":\"219\",\"source\":\"\",\"version\":\"3.5.39\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 219 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "base-passwd", "arch": "amd64", + "name": "base-passwd", "size": "219", "version": "3.5.39" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"base-passwd\",\"revision\":\"\",\"size\":\"219\",\"source\":\"\",\"version\":\"3.5.39\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bash\",\"revision\":\"14ubuntu1.2\",\"size\":\"1500\",\"source\":\"\",\"version\":\"4.3-14ubuntu1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1500 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "bash", "arch": "amd64", + "name": "bash", + "revision": "14ubuntu1.2", "size": "1500", - "version": "4.3-14ubuntu1.2", - "revision": "14ubuntu1.2" + "version": "4.3-14ubuntu1.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bash\",\"revision\":\"14ubuntu1.2\",\"size\":\"1500\",\"source\":\"\",\"version\":\"4.3-14ubuntu1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"bash-completion\",\"revision\":\"4.2ubuntu1.1\",\"size\":\"1227\",\"source\":\"\",\"version\":\"1:2.1-4.2ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1227 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "bash-completion", "arch": "all", + "name": "bash-completion", + "revision": "4.2ubuntu1.1", "size": "1227", - "version": "1:2.1-4.2ubuntu1.1", - "revision": "4.2ubuntu1.1" + "version": "1:2.1-4.2ubuntu1.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"bash-completion\",\"revision\":\"4.2ubuntu1.1\",\"size\":\"1227\",\"source\":\"\",\"version\":\"1:2.1-4.2ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bcache-tools\",\"revision\":\"2\",\"size\":\"139\",\"source\":\"\",\"version\":\"1.0.8-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 139 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "bcache-tools", "arch": "amd64", + "name": "bcache-tools", + "revision": "2", "size": "139", - "version": "1.0.8-2", - "revision": "2" + "version": "1.0.8-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bcache-tools\",\"revision\":\"2\",\"size\":\"139\",\"source\":\"\",\"version\":\"1.0.8-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bind9-host\",\"revision\":\"8ubuntu1.8\",\"size\":\"128\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 128 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "bind9-host", "arch": "amd64", - "source": "bind9", + "name": "bind9-host", + "revision": "8ubuntu1.8", "size": "128", - "version": "1:9.10.3.dfsg.P4-8ubuntu1.8", - "revision": "8ubuntu1.8" + "source": "bind9", + "version": "1:9.10.3.dfsg.P4-8ubuntu1.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bind9-host\",\"revision\":\"8ubuntu1.8\",\"size\":\"128\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bsdmainutils\",\"revision\":\"\",\"size\":\"565\",\"source\":\"\",\"version\":\"9.0.6ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 565 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "bsdmainutils", "arch": "amd64", + "name": "bsdmainutils", "size": "565", "version": "9.0.6ubuntu3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bsdmainutils\",\"revision\":\"\",\"size\":\"565\",\"source\":\"\",\"version\":\"9.0.6ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bsdutils\",\"revision\":\"6ubuntu3.3\",\"size\":\"227\",\"source\":\"util-linux (2.27.1-6ubuntu3.3)\",\"version\":\"1:2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 227 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "bsdutils", "arch": "amd64", - "source": "util-linux (2.27.1-6ubuntu3.3)", + "name": "bsdutils", + "revision": "6ubuntu3.3", "size": "227", - "version": "1:2.27.1-6ubuntu3.3", - "revision": "6ubuntu3.3" + "source": "util-linux (2.27.1-6ubuntu3.3)", + "version": "1:2.27.1-6ubuntu3.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bsdutils\",\"revision\":\"6ubuntu3.3\",\"size\":\"227\",\"source\":\"util-linux (2.27.1-6ubuntu3.3)\",\"version\":\"1:2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"btrfs-tools\",\"revision\":\"1ubuntu1\",\"size\":\"3638\",\"source\":\"\",\"version\":\"4.4-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 3638 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "btrfs-tools", "arch": "amd64", + "name": "btrfs-tools", + "revision": "1ubuntu1", "size": "3638", - "version": "4.4-1ubuntu1", - "revision": "1ubuntu1" + "version": "4.4-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"btrfs-tools\",\"revision\":\"1ubuntu1\",\"size\":\"3638\",\"source\":\"\",\"version\":\"4.4-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"busybox-initramfs\",\"revision\":\"15ubuntu1\",\"size\":\"367\",\"source\":\"busybox\",\"version\":\"1:1.22.0-15ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 367 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "busybox-initramfs", "arch": "amd64", - "source": "busybox", + "name": "busybox-initramfs", + "revision": "15ubuntu1", "size": "367", - "version": "1:1.22.0-15ubuntu1", - "revision": "15ubuntu1" + "source": "busybox", + "version": "1:1.22.0-15ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"busybox-initramfs\",\"revision\":\"15ubuntu1\",\"size\":\"367\",\"source\":\"busybox\",\"version\":\"1:1.22.0-15ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"busybox-static\",\"revision\":\"15ubuntu1\",\"size\":\"2010\",\"source\":\"busybox\",\"version\":\"1:1.22.0-15ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 2010 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "busybox-static", "arch": "amd64", - "source": "busybox", + "name": "busybox-static", + "revision": "15ubuntu1", "size": "2010", - "version": "1:1.22.0-15ubuntu1", - "revision": "15ubuntu1" + "source": "busybox", + "version": "1:1.22.0-15ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"busybox-static\",\"revision\":\"15ubuntu1\",\"size\":\"2010\",\"source\":\"busybox\",\"version\":\"1:1.22.0-15ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"byobu\",\"revision\":\"0ubuntu1\",\"size\":\"639\",\"source\":\"\",\"version\":\"5.106-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 639 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "byobu", "arch": "all", + "name": "byobu", + "revision": "0ubuntu1", "size": "639", - "version": "5.106-0ubuntu1", - "revision": "0ubuntu1" + "version": "5.106-0ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"byobu\",\"revision\":\"0ubuntu1\",\"size\":\"639\",\"source\":\"\",\"version\":\"5.106-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bzip2\",\"revision\":\"8\",\"size\":\"114\",\"source\":\"\",\"version\":\"1.0.6-8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 114 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "bzip2", "arch": "amd64", + "name": "bzip2", + "revision": "8", "size": "114", - "version": "1.0.6-8", - "revision": "8" + "version": "1.0.6-8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"bzip2\",\"revision\":\"8\",\"size\":\"114\",\"source\":\"\",\"version\":\"1.0.6-8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"ca-certificates\",\"revision\":\"\",\"size\":\"426\",\"source\":\"\",\"version\":\"20170717~16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 426 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "ca-certificates", "arch": "all", + "name": "ca-certificates", "size": "426", "version": "20170717~16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"ca-certificates\",\"revision\":\"\",\"size\":\"426\",\"source\":\"\",\"version\":\"20170717~16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"ca-certificates-java\",\"revision\":\"\",\"size\":\"40\",\"source\":\"\",\"version\":\"20160321\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 40 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "ca-certificates-java", "arch": "all", + "name": "ca-certificates-java", "size": "40", "version": "20160321" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"ca-certificates-java\",\"revision\":\"\",\"size\":\"40\",\"source\":\"\",\"version\":\"20160321\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"cloud-guest-utils\",\"revision\":\"0ubuntu24\",\"size\":\"55\",\"source\":\"cloud-utils\",\"version\":\"0.27-0ubuntu24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 55 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "cloud-guest-utils", "arch": "all", - "source": "cloud-utils", + "name": "cloud-guest-utils", + "revision": "0ubuntu24", "size": "55", - "version": "0.27-0ubuntu24", - "revision": "0ubuntu24" + "source": "cloud-utils", + "version": "0.27-0ubuntu24" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"cloud-guest-utils\",\"revision\":\"0ubuntu24\",\"size\":\"55\",\"source\":\"cloud-utils\",\"version\":\"0.27-0ubuntu24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"cloud-init\",\"revision\":\"0ubuntu1~16.04.2\",\"size\":\"1493\",\"source\":\"\",\"version\":\"0.7.9-153-g16a7302f-0ubuntu1~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1493 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "cloud-init", "arch": "all", + "name": "cloud-init", + "revision": "0ubuntu1~16.04.2", "size": "1493", - "version": "0.7.9-153-g16a7302f-0ubuntu1~16.04.2", - "revision": "0ubuntu1~16.04.2" + "version": "0.7.9-153-g16a7302f-0ubuntu1~16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"cloud-init\",\"revision\":\"0ubuntu1~16.04.2\",\"size\":\"1493\",\"source\":\"\",\"version\":\"0.7.9-153-g16a7302f-0ubuntu1~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"cloud-initramfs-copymods\",\"revision\":\"\",\"size\":\"22\",\"source\":\"cloud-initramfs-tools\",\"version\":\"0.27ubuntu1.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 22 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "cloud-initramfs-copymods", "arch": "all", - "source": "cloud-initramfs-tools", + "name": "cloud-initramfs-copymods", "size": "22", + "source": "cloud-initramfs-tools", "version": "0.27ubuntu1.4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"cloud-initramfs-copymods\",\"revision\":\"\",\"size\":\"22\",\"source\":\"cloud-initramfs-tools\",\"version\":\"0.27ubuntu1.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"cloud-initramfs-dyn-netconf\",\"revision\":\"\",\"size\":\"30\",\"source\":\"cloud-initramfs-tools\",\"version\":\"0.27ubuntu1.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 30 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "cloud-initramfs-dyn-netconf", "arch": "all", - "source": "cloud-initramfs-tools", + "name": "cloud-initramfs-dyn-netconf", "size": "30", + "source": "cloud-initramfs-tools", "version": "0.27ubuntu1.4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"cloud-initramfs-dyn-netconf\",\"revision\":\"\",\"size\":\"30\",\"source\":\"cloud-initramfs-tools\",\"version\":\"0.27ubuntu1.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"command-not-found\",\"revision\":\"\",\"size\":\"27\",\"source\":\"\",\"version\":\"0.3ubuntu16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 27 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "command-not-found", "arch": "all", + "name": "command-not-found", "size": "27", "version": "0.3ubuntu16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"command-not-found\",\"revision\":\"\",\"size\":\"27\",\"source\":\"\",\"version\":\"0.3ubuntu16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"command-not-found-data\",\"revision\":\"\",\"size\":\"4136\",\"source\":\"command-not-found\",\"version\":\"0.3ubuntu16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 4136 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "command-not-found-data", "arch": "amd64", - "source": "command-not-found", + "name": "command-not-found-data", "size": "4136", + "source": "command-not-found", "version": "0.3ubuntu16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"command-not-found-data\",\"revision\":\"\",\"size\":\"4136\",\"source\":\"command-not-found\",\"version\":\"0.3ubuntu16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"console-setup\",\"revision\":\"\",\"size\":\"437\",\"source\":\"\",\"version\":\"1.108ubuntu15.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 437 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "console-setup", "arch": "all", + "name": "console-setup", "size": "437", "version": "1.108ubuntu15.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"console-setup\",\"revision\":\"\",\"size\":\"437\",\"source\":\"\",\"version\":\"1.108ubuntu15.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"console-setup-linux\",\"revision\":\"\",\"size\":\"1212\",\"source\":\"console-setup\",\"version\":\"1.108ubuntu15.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1212 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "console-setup-linux", "arch": "all", - "source": "console-setup", + "name": "console-setup-linux", "size": "1212", + "source": "console-setup", "version": "1.108ubuntu15.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"console-setup-linux\",\"revision\":\"\",\"size\":\"1212\",\"source\":\"console-setup\",\"version\":\"1.108ubuntu15.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"coreutils\",\"revision\":\"2ubuntu3~16.04\",\"size\":\"6248\",\"source\":\"\",\"version\":\"8.25-2ubuntu3~16.04\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 6248 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "coreutils", "arch": "amd64", + "name": "coreutils", + "revision": "2ubuntu3~16.04", "size": "6248", - "version": "8.25-2ubuntu3~16.04", - "revision": "2ubuntu3~16.04" + "version": "8.25-2ubuntu3~16.04" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"coreutils\",\"revision\":\"2ubuntu3~16.04\",\"size\":\"6248\",\"source\":\"\",\"version\":\"8.25-2ubuntu3~16.04\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"cpio\",\"revision\":\"5ubuntu1\",\"size\":\"316\",\"source\":\"\",\"version\":\"2.11+dfsg-5ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 316 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "cpio", "arch": "amd64", + "name": "cpio", + "revision": "5ubuntu1", "size": "316", - "version": "2.11+dfsg-5ubuntu1", - "revision": "5ubuntu1" + "version": "2.11+dfsg-5ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"cpio\",\"revision\":\"5ubuntu1\",\"size\":\"316\",\"source\":\"\",\"version\":\"2.11+dfsg-5ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"cron\",\"revision\":\"128ubuntu2\",\"size\":\"243\",\"source\":\"\",\"version\":\"3.0pl1-128ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 243 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "cron", "arch": "amd64", + "name": "cron", + "revision": "128ubuntu2", "size": "243", - "version": "3.0pl1-128ubuntu2", - "revision": "128ubuntu2" + "version": "3.0pl1-128ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"cron\",\"revision\":\"128ubuntu2\",\"size\":\"243\",\"source\":\"\",\"version\":\"3.0pl1-128ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"cryptsetup\",\"revision\":\"5ubuntu2\",\"size\":\"326\",\"source\":\"\",\"version\":\"2:1.6.6-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 326 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "cryptsetup", "arch": "amd64", + "name": "cryptsetup", + "revision": "5ubuntu2", "size": "326", - "version": "2:1.6.6-5ubuntu2", - "revision": "5ubuntu2" + "version": "2:1.6.6-5ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"cryptsetup\",\"revision\":\"5ubuntu2\",\"size\":\"326\",\"source\":\"\",\"version\":\"2:1.6.6-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"cryptsetup-bin\",\"revision\":\"5ubuntu2\",\"size\":\"276\",\"source\":\"cryptsetup\",\"version\":\"2:1.6.6-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 276 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "cryptsetup-bin", "arch": "amd64", - "source": "cryptsetup", + "name": "cryptsetup-bin", + "revision": "5ubuntu2", "size": "276", - "version": "2:1.6.6-5ubuntu2", - "revision": "5ubuntu2" + "source": "cryptsetup", + "version": "2:1.6.6-5ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"cryptsetup-bin\",\"revision\":\"5ubuntu2\",\"size\":\"276\",\"source\":\"cryptsetup\",\"version\":\"2:1.6.6-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"curl\",\"revision\":\"1ubuntu2.5\",\"size\":\"331\",\"source\":\"\",\"version\":\"7.47.0-1ubuntu2.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 331 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "curl", "arch": "amd64", + "name": "curl", + "revision": "1ubuntu2.5", "size": "331", - "version": "7.47.0-1ubuntu2.5", - "revision": "1ubuntu2.5" + "version": "7.47.0-1ubuntu2.5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"curl\",\"revision\":\"1ubuntu2.5\",\"size\":\"331\",\"source\":\"\",\"version\":\"7.47.0-1ubuntu2.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dash\",\"revision\":\"2.1ubuntu2\",\"size\":\"242\",\"source\":\"\",\"version\":\"0.5.8-2.1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 242 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dash", "arch": "amd64", + "name": "dash", + "revision": "2.1ubuntu2", "size": "242", - "version": "0.5.8-2.1ubuntu2", - "revision": "2.1ubuntu2" + "version": "0.5.8-2.1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dash\",\"revision\":\"2.1ubuntu2\",\"size\":\"242\",\"source\":\"\",\"version\":\"0.5.8-2.1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dbus\",\"revision\":\"1ubuntu3.3\",\"size\":\"536\",\"source\":\"\",\"version\":\"1.10.6-1ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 536 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dbus", "arch": "amd64", + "name": "dbus", + "revision": "1ubuntu3.3", "size": "536", - "version": "1.10.6-1ubuntu3.3", - "revision": "1ubuntu3.3" + "version": "1.10.6-1ubuntu3.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dbus\",\"revision\":\"1ubuntu3.3\",\"size\":\"536\",\"source\":\"\",\"version\":\"1.10.6-1ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"debconf\",\"revision\":\"\",\"size\":\"547\",\"source\":\"\",\"version\":\"1.5.58ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 547 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "debconf", "arch": "all", + "name": "debconf", "size": "547", "version": "1.5.58ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" - ] - }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, - "rule": { - "name": "pack_it-compliance_deb_packages" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"debconf\",\"revision\":\"\",\"size\":\"547\",\"source\":\"\",\"version\":\"1.5.58ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ], + "user": [ + "ubuntu" + ] }, - "user": { - "name": "ubuntu" + "rule": { + "name": "pack_it-compliance_deb_packages" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"debconf-i18n\",\"revision\":\"\",\"size\":\"780\",\"source\":\"debconf\",\"version\":\"1.5.58ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 780 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "debconf-i18n", "arch": "all", - "source": "debconf", + "name": "debconf-i18n", "size": "780", + "source": "debconf", "version": "1.5.58ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"debconf-i18n\",\"revision\":\"\",\"size\":\"780\",\"source\":\"debconf\",\"version\":\"1.5.58ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"debianutils\",\"revision\":\"\",\"size\":\"213\",\"source\":\"\",\"version\":\"4.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 213 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "debianutils", "arch": "amd64", + "name": "debianutils", "size": "213", "version": "4.7" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"debianutils\",\"revision\":\"\",\"size\":\"213\",\"source\":\"\",\"version\":\"4.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"default-jre\",\"revision\":\"56ubuntu2\",\"size\":\"6\",\"source\":\"java-common (0.56ubuntu2)\",\"version\":\"2:1.8-56ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 6 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "default-jre", "arch": "amd64", - "source": "java-common (0.56ubuntu2)", + "name": "default-jre", + "revision": "56ubuntu2", "size": "6", - "version": "2:1.8-56ubuntu2", - "revision": "56ubuntu2" + "source": "java-common (0.56ubuntu2)", + "version": "2:1.8-56ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"default-jre\",\"revision\":\"56ubuntu2\",\"size\":\"6\",\"source\":\"java-common (0.56ubuntu2)\",\"version\":\"2:1.8-56ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"default-jre-headless\",\"revision\":\"56ubuntu2\",\"size\":\"22\",\"source\":\"java-common (0.56ubuntu2)\",\"version\":\"2:1.8-56ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 22 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "default-jre-headless", "arch": "amd64", - "source": "java-common (0.56ubuntu2)", + "name": "default-jre-headless", + "revision": "56ubuntu2", "size": "22", - "version": "2:1.8-56ubuntu2", - "revision": "56ubuntu2" + "source": "java-common (0.56ubuntu2)", + "version": "2:1.8-56ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"default-jre-headless\",\"revision\":\"56ubuntu2\",\"size\":\"22\",\"source\":\"java-common (0.56ubuntu2)\",\"version\":\"2:1.8-56ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"dh-python\",\"revision\":\"\",\"size\":\"359\",\"source\":\"\",\"version\":\"2.20151103ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 359 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dh-python", "arch": "all", + "name": "dh-python", "size": "359", "version": "2.20151103ubuntu1.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"dh-python\",\"revision\":\"\",\"size\":\"359\",\"source\":\"\",\"version\":\"2.20151103ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"diffutils\",\"revision\":\"3\",\"size\":\"416\",\"source\":\"\",\"version\":\"1:3.3-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 416 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "diffutils", "arch": "amd64", + "name": "diffutils", + "revision": "3", "size": "416", - "version": "1:3.3-3", - "revision": "3" + "version": "1:3.3-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"diffutils\",\"revision\":\"3\",\"size\":\"416\",\"source\":\"\",\"version\":\"1:3.3-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"distro-info-data\",\"revision\":\"\",\"size\":\"15\",\"source\":\"\",\"version\":\"0.28ubuntu0.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 15 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "distro-info-data", "arch": "all", + "name": "distro-info-data", "size": "15", "version": "0.28ubuntu0.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"distro-info-data\",\"revision\":\"\",\"size\":\"15\",\"source\":\"\",\"version\":\"0.28ubuntu0.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dmeventd\",\"revision\":\"1ubuntu10\",\"size\":\"173\",\"source\":\"lvm2 (2.02.133-1ubuntu10)\",\"version\":\"2:1.02.110-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 173 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dmeventd", "arch": "amd64", - "source": "lvm2 (2.02.133-1ubuntu10)", + "name": "dmeventd", + "revision": "1ubuntu10", "size": "173", - "version": "2:1.02.110-1ubuntu10", - "revision": "1ubuntu10" + "source": "lvm2 (2.02.133-1ubuntu10)", + "version": "2:1.02.110-1ubuntu10" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dmeventd\",\"revision\":\"1ubuntu10\",\"size\":\"173\",\"source\":\"lvm2 (2.02.133-1ubuntu10)\",\"version\":\"2:1.02.110-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dmidecode\",\"revision\":\"2ubuntu0.1\",\"size\":\"174\",\"source\":\"\",\"version\":\"3.0-2ubuntu0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 174 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dmidecode", "arch": "amd64", + "name": "dmidecode", + "revision": "2ubuntu0.1", "size": "174", - "version": "3.0-2ubuntu0.1", - "revision": "2ubuntu0.1" + "version": "3.0-2ubuntu0.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dmidecode\",\"revision\":\"2ubuntu0.1\",\"size\":\"174\",\"source\":\"\",\"version\":\"3.0-2ubuntu0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dmsetup\",\"revision\":\"1ubuntu10\",\"size\":\"225\",\"source\":\"lvm2 (2.02.133-1ubuntu10)\",\"version\":\"2:1.02.110-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 225 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dmsetup", "arch": "amd64", - "source": "lvm2 (2.02.133-1ubuntu10)", + "name": "dmsetup", + "revision": "1ubuntu10", "size": "225", - "version": "2:1.02.110-1ubuntu10", - "revision": "1ubuntu10" + "source": "lvm2 (2.02.133-1ubuntu10)", + "version": "2:1.02.110-1ubuntu10" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dmsetup\",\"revision\":\"1ubuntu10\",\"size\":\"225\",\"source\":\"lvm2 (2.02.133-1ubuntu10)\",\"version\":\"2:1.02.110-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"dns-root-data\",\"revision\":\"\",\"size\":\"54\",\"source\":\"\",\"version\":\"2015052300+h+1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 54 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dns-root-data", "arch": "all", + "name": "dns-root-data", "size": "54", "version": "2015052300+h+1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"dns-root-data\",\"revision\":\"\",\"size\":\"54\",\"source\":\"\",\"version\":\"2015052300+h+1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dnsmasq-base\",\"revision\":\"1ubuntu0.16.04.3\",\"size\":\"736\",\"source\":\"dnsmasq\",\"version\":\"2.75-1ubuntu0.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 736 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dnsmasq-base", "arch": "amd64", - "source": "dnsmasq", + "name": "dnsmasq-base", + "revision": "1ubuntu0.16.04.3", "size": "736", - "version": "2.75-1ubuntu0.16.04.3", - "revision": "1ubuntu0.16.04.3" - }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "source": "dnsmasq", + "version": "2.75-1ubuntu0.16.04.3" + }, + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dnsmasq-base\",\"revision\":\"1ubuntu0.16.04.3\",\"size\":\"736\",\"source\":\"dnsmasq\",\"version\":\"2.75-1ubuntu0.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dnsutils\",\"revision\":\"8ubuntu1.8\",\"size\":\"311\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 311 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dnsutils", "arch": "amd64", - "source": "bind9", + "name": "dnsutils", + "revision": "8ubuntu1.8", "size": "311", - "version": "1:9.10.3.dfsg.P4-8ubuntu1.8", - "revision": "8ubuntu1.8" + "source": "bind9", + "version": "1:9.10.3.dfsg.P4-8ubuntu1.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dnsutils\",\"revision\":\"8ubuntu1.8\",\"size\":\"311\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dosfstools\",\"revision\":\"2ubuntu0.1\",\"size\":\"213\",\"source\":\"\",\"version\":\"3.0.28-2ubuntu0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 213 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dosfstools", "arch": "amd64", + "name": "dosfstools", + "revision": "2ubuntu0.1", "size": "213", - "version": "3.0.28-2ubuntu0.1", - "revision": "2ubuntu0.1" + "version": "3.0.28-2ubuntu0.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dosfstools\",\"revision\":\"2ubuntu0.1\",\"size\":\"213\",\"source\":\"\",\"version\":\"3.0.28-2ubuntu0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dpkg\",\"revision\":\"\",\"size\":\"6655\",\"source\":\"\",\"version\":\"1.18.4ubuntu1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 6655 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "dpkg", "arch": "amd64", + "name": "dpkg", "size": "6655", "version": "1.18.4ubuntu1.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"dpkg\",\"revision\":\"\",\"size\":\"6655\",\"source\":\"\",\"version\":\"1.18.4ubuntu1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"e2fslibs\",\"revision\":\"1ubuntu1\",\"size\":\"389\",\"source\":\"e2fsprogs\",\"version\":\"1.42.13-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 389 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "e2fslibs", "arch": "amd64", - "source": "e2fsprogs", + "name": "e2fslibs", + "revision": "1ubuntu1", "size": "389", - "version": "1.42.13-1ubuntu1", - "revision": "1ubuntu1" + "source": "e2fsprogs", + "version": "1.42.13-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"e2fslibs\",\"revision\":\"1ubuntu1\",\"size\":\"389\",\"source\":\"e2fsprogs\",\"version\":\"1.42.13-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"e2fsprogs\",\"revision\":\"1ubuntu1\",\"size\":\"3020\",\"source\":\"\",\"version\":\"1.42.13-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 3020 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "e2fsprogs", "arch": "amd64", + "name": "e2fsprogs", + "revision": "1ubuntu1", "size": "3020", - "version": "1.42.13-1ubuntu1", - "revision": "1ubuntu1" + "version": "1.42.13-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"e2fsprogs\",\"revision\":\"1ubuntu1\",\"size\":\"3020\",\"source\":\"\",\"version\":\"1.42.13-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"eatmydata\",\"revision\":\"3\",\"size\":\"21\",\"source\":\"libeatmydata\",\"version\":\"105-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 21 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "eatmydata", "arch": "all", - "source": "libeatmydata", + "name": "eatmydata", + "revision": "3", "size": "21", - "version": "105-3", - "revision": "3" + "source": "libeatmydata", + "version": "105-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"eatmydata\",\"revision\":\"3\",\"size\":\"21\",\"source\":\"libeatmydata\",\"version\":\"105-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"ed\",\"revision\":\"2\",\"size\":\"125\",\"source\":\"\",\"version\":\"1.10-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 125 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "ed", "arch": "amd64", + "name": "ed", + "revision": "2", "size": "125", - "version": "1.10-2", - "revision": "2" + "version": "1.10-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"ed\",\"revision\":\"2\",\"size\":\"125\",\"source\":\"\",\"version\":\"1.10-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"eject\",\"revision\":\"13.1ubuntu0.16.04.1\",\"size\":\"160\",\"source\":\"\",\"version\":\"2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 160 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "eject", "arch": "amd64", + "name": "eject", + "revision": "13.1ubuntu0.16.04.1", "size": "160", - "version": "2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1", - "revision": "13.1ubuntu0.16.04.1" + "version": "2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"eject\",\"revision\":\"13.1ubuntu0.16.04.1\",\"size\":\"160\",\"source\":\"\",\"version\":\"2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"elasticsearch\",\"revision\":\"\",\"size\":\"30439\",\"source\":\"elasticsearch\",\"version\":\"6.0.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 30439 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "elasticsearch", "arch": "all", - "source": "elasticsearch", + "name": "elasticsearch", "size": "30439", + "source": "elasticsearch", "version": "6.0.0" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"elasticsearch\",\"revision\":\"\",\"size\":\"30439\",\"source\":\"elasticsearch\",\"version\":\"6.0.0\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"ethtool\",\"revision\":\"1\",\"size\":\"311\",\"source\":\"\",\"version\":\"1:4.5-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 311 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "ethtool", "arch": "amd64", + "name": "ethtool", + "revision": "1", "size": "311", - "version": "1:4.5-1", - "revision": "1" + "version": "1:4.5-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"ethtool\",\"revision\":\"1\",\"size\":\"311\",\"source\":\"\",\"version\":\"1:4.5-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"file\",\"revision\":\"2ubuntu1\",\"size\":\"76\",\"source\":\"\",\"version\":\"1:5.25-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 76 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "file", "arch": "amd64", + "name": "file", + "revision": "2ubuntu1", "size": "76", - "version": "1:5.25-2ubuntu1", - "revision": "2ubuntu1" + "version": "1:5.25-2ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"file\",\"revision\":\"2ubuntu1\",\"size\":\"76\",\"source\":\"\",\"version\":\"1:5.25-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"filebeat\",\"revision\":\"SNAPSHOT\",\"size\":\"48030\",\"source\":\"\",\"version\":\"7.0.0-alpha1-SNAPSHOT\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 48030 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "filebeat", "arch": "amd64", + "name": "filebeat", + "revision": "SNAPSHOT", "size": "48030", - "version": "7.0.0-alpha1-SNAPSHOT", - "revision": "SNAPSHOT" + "version": "7.0.0-alpha1-SNAPSHOT" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"filebeat\",\"revision\":\"SNAPSHOT\",\"size\":\"48030\",\"source\":\"\",\"version\":\"7.0.0-alpha1-SNAPSHOT\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"findutils\",\"revision\":\"2\",\"size\":\"560\",\"source\":\"\",\"version\":\"4.6.0+git+20160126-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 560 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "findutils", "arch": "amd64", + "name": "findutils", + "revision": "2", "size": "560", - "version": "4.6.0+git+20160126-2", - "revision": "2" + "version": "4.6.0+git+20160126-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"findutils\",\"revision\":\"2\",\"size\":\"560\",\"source\":\"\",\"version\":\"4.6.0+git+20160126-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"fontconfig\",\"revision\":\"0ubuntu1.1\",\"size\":\"541\",\"source\":\"\",\"version\":\"2.11.94-0ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 541 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "fontconfig", "arch": "amd64", + "name": "fontconfig", + "revision": "0ubuntu1.1", "size": "541", - "version": "2.11.94-0ubuntu1.1", - "revision": "0ubuntu1.1" + "version": "2.11.94-0ubuntu1.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"fontconfig\",\"revision\":\"0ubuntu1.1\",\"size\":\"541\",\"source\":\"\",\"version\":\"2.11.94-0ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"fontconfig-config\",\"revision\":\"0ubuntu1.1\",\"size\":\"368\",\"source\":\"fontconfig\",\"version\":\"2.11.94-0ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 368 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "fontconfig-config", "arch": "all", - "source": "fontconfig", + "name": "fontconfig-config", + "revision": "0ubuntu1.1", "size": "368", - "version": "2.11.94-0ubuntu1.1", - "revision": "0ubuntu1.1" + "source": "fontconfig", + "version": "2.11.94-0ubuntu1.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"fontconfig-config\",\"revision\":\"0ubuntu1.1\",\"size\":\"368\",\"source\":\"fontconfig\",\"version\":\"2.11.94-0ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"fonts-dejavu-core\",\"revision\":\"1\",\"size\":\"2963\",\"source\":\"fonts-dejavu\",\"version\":\"2.35-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 2963 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "fonts-dejavu-core", "arch": "all", - "source": "fonts-dejavu", + "name": "fonts-dejavu-core", + "revision": "1", "size": "2963", - "version": "2.35-1", - "revision": "1" + "source": "fonts-dejavu", + "version": "2.35-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"fonts-dejavu-core\",\"revision\":\"1\",\"size\":\"2963\",\"source\":\"fonts-dejavu\",\"version\":\"2.35-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"fonts-dejavu-extra\",\"revision\":\"1\",\"size\":\"6657\",\"source\":\"fonts-dejavu\",\"version\":\"2.35-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 6657 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "fonts-dejavu-extra", "arch": "all", - "source": "fonts-dejavu", + "name": "fonts-dejavu-extra", + "revision": "1", "size": "6657", - "version": "2.35-1", - "revision": "1" + "source": "fonts-dejavu", + "version": "2.35-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"fonts-dejavu-extra\",\"revision\":\"1\",\"size\":\"6657\",\"source\":\"fonts-dejavu\",\"version\":\"2.35-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"fonts-ubuntu-font-family-console\",\"revision\":\"0ubuntu2\",\"size\":\"40\",\"source\":\"ubuntu-font-family-sources\",\"version\":\"1:0.83-0ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 40 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "fonts-ubuntu-font-family-console", "arch": "all", - "source": "ubuntu-font-family-sources", + "name": "fonts-ubuntu-font-family-console", + "revision": "0ubuntu2", "size": "40", - "version": "1:0.83-0ubuntu2", - "revision": "0ubuntu2" + "source": "ubuntu-font-family-sources", + "version": "1:0.83-0ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"fonts-ubuntu-font-family-console\",\"revision\":\"0ubuntu2\",\"size\":\"40\",\"source\":\"ubuntu-font-family-sources\",\"version\":\"1:0.83-0ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"friendly-recovery\",\"revision\":\"\",\"size\":\"73\",\"source\":\"\",\"version\":\"0.2.31\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 73 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "friendly-recovery", "arch": "all", + "name": "friendly-recovery", "size": "73", "version": "0.2.31" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"friendly-recovery\",\"revision\":\"\",\"size\":\"73\",\"source\":\"\",\"version\":\"0.2.31\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"ftp\",\"revision\":\"33\",\"size\":\"149\",\"source\":\"netkit-ftp\",\"version\":\"0.17-33\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 149 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "ftp", "arch": "amd64", - "source": "netkit-ftp", + "name": "ftp", + "revision": "33", "size": "149", - "version": "0.17-33", - "revision": "33" + "source": "netkit-ftp", + "version": "0.17-33" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"ftp\",\"revision\":\"33\",\"size\":\"149\",\"source\":\"netkit-ftp\",\"version\":\"0.17-33\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"fuse\",\"revision\":\"1ubuntu3.1\",\"size\":\"104\",\"source\":\"\",\"version\":\"2.9.4-1ubuntu3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 104 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "fuse", "arch": "amd64", + "name": "fuse", + "revision": "1ubuntu3.1", "size": "104", - "version": "2.9.4-1ubuntu3.1", - "revision": "1ubuntu3.1" + "version": "2.9.4-1ubuntu3.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"fuse\",\"revision\":\"1ubuntu3.1\",\"size\":\"104\",\"source\":\"\",\"version\":\"2.9.4-1ubuntu3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gawk\",\"revision\":\"0.1\",\"size\":\"1516\",\"source\":\"\",\"version\":\"1:4.1.3+dfsg-0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1516 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "gawk", "arch": "amd64", + "name": "gawk", + "revision": "0.1", "size": "1516", - "version": "1:4.1.3+dfsg-0.1", - "revision": "0.1" + "version": "1:4.1.3+dfsg-0.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gawk\",\"revision\":\"0.1\",\"size\":\"1516\",\"source\":\"\",\"version\":\"1:4.1.3+dfsg-0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gcc-5-base\",\"revision\":\"6ubuntu1~16.04.4\",\"size\":\"65\",\"source\":\"gcc-5\",\"version\":\"5.4.0-6ubuntu1~16.04.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 65 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "gcc-5-base", "arch": "amd64", - "source": "gcc-5", + "name": "gcc-5-base", + "revision": "6ubuntu1~16.04.4", "size": "65", - "version": "5.4.0-6ubuntu1~16.04.4", - "revision": "6ubuntu1~16.04.4" + "source": "gcc-5", + "version": "5.4.0-6ubuntu1~16.04.4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" - ] - }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" + ], + "user": [ + "ubuntu" + ] }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gcc-5-base\",\"revision\":\"6ubuntu1~16.04.4\",\"size\":\"65\",\"source\":\"gcc-5\",\"version\":\"5.4.0-6ubuntu1~16.04.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gcc-6-base\",\"revision\":\"0ubuntu1\",\"size\":\"60\",\"source\":\"gccgo-6\",\"version\":\"6.0.1-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 60 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "gcc-6-base", "arch": "amd64", - "source": "gccgo-6", + "name": "gcc-6-base", + "revision": "0ubuntu1", "size": "60", - "version": "6.0.1-0ubuntu1", - "revision": "0ubuntu1" + "source": "gccgo-6", + "version": "6.0.1-0ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gcc-6-base\",\"revision\":\"0ubuntu1\",\"size\":\"60\",\"source\":\"gccgo-6\",\"version\":\"6.0.1-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gdisk\",\"revision\":\"1build1\",\"size\":\"746\",\"source\":\"\",\"version\":\"1.0.1-1build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 746 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "gdisk", "arch": "amd64", + "name": "gdisk", + "revision": "1build1", "size": "746", - "version": "1.0.1-1build1", - "revision": "1build1" + "version": "1.0.1-1build1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gdisk\",\"revision\":\"1build1\",\"size\":\"746\",\"source\":\"\",\"version\":\"1.0.1-1build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"geoip-database\",\"revision\":\"1\",\"size\":\"5437\",\"source\":\"\",\"version\":\"20160408-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 5437 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "geoip-database", "arch": "all", + "name": "geoip-database", + "revision": "1", "size": "5437", - "version": "20160408-1", - "revision": "1" + "version": "20160408-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"geoip-database\",\"revision\":\"1\",\"size\":\"5437\",\"source\":\"\",\"version\":\"20160408-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gettext-base\",\"revision\":\"2ubuntu3\",\"size\":\"340\",\"source\":\"gettext\",\"version\":\"0.19.7-2ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 340 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "gettext-base", "arch": "amd64", - "source": "gettext", + "name": "gettext-base", + "revision": "2ubuntu3", "size": "340", - "version": "0.19.7-2ubuntu3", - "revision": "2ubuntu3" + "source": "gettext", + "version": "0.19.7-2ubuntu3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gettext-base\",\"revision\":\"2ubuntu3\",\"size\":\"340\",\"source\":\"gettext\",\"version\":\"0.19.7-2ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gir1.2-glib-2.0\",\"revision\":\"3ubuntu1\",\"size\":\"619\",\"source\":\"gobject-introspection\",\"version\":\"1.46.0-3ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 619 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "gir1.2-glib-2.0", "arch": "amd64", - "source": "gobject-introspection", + "name": "gir1.2-glib-2.0", + "revision": "3ubuntu1", "size": "619", - "version": "1.46.0-3ubuntu1", - "revision": "3ubuntu1" + "source": "gobject-introspection", + "version": "1.46.0-3ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gir1.2-glib-2.0\",\"revision\":\"3ubuntu1\",\"size\":\"619\",\"source\":\"gobject-introspection\",\"version\":\"1.46.0-3ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"git\",\"revision\":\"0ubuntu1.3\",\"size\":\"23508\",\"source\":\"\",\"version\":\"1:2.7.4-0ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 23508 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "git", "arch": "amd64", + "name": "git", + "revision": "0ubuntu1.3", "size": "23508", - "version": "1:2.7.4-0ubuntu1.3", - "revision": "0ubuntu1.3" + "version": "1:2.7.4-0ubuntu1.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"git\",\"revision\":\"0ubuntu1.3\",\"size\":\"23508\",\"source\":\"\",\"version\":\"1:2.7.4-0ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"git-man\",\"revision\":\"0ubuntu1.3\",\"size\":\"1420\",\"source\":\"git\",\"version\":\"1:2.7.4-0ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1420 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "git-man", "arch": "all", - "source": "git", + "name": "git-man", + "revision": "0ubuntu1.3", "size": "1420", - "version": "1:2.7.4-0ubuntu1.3", - "revision": "0ubuntu1.3" + "source": "git", + "version": "1:2.7.4-0ubuntu1.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"git-man\",\"revision\":\"0ubuntu1.3\",\"size\":\"1420\",\"source\":\"git\",\"version\":\"1:2.7.4-0ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gnupg\",\"revision\":\"1ubuntu3.1\",\"size\":\"1680\",\"source\":\"\",\"version\":\"1.4.20-1ubuntu3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1680 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "gnupg", "arch": "amd64", + "name": "gnupg", + "revision": "1ubuntu3.1", "size": "1680", - "version": "1.4.20-1ubuntu3.1", - "revision": "1ubuntu3.1" + "version": "1.4.20-1ubuntu3.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gnupg\",\"revision\":\"1ubuntu3.1\",\"size\":\"1680\",\"source\":\"\",\"version\":\"1.4.20-1ubuntu3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gpgv\",\"revision\":\"1ubuntu3.1\",\"size\":\"430\",\"source\":\"gnupg\",\"version\":\"1.4.20-1ubuntu3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 430 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "gpgv", "arch": "amd64", - "source": "gnupg", + "name": "gpgv", + "revision": "1ubuntu3.1", "size": "430", - "version": "1.4.20-1ubuntu3.1", - "revision": "1ubuntu3.1" + "source": "gnupg", + "version": "1.4.20-1ubuntu3.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gpgv\",\"revision\":\"1ubuntu3.1\",\"size\":\"430\",\"source\":\"gnupg\",\"version\":\"1.4.20-1ubuntu3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grep\",\"revision\":\"1~16.04.1\",\"size\":\"472\",\"source\":\"\",\"version\":\"2.25-1~16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 472 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "grep", "arch": "amd64", + "name": "grep", + "revision": "1~16.04.1", "size": "472", - "version": "2.25-1~16.04.1", - "revision": "1~16.04.1" + "version": "2.25-1~16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grep\",\"revision\":\"1~16.04.1\",\"size\":\"472\",\"source\":\"\",\"version\":\"2.25-1~16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"groff-base\",\"revision\":\"7\",\"size\":\"3226\",\"source\":\"groff\",\"version\":\"1.22.3-7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 3226 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "groff-base", "arch": "amd64", - "source": "groff", + "name": "groff-base", + "revision": "7", "size": "3226", - "version": "1.22.3-7", - "revision": "7" + "source": "groff", + "version": "1.22.3-7" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"groff-base\",\"revision\":\"7\",\"size\":\"3226\",\"source\":\"groff\",\"version\":\"1.22.3-7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grub-common\",\"revision\":\"36ubuntu3.12\",\"size\":\"11624\",\"source\":\"grub2\",\"version\":\"2.02~beta2-36ubuntu3.12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 11624 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "grub-common", "arch": "amd64", - "source": "grub2", + "name": "grub-common", + "revision": "36ubuntu3.12", "size": "11624", - "version": "2.02~beta2-36ubuntu3.12", - "revision": "36ubuntu3.12" + "source": "grub2", + "version": "2.02~beta2-36ubuntu3.12" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grub-common\",\"revision\":\"36ubuntu3.12\",\"size\":\"11624\",\"source\":\"grub2\",\"version\":\"2.02~beta2-36ubuntu3.12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grub-gfxpayload-lists\",\"revision\":\"\",\"size\":\"47\",\"source\":\"\",\"version\":\"0.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 47 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "grub-gfxpayload-lists", "arch": "amd64", + "name": "grub-gfxpayload-lists", "size": "47", "version": "0.7" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grub-gfxpayload-lists\",\"revision\":\"\",\"size\":\"47\",\"source\":\"\",\"version\":\"0.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"grub-legacy-ec2\",\"revision\":\"0ubuntu1~16.04.2\",\"size\":\"113\",\"source\":\"cloud-init\",\"version\":\"0.7.9-153-g16a7302f-0ubuntu1~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 113 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "grub-legacy-ec2", "arch": "all", - "source": "cloud-init", + "name": "grub-legacy-ec2", + "revision": "0ubuntu1~16.04.2", "size": "113", - "version": "0.7.9-153-g16a7302f-0ubuntu1~16.04.2", - "revision": "0ubuntu1~16.04.2" + "source": "cloud-init", + "version": "0.7.9-153-g16a7302f-0ubuntu1~16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"grub-legacy-ec2\",\"revision\":\"0ubuntu1~16.04.2\",\"size\":\"113\",\"source\":\"cloud-init\",\"version\":\"0.7.9-153-g16a7302f-0ubuntu1~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grub-pc\",\"revision\":\"36ubuntu3.12\",\"size\":\"545\",\"source\":\"grub2\",\"version\":\"2.02~beta2-36ubuntu3.12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 545 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "grub-pc", "arch": "amd64", - "source": "grub2", + "name": "grub-pc", + "revision": "36ubuntu3.12", "size": "545", - "version": "2.02~beta2-36ubuntu3.12", - "revision": "36ubuntu3.12" + "source": "grub2", + "version": "2.02~beta2-36ubuntu3.12" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grub-pc\",\"revision\":\"36ubuntu3.12\",\"size\":\"545\",\"source\":\"grub2\",\"version\":\"2.02~beta2-36ubuntu3.12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grub-pc-bin\",\"revision\":\"36ubuntu3.12\",\"size\":\"2936\",\"source\":\"grub2\",\"version\":\"2.02~beta2-36ubuntu3.12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 2936 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "grub-pc-bin", "arch": "amd64", - "source": "grub2", + "name": "grub-pc-bin", + "revision": "36ubuntu3.12", "size": "2936", - "version": "2.02~beta2-36ubuntu3.12", - "revision": "36ubuntu3.12" + "source": "grub2", + "version": "2.02~beta2-36ubuntu3.12" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grub-pc-bin\",\"revision\":\"36ubuntu3.12\",\"size\":\"2936\",\"source\":\"grub2\",\"version\":\"2.02~beta2-36ubuntu3.12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grub2-common\",\"revision\":\"36ubuntu3.12\",\"size\":\"1115\",\"source\":\"grub2\",\"version\":\"2.02~beta2-36ubuntu3.12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1115 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "grub2-common", "arch": "amd64", - "source": "grub2", + "name": "grub2-common", + "revision": "36ubuntu3.12", "size": "1115", - "version": "2.02~beta2-36ubuntu3.12", - "revision": "36ubuntu3.12" + "source": "grub2", + "version": "2.02~beta2-36ubuntu3.12" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"grub2-common\",\"revision\":\"36ubuntu3.12\",\"size\":\"1115\",\"source\":\"grub2\",\"version\":\"2.02~beta2-36ubuntu3.12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gzip\",\"revision\":\"4ubuntu1\",\"size\":\"240\",\"source\":\"\",\"version\":\"1.6-4ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 240 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "gzip", "arch": "amd64", + "name": "gzip", + "revision": "4ubuntu1", "size": "240", - "version": "1.6-4ubuntu1", - "revision": "4ubuntu1" + "version": "1.6-4ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"gzip\",\"revision\":\"4ubuntu1\",\"size\":\"240\",\"source\":\"\",\"version\":\"1.6-4ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"hdparm\",\"revision\":\"1\",\"size\":\"226\",\"source\":\"\",\"version\":\"9.48+ds-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 226 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "hdparm", "arch": "amd64", + "name": "hdparm", + "revision": "1", "size": "226", - "version": "9.48+ds-1", - "revision": "1" + "version": "9.48+ds-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"hdparm\",\"revision\":\"1\",\"size\":\"226\",\"source\":\"\",\"version\":\"9.48+ds-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"hicolor-icon-theme\",\"revision\":\"0ubuntu1\",\"size\":\"1528\",\"source\":\"\",\"version\":\"0.15-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1528 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "hicolor-icon-theme", "arch": "all", + "name": "hicolor-icon-theme", + "revision": "0ubuntu1", "size": "1528", - "version": "0.15-0ubuntu1", - "revision": "0ubuntu1" + "version": "0.15-0ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"hicolor-icon-theme\",\"revision\":\"0ubuntu1\",\"size\":\"1528\",\"source\":\"\",\"version\":\"0.15-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"hostname\",\"revision\":\"\",\"size\":\"50\",\"source\":\"\",\"version\":\"3.16ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 50 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "hostname", "arch": "amd64", + "name": "hostname", "size": "50", "version": "3.16ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"hostname\",\"revision\":\"\",\"size\":\"50\",\"source\":\"\",\"version\":\"3.16ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"ifenslave\",\"revision\":\"\",\"size\":\"87\",\"source\":\"\",\"version\":\"2.7ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 87 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "ifenslave", "arch": "all", + "name": "ifenslave", "size": "87", "version": "2.7ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"ifenslave\",\"revision\":\"\",\"size\":\"87\",\"source\":\"\",\"version\":\"2.7ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"ifupdown\",\"revision\":\"\",\"size\":\"198\",\"source\":\"\",\"version\":\"0.8.10ubuntu1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 198 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "ifupdown", "arch": "amd64", + "name": "ifupdown", "size": "198", "version": "0.8.10ubuntu1.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"ifupdown\",\"revision\":\"\",\"size\":\"198\",\"source\":\"\",\"version\":\"0.8.10ubuntu1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"info\",\"revision\":\"5\",\"size\":\"507\",\"source\":\"texinfo\",\"version\":\"6.1.0.dfsg.1-5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 507 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "info", "arch": "amd64", - "source": "texinfo", + "name": "info", + "revision": "5", "size": "507", - "version": "6.1.0.dfsg.1-5", - "revision": "5" + "source": "texinfo", + "version": "6.1.0.dfsg.1-5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"info\",\"revision\":\"5\",\"size\":\"507\",\"source\":\"texinfo\",\"version\":\"6.1.0.dfsg.1-5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"init\",\"revision\":\"\",\"size\":\"16\",\"source\":\"init-system-helpers\",\"version\":\"1.29ubuntu4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 16 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "init", "arch": "amd64", - "source": "init-system-helpers", + "name": "init", "size": "16", + "source": "init-system-helpers", "version": "1.29ubuntu4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"init\",\"revision\":\"\",\"size\":\"16\",\"source\":\"init-system-helpers\",\"version\":\"1.29ubuntu4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"init-system-helpers\",\"revision\":\"\",\"size\":\"111\",\"source\":\"\",\"version\":\"1.29ubuntu4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 111 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "init-system-helpers", "arch": "all", + "name": "init-system-helpers", "size": "111", "version": "1.29ubuntu4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"init-system-helpers\",\"revision\":\"\",\"size\":\"111\",\"source\":\"\",\"version\":\"1.29ubuntu4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"initramfs-tools\",\"revision\":\"\",\"size\":\"124\",\"source\":\"\",\"version\":\"0.122ubuntu8.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 124 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "initramfs-tools", "arch": "all", + "name": "initramfs-tools", "size": "124", "version": "0.122ubuntu8.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"initramfs-tools\",\"revision\":\"\",\"size\":\"124\",\"source\":\"\",\"version\":\"0.122ubuntu8.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"initramfs-tools-bin\",\"revision\":\"\",\"size\":\"110\",\"source\":\"initramfs-tools\",\"version\":\"0.122ubuntu8.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 110 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "initramfs-tools-bin", "arch": "amd64", - "source": "initramfs-tools", + "name": "initramfs-tools-bin", "size": "110", + "source": "initramfs-tools", "version": "0.122ubuntu8.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"initramfs-tools-bin\",\"revision\":\"\",\"size\":\"110\",\"source\":\"initramfs-tools\",\"version\":\"0.122ubuntu8.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"initramfs-tools-core\",\"revision\":\"\",\"size\":\"249\",\"source\":\"initramfs-tools\",\"version\":\"0.122ubuntu8.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 249 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "initramfs-tools-core", "arch": "all", - "source": "initramfs-tools", + "name": "initramfs-tools-core", "size": "249", + "source": "initramfs-tools", "version": "0.122ubuntu8.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"initramfs-tools-core\",\"revision\":\"\",\"size\":\"249\",\"source\":\"initramfs-tools\",\"version\":\"0.122ubuntu8.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"initscripts\",\"revision\":\"59.3ubuntu2\",\"size\":\"169\",\"source\":\"sysvinit\",\"version\":\"2.88dsf-59.3ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 169 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "initscripts", "arch": "amd64", - "source": "sysvinit", + "name": "initscripts", + "revision": "59.3ubuntu2", "size": "169", - "version": "2.88dsf-59.3ubuntu2", - "revision": "59.3ubuntu2" + "source": "sysvinit", + "version": "2.88dsf-59.3ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"initscripts\",\"revision\":\"59.3ubuntu2\",\"size\":\"169\",\"source\":\"sysvinit\",\"version\":\"2.88dsf-59.3ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"insserv\",\"revision\":\"5ubuntu3\",\"size\":\"183\",\"source\":\"\",\"version\":\"1.14.0-5ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 183 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "insserv", "arch": "amd64", + "name": "insserv", + "revision": "5ubuntu3", "size": "183", - "version": "1.14.0-5ubuntu3", - "revision": "5ubuntu3" + "version": "1.14.0-5ubuntu3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"insserv\",\"revision\":\"5ubuntu3\",\"size\":\"183\",\"source\":\"\",\"version\":\"1.14.0-5ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"install-info\",\"revision\":\"5\",\"size\":\"335\",\"source\":\"texinfo\",\"version\":\"6.1.0.dfsg.1-5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 335 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "install-info", "arch": "amd64", - "source": "texinfo", + "name": "install-info", + "revision": "5", "size": "335", - "version": "6.1.0.dfsg.1-5", - "revision": "5" + "source": "texinfo", + "version": "6.1.0.dfsg.1-5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"install-info\",\"revision\":\"5\",\"size\":\"335\",\"source\":\"texinfo\",\"version\":\"6.1.0.dfsg.1-5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"iproute2\",\"revision\":\"1ubuntu3.16.04.1\",\"size\":\"1486\",\"source\":\"\",\"version\":\"4.3.0-1ubuntu3.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1486 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "iproute2", "arch": "amd64", + "name": "iproute2", + "revision": "1ubuntu3.16.04.1", "size": "1486", - "version": "4.3.0-1ubuntu3.16.04.1", - "revision": "1ubuntu3.16.04.1" + "version": "4.3.0-1ubuntu3.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"iproute2\",\"revision\":\"1ubuntu3.16.04.1\",\"size\":\"1486\",\"source\":\"\",\"version\":\"4.3.0-1ubuntu3.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"iptables\",\"revision\":\"2ubuntu3\",\"size\":\"1624\",\"source\":\"\",\"version\":\"1.6.0-2ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1624 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "iptables", "arch": "amd64", + "name": "iptables", + "revision": "2ubuntu3", "size": "1624", - "version": "1.6.0-2ubuntu3", - "revision": "2ubuntu3" + "version": "1.6.0-2ubuntu3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"iptables\",\"revision\":\"2ubuntu3\",\"size\":\"1624\",\"source\":\"\",\"version\":\"1.6.0-2ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"iputils-ping\",\"revision\":\"5ubuntu2\",\"size\":\"160\",\"source\":\"iputils\",\"version\":\"3:20121221-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 160 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "iputils-ping", "arch": "amd64", - "source": "iputils", + "name": "iputils-ping", + "revision": "5ubuntu2", "size": "160", - "version": "3:20121221-5ubuntu2", - "revision": "5ubuntu2" + "source": "iputils", + "version": "3:20121221-5ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"iputils-ping\",\"revision\":\"5ubuntu2\",\"size\":\"160\",\"source\":\"iputils\",\"version\":\"3:20121221-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"iputils-tracepath\",\"revision\":\"5ubuntu2\",\"size\":\"113\",\"source\":\"iputils\",\"version\":\"3:20121221-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 113 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "iputils-tracepath", "arch": "amd64", - "source": "iputils", + "name": "iputils-tracepath", + "revision": "5ubuntu2", "size": "113", - "version": "3:20121221-5ubuntu2", - "revision": "5ubuntu2" + "source": "iputils", + "version": "3:20121221-5ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"iputils-tracepath\",\"revision\":\"5ubuntu2\",\"size\":\"113\",\"source\":\"iputils\",\"version\":\"3:20121221-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"irqbalance\",\"revision\":\"2ubuntu1\",\"size\":\"90\",\"source\":\"\",\"version\":\"1.1.0-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 90 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "irqbalance", "arch": "amd64", + "name": "irqbalance", + "revision": "2ubuntu1", "size": "90", - "version": "1.1.0-2ubuntu1", - "revision": "2ubuntu1" + "version": "1.1.0-2ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"irqbalance\",\"revision\":\"2ubuntu1\",\"size\":\"90\",\"source\":\"\",\"version\":\"1.1.0-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"isc-dhcp-client\",\"revision\":\"5ubuntu12.7\",\"size\":\"609\",\"source\":\"isc-dhcp\",\"version\":\"4.3.3-5ubuntu12.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 609 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "isc-dhcp-client", "arch": "amd64", - "source": "isc-dhcp", + "name": "isc-dhcp-client", + "revision": "5ubuntu12.7", "size": "609", - "version": "4.3.3-5ubuntu12.7", - "revision": "5ubuntu12.7" + "source": "isc-dhcp", + "version": "4.3.3-5ubuntu12.7" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"isc-dhcp-client\",\"revision\":\"5ubuntu12.7\",\"size\":\"609\",\"source\":\"isc-dhcp\",\"version\":\"4.3.3-5ubuntu12.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"isc-dhcp-common\",\"revision\":\"5ubuntu12.7\",\"size\":\"149\",\"source\":\"isc-dhcp\",\"version\":\"4.3.3-5ubuntu12.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 149 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "isc-dhcp-common", "arch": "amd64", - "source": "isc-dhcp", + "name": "isc-dhcp-common", + "revision": "5ubuntu12.7", "size": "149", - "version": "4.3.3-5ubuntu12.7", - "revision": "5ubuntu12.7" + "source": "isc-dhcp", + "version": "4.3.3-5ubuntu12.7" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"isc-dhcp-common\",\"revision\":\"5ubuntu12.7\",\"size\":\"149\",\"source\":\"isc-dhcp\",\"version\":\"4.3.3-5ubuntu12.7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"iso-codes\",\"revision\":\"1\",\"size\":\"16035\",\"source\":\"\",\"version\":\"3.65-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 16035 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "iso-codes", "arch": "all", + "name": "iso-codes", + "revision": "1", "size": "16035", - "version": "3.65-1", - "revision": "1" + "version": "3.65-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"iso-codes\",\"revision\":\"1\",\"size\":\"16035\",\"source\":\"\",\"version\":\"3.65-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"java-common\",\"revision\":\"\",\"size\":\"35\",\"source\":\"\",\"version\":\"0.56ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 35 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "java-common", "arch": "all", + "name": "java-common", "size": "35", "version": "0.56ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"java-common\",\"revision\":\"\",\"size\":\"35\",\"source\":\"\",\"version\":\"0.56ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"kbd\",\"revision\":\"1ubuntu5\",\"size\":\"1040\",\"source\":\"\",\"version\":\"1.15.5-1ubuntu5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1040 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "kbd", "arch": "amd64", + "name": "kbd", + "revision": "1ubuntu5", "size": "1040", - "version": "1.15.5-1ubuntu5", - "revision": "1ubuntu5" + "version": "1.15.5-1ubuntu5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"kbd\",\"revision\":\"1ubuntu5\",\"size\":\"1040\",\"source\":\"\",\"version\":\"1.15.5-1ubuntu5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"keyboard-configuration\",\"revision\":\"\",\"size\":\"2581\",\"source\":\"console-setup\",\"version\":\"1.108ubuntu15.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 2581 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "keyboard-configuration", "arch": "all", - "source": "console-setup", + "name": "keyboard-configuration", "size": "2581", + "source": "console-setup", "version": "1.108ubuntu15.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"keyboard-configuration\",\"revision\":\"\",\"size\":\"2581\",\"source\":\"console-setup\",\"version\":\"1.108ubuntu15.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"klibc-utils\",\"revision\":\"8ubuntu1.16.04.3\",\"size\":\"384\",\"source\":\"klibc\",\"version\":\"2.0.4-8ubuntu1.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "klibc-utils", "arch": "amd64", - "source": "klibc", + "name": "klibc-utils", + "revision": "8ubuntu1.16.04.3", "size": "384", - "version": "2.0.4-8ubuntu1.16.04.3", - "revision": "8ubuntu1.16.04.3" + "source": "klibc", + "version": "2.0.4-8ubuntu1.16.04.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"klibc-utils\",\"revision\":\"8ubuntu1.16.04.3\",\"size\":\"384\",\"source\":\"klibc\",\"version\":\"2.0.4-8ubuntu1.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"kmod\",\"revision\":\"1ubuntu5\",\"size\":\"237\",\"source\":\"\",\"version\":\"22-1ubuntu5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 237 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "kmod", "arch": "amd64", + "name": "kmod", + "revision": "1ubuntu5", "size": "237", - "version": "22-1ubuntu5", - "revision": "1ubuntu5" + "version": "22-1ubuntu5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"kmod\",\"revision\":\"1ubuntu5\",\"size\":\"237\",\"source\":\"\",\"version\":\"22-1ubuntu5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"krb5-locales\",\"revision\":\"5ubuntu2\",\"size\":\"2764\",\"source\":\"krb5\",\"version\":\"1.13.2+dfsg-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 2764 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "krb5-locales", "arch": "all", - "source": "krb5", + "name": "krb5-locales", + "revision": "5ubuntu2", "size": "2764", - "version": "1.13.2+dfsg-5ubuntu2", - "revision": "5ubuntu2" + "source": "krb5", + "version": "1.13.2+dfsg-5ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"krb5-locales\",\"revision\":\"5ubuntu2\",\"size\":\"2764\",\"source\":\"krb5\",\"version\":\"1.13.2+dfsg-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"language-selector-common\",\"revision\":\"\",\"size\":\"1611\",\"source\":\"language-selector\",\"version\":\"0.165.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1611 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "language-selector-common", "arch": "all", - "source": "language-selector", + "name": "language-selector-common", "size": "1611", + "source": "language-selector", "version": "0.165.4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"language-selector-common\",\"revision\":\"\",\"size\":\"1611\",\"source\":\"language-selector\",\"version\":\"0.165.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"less\",\"revision\":\"2.1ubuntu0.2\",\"size\":\"282\",\"source\":\"\",\"version\":\"481-2.1ubuntu0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 282 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "less", "arch": "amd64", + "name": "less", + "revision": "2.1ubuntu0.2", "size": "282", - "version": "481-2.1ubuntu0.2", - "revision": "2.1ubuntu0.2" + "version": "481-2.1ubuntu0.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"less\",\"revision\":\"2.1ubuntu0.2\",\"size\":\"282\",\"source\":\"\",\"version\":\"481-2.1ubuntu0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libaccountsservice0\",\"revision\":\"2ubuntu11.3\",\"size\":\"348\",\"source\":\"accountsservice\",\"version\":\"0.6.40-2ubuntu11.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 348 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libaccountsservice0", "arch": "amd64", - "source": "accountsservice", + "name": "libaccountsservice0", + "revision": "2ubuntu11.3", "size": "348", - "version": "0.6.40-2ubuntu11.3", - "revision": "2ubuntu11.3" + "source": "accountsservice", + "version": "0.6.40-2ubuntu11.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libaccountsservice0\",\"revision\":\"2ubuntu11.3\",\"size\":\"348\",\"source\":\"accountsservice\",\"version\":\"0.6.40-2ubuntu11.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libacl1\",\"revision\":\"3\",\"size\":\"57\",\"source\":\"acl\",\"version\":\"2.2.52-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 57 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libacl1", "arch": "amd64", - "source": "acl", + "name": "libacl1", + "revision": "3", "size": "57", - "version": "2.2.52-3", - "revision": "3" + "source": "acl", + "version": "2.2.52-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libacl1\",\"revision\":\"3\",\"size\":\"57\",\"source\":\"acl\",\"version\":\"2.2.52-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libapparmor-perl\",\"revision\":\"0ubuntu2.6\",\"size\":\"211\",\"source\":\"apparmor\",\"version\":\"2.10.95-0ubuntu2.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 211 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libapparmor-perl", "arch": "amd64", - "source": "apparmor", + "name": "libapparmor-perl", + "revision": "0ubuntu2.6", "size": "211", - "version": "2.10.95-0ubuntu2.6", - "revision": "0ubuntu2.6" + "source": "apparmor", + "version": "2.10.95-0ubuntu2.6" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libapparmor-perl\",\"revision\":\"0ubuntu2.6\",\"size\":\"211\",\"source\":\"apparmor\",\"version\":\"2.10.95-0ubuntu2.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libapparmor1\",\"revision\":\"0ubuntu2.6\",\"size\":\"126\",\"source\":\"apparmor\",\"version\":\"2.10.95-0ubuntu2.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 126 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libapparmor1", "arch": "amd64", - "source": "apparmor", + "name": "libapparmor1", + "revision": "0ubuntu2.6", "size": "126", - "version": "2.10.95-0ubuntu2.6", - "revision": "0ubuntu2.6" + "source": "apparmor", + "version": "2.10.95-0ubuntu2.6" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libapparmor1\",\"revision\":\"0ubuntu2.6\",\"size\":\"126\",\"source\":\"apparmor\",\"version\":\"2.10.95-0ubuntu2.6\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libapt-inst2.0\",\"revision\":\"\",\"size\":\"463\",\"source\":\"apt\",\"version\":\"1.2.24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 463 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libapt-inst2.0", "arch": "amd64", - "source": "apt", + "name": "libapt-inst2.0", "size": "463", + "source": "apt", "version": "1.2.24" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libapt-inst2.0\",\"revision\":\"\",\"size\":\"463\",\"source\":\"apt\",\"version\":\"1.2.24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libapt-pkg5.0\",\"revision\":\"\",\"size\":\"2792\",\"source\":\"apt\",\"version\":\"1.2.24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 2792 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libapt-pkg5.0", "arch": "amd64", - "source": "apt", + "name": "libapt-pkg5.0", "size": "2792", + "source": "apt", "version": "1.2.24" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libapt-pkg5.0\",\"revision\":\"\",\"size\":\"2792\",\"source\":\"apt\",\"version\":\"1.2.24\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libasn1-8-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"782\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 782 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libasn1-8-heimdal", "arch": "amd64", - "source": "heimdal", + "name": "libasn1-8-heimdal", + "revision": "4ubuntu1.16.04.1", "size": "782", - "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1", - "revision": "4ubuntu1.16.04.1" + "source": "heimdal", + "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libasn1-8-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"782\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libasound2\",\"revision\":\"0ubuntu1\",\"size\":\"1198\",\"source\":\"alsa-lib\",\"version\":\"1.1.0-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1198 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libasound2", "arch": "amd64", - "source": "alsa-lib", + "name": "libasound2", + "revision": "0ubuntu1", "size": "1198", - "version": "1.1.0-0ubuntu1", - "revision": "0ubuntu1" + "source": "alsa-lib", + "version": "1.1.0-0ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libasound2\",\"revision\":\"0ubuntu1\",\"size\":\"1198\",\"source\":\"alsa-lib\",\"version\":\"1.1.0-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libasound2-data\",\"revision\":\"0ubuntu1\",\"size\":\"372\",\"source\":\"alsa-lib\",\"version\":\"1.1.0-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 372 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libasound2-data", "arch": "all", - "source": "alsa-lib", + "name": "libasound2-data", + "revision": "0ubuntu1", "size": "372", - "version": "1.1.0-0ubuntu1", - "revision": "0ubuntu1" + "source": "alsa-lib", + "version": "1.1.0-0ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libasound2-data\",\"revision\":\"0ubuntu1\",\"size\":\"372\",\"source\":\"alsa-lib\",\"version\":\"1.1.0-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libasprintf0v5\",\"revision\":\"2ubuntu3\",\"size\":\"47\",\"source\":\"gettext\",\"version\":\"0.19.7-2ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 47 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libasprintf0v5", "arch": "amd64", - "source": "gettext", + "name": "libasprintf0v5", + "revision": "2ubuntu3", "size": "47", - "version": "0.19.7-2ubuntu3", - "revision": "2ubuntu3" + "source": "gettext", + "version": "0.19.7-2ubuntu3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libasprintf0v5\",\"revision\":\"2ubuntu3\",\"size\":\"47\",\"source\":\"gettext\",\"version\":\"0.19.7-2ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libasyncns0\",\"revision\":\"5build1\",\"size\":\"59\",\"source\":\"libasyncns\",\"version\":\"0.8-5build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 59 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libasyncns0", "arch": "amd64", - "source": "libasyncns", + "name": "libasyncns0", + "revision": "5build1", "size": "59", - "version": "0.8-5build1", - "revision": "5build1" + "source": "libasyncns", + "version": "0.8-5build1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libasyncns0\",\"revision\":\"5build1\",\"size\":\"59\",\"source\":\"libasyncns\",\"version\":\"0.8-5build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libatk1.0-0\",\"revision\":\"1\",\"size\":\"223\",\"source\":\"atk1.0\",\"version\":\"2.18.0-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 223 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libatk1.0-0", "arch": "amd64", - "source": "atk1.0", + "name": "libatk1.0-0", + "revision": "1", "size": "223", - "version": "2.18.0-1", - "revision": "1" + "source": "atk1.0", + "version": "2.18.0-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libatk1.0-0\",\"revision\":\"1\",\"size\":\"223\",\"source\":\"atk1.0\",\"version\":\"2.18.0-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libatk1.0-data\",\"revision\":\"1\",\"size\":\"96\",\"source\":\"atk1.0\",\"version\":\"2.18.0-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 96 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libatk1.0-data", "arch": "all", - "source": "atk1.0", + "name": "libatk1.0-data", + "revision": "1", "size": "96", - "version": "2.18.0-1", - "revision": "1" + "source": "atk1.0", + "version": "2.18.0-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libatk1.0-data\",\"revision\":\"1\",\"size\":\"96\",\"source\":\"atk1.0\",\"version\":\"2.18.0-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libatm1\",\"revision\":\"1.5\",\"size\":\"123\",\"source\":\"linux-atm\",\"version\":\"1:2.5.1-1.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 123 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libatm1", "arch": "amd64", - "source": "linux-atm", + "name": "libatm1", + "revision": "1.5", "size": "123", - "version": "1:2.5.1-1.5", - "revision": "1.5" + "source": "linux-atm", + "version": "1:2.5.1-1.5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libatm1\",\"revision\":\"1.5\",\"size\":\"123\",\"source\":\"linux-atm\",\"version\":\"1:2.5.1-1.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libattr1\",\"revision\":\"2\",\"size\":\"56\",\"source\":\"attr\",\"version\":\"1:2.4.47-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 56 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libattr1", "arch": "amd64", - "source": "attr", + "name": "libattr1", + "revision": "2", "size": "56", - "version": "1:2.4.47-2", - "revision": "2" + "source": "attr", + "version": "1:2.4.47-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libattr1\",\"revision\":\"2\",\"size\":\"56\",\"source\":\"attr\",\"version\":\"1:2.4.47-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libaudit-common\",\"revision\":\"1ubuntu2\",\"size\":\"21\",\"source\":\"audit\",\"version\":\"1:2.4.5-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 21 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libaudit-common", "arch": "all", - "source": "audit", + "name": "libaudit-common", + "revision": "1ubuntu2", "size": "21", - "version": "1:2.4.5-1ubuntu2", - "revision": "1ubuntu2" + "source": "audit", + "version": "1:2.4.5-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libaudit-common\",\"revision\":\"1ubuntu2\",\"size\":\"21\",\"source\":\"audit\",\"version\":\"1:2.4.5-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libaudit1\",\"revision\":\"1ubuntu2\",\"size\":\"138\",\"source\":\"audit\",\"version\":\"1:2.4.5-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 138 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libaudit1", "arch": "amd64", - "source": "audit", + "name": "libaudit1", + "revision": "1ubuntu2", "size": "138", - "version": "1:2.4.5-1ubuntu2", - "revision": "1ubuntu2" + "source": "audit", + "version": "1:2.4.5-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libaudit1\",\"revision\":\"1ubuntu2\",\"size\":\"138\",\"source\":\"audit\",\"version\":\"1:2.4.5-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libavahi-client3\",\"revision\":\"1ubuntu2\",\"size\":\"121\",\"source\":\"avahi\",\"version\":\"0.6.32~rc+dfsg-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 121 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libavahi-client3", "arch": "amd64", - "source": "avahi", + "name": "libavahi-client3", + "revision": "1ubuntu2", "size": "121", - "version": "0.6.32~rc+dfsg-1ubuntu2", - "revision": "1ubuntu2" + "source": "avahi", + "version": "0.6.32~rc+dfsg-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libavahi-client3\",\"revision\":\"1ubuntu2\",\"size\":\"121\",\"source\":\"avahi\",\"version\":\"0.6.32~rc+dfsg-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libavahi-common-data\",\"revision\":\"1ubuntu2\",\"size\":\"116\",\"source\":\"avahi\",\"version\":\"0.6.32~rc+dfsg-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 116 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libavahi-common-data", "arch": "amd64", - "source": "avahi", + "name": "libavahi-common-data", + "revision": "1ubuntu2", "size": "116", - "version": "0.6.32~rc+dfsg-1ubuntu2", - "revision": "1ubuntu2" + "source": "avahi", + "version": "0.6.32~rc+dfsg-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libavahi-common-data\",\"revision\":\"1ubuntu2\",\"size\":\"116\",\"source\":\"avahi\",\"version\":\"0.6.32~rc+dfsg-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libavahi-common3\",\"revision\":\"1ubuntu2\",\"size\":\"102\",\"source\":\"avahi\",\"version\":\"0.6.32~rc+dfsg-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 102 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libavahi-common3", "arch": "amd64", - "source": "avahi", + "name": "libavahi-common3", + "revision": "1ubuntu2", "size": "102", - "version": "0.6.32~rc+dfsg-1ubuntu2", - "revision": "1ubuntu2" + "source": "avahi", + "version": "0.6.32~rc+dfsg-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libavahi-common3\",\"revision\":\"1ubuntu2\",\"size\":\"102\",\"source\":\"avahi\",\"version\":\"0.6.32~rc+dfsg-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libbind9-140\",\"revision\":\"8ubuntu1.8\",\"size\":\"97\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 97 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libbind9-140", "arch": "amd64", - "source": "bind9", + "name": "libbind9-140", + "revision": "8ubuntu1.8", "size": "97", - "version": "1:9.10.3.dfsg.P4-8ubuntu1.8", - "revision": "8ubuntu1.8" + "source": "bind9", + "version": "1:9.10.3.dfsg.P4-8ubuntu1.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "ubuntu" + } + }, + { + "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libbind9-140\",\"revision\":\"8ubuntu1.8\",\"size\":\"97\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libblkid1\",\"revision\":\"6ubuntu3.3\",\"size\":\"357\",\"source\":\"util-linux\",\"version\":\"2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-07T17:57:33.000Z", "file": { "size": 357 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libblkid1", "arch": "amd64", - "source": "util-linux", + "name": "libblkid1", + "revision": "6ubuntu3.3", "size": "357", - "version": "2.27.1-6ubuntu3.3", - "revision": "6ubuntu3.3" + "source": "util-linux", + "version": "2.27.1-6ubuntu3.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libblkid1\",\"revision\":\"6ubuntu3.3\",\"size\":\"357\",\"source\":\"util-linux\",\"version\":\"2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libbsd0\",\"revision\":\"1\",\"size\":\"159\",\"source\":\"libbsd\",\"version\":\"0.8.2-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 159 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libbsd0", "arch": "amd64", - "source": "libbsd", + "name": "libbsd0", + "revision": "1", "size": "159", - "version": "0.8.2-1", - "revision": "1" + "source": "libbsd", + "version": "0.8.2-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libbsd0\",\"revision\":\"1\",\"size\":\"159\",\"source\":\"libbsd\",\"version\":\"0.8.2-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libbz2-1.0\",\"revision\":\"8\",\"size\":\"109\",\"source\":\"bzip2\",\"version\":\"1.0.6-8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 109 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libbz2-1.0", "arch": "amd64", - "source": "bzip2", + "name": "libbz2-1.0", + "revision": "8", "size": "109", - "version": "1.0.6-8", - "revision": "8" + "source": "bzip2", + "version": "1.0.6-8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libbz2-1.0\",\"revision\":\"8\",\"size\":\"109\",\"source\":\"bzip2\",\"version\":\"1.0.6-8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libc-bin\",\"revision\":\"0ubuntu9\",\"size\":\"3478\",\"source\":\"glibc\",\"version\":\"2.23-0ubuntu9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 3478 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libc-bin", "arch": "amd64", - "source": "glibc", + "name": "libc-bin", + "revision": "0ubuntu9", "size": "3478", - "version": "2.23-0ubuntu9", - "revision": "0ubuntu9" + "source": "glibc", + "version": "2.23-0ubuntu9" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libc-bin\",\"revision\":\"0ubuntu9\",\"size\":\"3478\",\"source\":\"glibc\",\"version\":\"2.23-0ubuntu9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libc6\",\"revision\":\"0ubuntu9\",\"size\":\"10952\",\"source\":\"glibc\",\"version\":\"2.23-0ubuntu9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 10952 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libc6", "arch": "amd64", - "source": "glibc", + "name": "libc6", + "revision": "0ubuntu9", "size": "10952", - "version": "2.23-0ubuntu9", - "revision": "0ubuntu9" + "source": "glibc", + "version": "2.23-0ubuntu9" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libc6\",\"revision\":\"0ubuntu9\",\"size\":\"10952\",\"source\":\"glibc\",\"version\":\"2.23-0ubuntu9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcairo2\",\"revision\":\"1\",\"size\":\"1266\",\"source\":\"cairo\",\"version\":\"1.14.6-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1266 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libcairo2", "arch": "amd64", - "source": "cairo", + "name": "libcairo2", + "revision": "1", "size": "1266", - "version": "1.14.6-1", - "revision": "1" + "source": "cairo", + "version": "1.14.6-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcairo2\",\"revision\":\"1\",\"size\":\"1266\",\"source\":\"cairo\",\"version\":\"1.14.6-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcap-ng0\",\"revision\":\"1\",\"size\":\"35\",\"source\":\"libcap-ng\",\"version\":\"0.7.7-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 35 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libcap-ng0", "arch": "amd64", - "source": "libcap-ng", + "name": "libcap-ng0", + "revision": "1", "size": "35", - "version": "0.7.7-1", - "revision": "1" + "source": "libcap-ng", + "version": "0.7.7-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcap-ng0\",\"revision\":\"1\",\"size\":\"35\",\"source\":\"libcap-ng\",\"version\":\"0.7.7-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcap2\",\"revision\":\"12\",\"size\":\"46\",\"source\":\"\",\"version\":\"1:2.24-12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 46 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libcap2", "arch": "amd64", + "name": "libcap2", + "revision": "12", "size": "46", - "version": "1:2.24-12", - "revision": "12" + "version": "1:2.24-12" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcap2\",\"revision\":\"12\",\"size\":\"46\",\"source\":\"\",\"version\":\"1:2.24-12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcap2-bin\",\"revision\":\"12\",\"size\":\"85\",\"source\":\"libcap2\",\"version\":\"1:2.24-12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 85 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libcap2-bin", "arch": "amd64", - "source": "libcap2", + "name": "libcap2-bin", + "revision": "12", "size": "85", - "version": "1:2.24-12", - "revision": "12" + "source": "libcap2", + "version": "1:2.24-12" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcap2-bin\",\"revision\":\"12\",\"size\":\"85\",\"source\":\"libcap2\",\"version\":\"1:2.24-12\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcomerr2\",\"revision\":\"1ubuntu1\",\"size\":\"86\",\"source\":\"e2fsprogs\",\"version\":\"1.42.13-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 86 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libcomerr2", "arch": "amd64", - "source": "e2fsprogs", + "name": "libcomerr2", + "revision": "1ubuntu1", "size": "86", - "version": "1.42.13-1ubuntu1", - "revision": "1ubuntu1" + "source": "e2fsprogs", + "version": "1.42.13-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcomerr2\",\"revision\":\"1ubuntu1\",\"size\":\"86\",\"source\":\"e2fsprogs\",\"version\":\"1.42.13-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcryptsetup4\",\"revision\":\"5ubuntu2\",\"size\":\"219\",\"source\":\"cryptsetup\",\"version\":\"2:1.6.6-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 219 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libcryptsetup4", "arch": "amd64", - "source": "cryptsetup", + "name": "libcryptsetup4", + "revision": "5ubuntu2", "size": "219", - "version": "2:1.6.6-5ubuntu2", - "revision": "5ubuntu2" + "source": "cryptsetup", + "version": "2:1.6.6-5ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcryptsetup4\",\"revision\":\"5ubuntu2\",\"size\":\"219\",\"source\":\"cryptsetup\",\"version\":\"2:1.6.6-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcups2\",\"revision\":\"4ubuntu0.3\",\"size\":\"652\",\"source\":\"cups\",\"version\":\"2.1.3-4ubuntu0.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 652 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libcups2", "arch": "amd64", - "source": "cups", + "name": "libcups2", + "revision": "4ubuntu0.3", "size": "652", - "version": "2.1.3-4ubuntu0.3", - "revision": "4ubuntu0.3" + "source": "cups", + "version": "2.1.3-4ubuntu0.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcups2\",\"revision\":\"4ubuntu0.3\",\"size\":\"652\",\"source\":\"cups\",\"version\":\"2.1.3-4ubuntu0.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcurl3-gnutls\",\"revision\":\"1ubuntu2.5\",\"size\":\"543\",\"source\":\"curl\",\"version\":\"7.47.0-1ubuntu2.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 543 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libcurl3-gnutls", "arch": "amd64", - "source": "curl", + "name": "libcurl3-gnutls", + "revision": "1ubuntu2.5", "size": "543", - "version": "7.47.0-1ubuntu2.5", - "revision": "1ubuntu2.5" + "source": "curl", + "version": "7.47.0-1ubuntu2.5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libcurl3-gnutls\",\"revision\":\"1ubuntu2.5\",\"size\":\"543\",\"source\":\"curl\",\"version\":\"7.47.0-1ubuntu2.5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdatrie1\",\"revision\":\"2\",\"size\":\"56\",\"source\":\"libdatrie\",\"version\":\"0.2.10-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 56 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdatrie1", "arch": "amd64", - "source": "libdatrie", + "name": "libdatrie1", + "revision": "2", "size": "56", - "version": "0.2.10-2", - "revision": "2" + "source": "libdatrie", + "version": "0.2.10-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdatrie1\",\"revision\":\"2\",\"size\":\"56\",\"source\":\"libdatrie\",\"version\":\"0.2.10-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdb5.3\",\"revision\":\"11ubuntu0.1\",\"size\":\"1745\",\"source\":\"db5.3\",\"version\":\"5.3.28-11ubuntu0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1745 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdb5.3", "arch": "amd64", - "source": "db5.3", + "name": "libdb5.3", + "revision": "11ubuntu0.1", "size": "1745", - "version": "5.3.28-11ubuntu0.1", - "revision": "11ubuntu0.1" + "source": "db5.3", + "version": "5.3.28-11ubuntu0.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdb5.3\",\"revision\":\"11ubuntu0.1\",\"size\":\"1745\",\"source\":\"db5.3\",\"version\":\"5.3.28-11ubuntu0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdbus-1-3\",\"revision\":\"1ubuntu3.3\",\"size\":\"436\",\"source\":\"dbus\",\"version\":\"1.10.6-1ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 436 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdbus-1-3", "arch": "amd64", - "source": "dbus", + "name": "libdbus-1-3", + "revision": "1ubuntu3.3", "size": "436", - "version": "1.10.6-1ubuntu3.3", - "revision": "1ubuntu3.3" + "source": "dbus", + "version": "1.10.6-1ubuntu3.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdbus-1-3\",\"revision\":\"1ubuntu3.3\",\"size\":\"436\",\"source\":\"dbus\",\"version\":\"1.10.6-1ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdbus-glib-1-2\",\"revision\":\"1\",\"size\":\"211\",\"source\":\"dbus-glib\",\"version\":\"0.106-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 211 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdbus-glib-1-2", "arch": "amd64", - "source": "dbus-glib", + "name": "libdbus-glib-1-2", + "revision": "1", "size": "211", - "version": "0.106-1", - "revision": "1" + "source": "dbus-glib", + "version": "0.106-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdbus-glib-1-2\",\"revision\":\"1\",\"size\":\"211\",\"source\":\"dbus-glib\",\"version\":\"0.106-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdebconfclient0\",\"revision\":\"\",\"size\":\"67\",\"source\":\"cdebconf\",\"version\":\"0.198ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 67 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdebconfclient0", "arch": "amd64", - "source": "cdebconf", + "name": "libdebconfclient0", "size": "67", + "source": "cdebconf", "version": "0.198ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdebconfclient0\",\"revision\":\"\",\"size\":\"67\",\"source\":\"cdebconf\",\"version\":\"0.198ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdevmapper-event1.02.1\",\"revision\":\"1ubuntu10\",\"size\":\"79\",\"source\":\"lvm2 (2.02.133-1ubuntu10)\",\"version\":\"2:1.02.110-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 79 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdevmapper-event1.02.1", "arch": "amd64", - "source": "lvm2 (2.02.133-1ubuntu10)", + "name": "libdevmapper-event1.02.1", + "revision": "1ubuntu10", "size": "79", - "version": "2:1.02.110-1ubuntu10", - "revision": "1ubuntu10" + "source": "lvm2 (2.02.133-1ubuntu10)", + "version": "2:1.02.110-1ubuntu10" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdevmapper-event1.02.1\",\"revision\":\"1ubuntu10\",\"size\":\"79\",\"source\":\"lvm2 (2.02.133-1ubuntu10)\",\"version\":\"2:1.02.110-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdevmapper1.02.1\",\"revision\":\"1ubuntu10\",\"size\":\"425\",\"source\":\"lvm2 (2.02.133-1ubuntu10)\",\"version\":\"2:1.02.110-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 425 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdevmapper1.02.1", "arch": "amd64", - "source": "lvm2 (2.02.133-1ubuntu10)", + "name": "libdevmapper1.02.1", + "revision": "1ubuntu10", "size": "425", - "version": "2:1.02.110-1ubuntu10", - "revision": "1ubuntu10" + "source": "lvm2 (2.02.133-1ubuntu10)", + "version": "2:1.02.110-1ubuntu10" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdevmapper1.02.1\",\"revision\":\"1ubuntu10\",\"size\":\"425\",\"source\":\"lvm2 (2.02.133-1ubuntu10)\",\"version\":\"2:1.02.110-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdns-export162\",\"revision\":\"8ubuntu1.8\",\"size\":\"1931\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1931 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdns-export162", "arch": "amd64", - "source": "bind9", + "name": "libdns-export162", + "revision": "8ubuntu1.8", "size": "1931", - "version": "1:9.10.3.dfsg.P4-8ubuntu1.8", - "revision": "8ubuntu1.8" + "source": "bind9", + "version": "1:9.10.3.dfsg.P4-8ubuntu1.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdns-export162\",\"revision\":\"8ubuntu1.8\",\"size\":\"1931\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdns162\",\"revision\":\"8ubuntu1.8\",\"size\":\"4052\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 4052 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdns162", "arch": "amd64", - "source": "bind9", + "name": "libdns162", + "revision": "8ubuntu1.8", "size": "4052", - "version": "1:9.10.3.dfsg.P4-8ubuntu1.8", - "revision": "8ubuntu1.8" + "source": "bind9", + "version": "1:9.10.3.dfsg.P4-8ubuntu1.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdns162\",\"revision\":\"8ubuntu1.8\",\"size\":\"4052\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdrm-amdgpu1\",\"revision\":\"1~ubuntu16.04.1\",\"size\":\"77\",\"source\":\"libdrm\",\"version\":\"2.4.76-1~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 77 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdrm-amdgpu1", "arch": "amd64", - "source": "libdrm", + "name": "libdrm-amdgpu1", + "revision": "1~ubuntu16.04.1", "size": "77", - "version": "2.4.76-1~ubuntu16.04.1", - "revision": "1~ubuntu16.04.1" + "source": "libdrm", + "version": "2.4.76-1~ubuntu16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdrm-amdgpu1\",\"revision\":\"1~ubuntu16.04.1\",\"size\":\"77\",\"source\":\"libdrm\",\"version\":\"2.4.76-1~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdrm-intel1\",\"revision\":\"1~ubuntu16.04.1\",\"size\":\"181\",\"source\":\"libdrm\",\"version\":\"2.4.76-1~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 181 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdrm-intel1", "arch": "amd64", - "source": "libdrm", + "name": "libdrm-intel1", + "revision": "1~ubuntu16.04.1", "size": "181", - "version": "2.4.76-1~ubuntu16.04.1", - "revision": "1~ubuntu16.04.1" + "source": "libdrm", + "version": "2.4.76-1~ubuntu16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdrm-intel1\",\"revision\":\"1~ubuntu16.04.1\",\"size\":\"181\",\"source\":\"libdrm\",\"version\":\"2.4.76-1~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdrm-nouveau2\",\"revision\":\"1~ubuntu16.04.1\",\"size\":\"72\",\"source\":\"libdrm\",\"version\":\"2.4.76-1~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 72 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdrm-nouveau2", "arch": "amd64", - "source": "libdrm", + "name": "libdrm-nouveau2", + "revision": "1~ubuntu16.04.1", "size": "72", - "version": "2.4.76-1~ubuntu16.04.1", - "revision": "1~ubuntu16.04.1" + "source": "libdrm", + "version": "2.4.76-1~ubuntu16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdrm-nouveau2\",\"revision\":\"1~ubuntu16.04.1\",\"size\":\"72\",\"source\":\"libdrm\",\"version\":\"2.4.76-1~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdrm-radeon1\",\"revision\":\"1~ubuntu16.04.1\",\"size\":\"85\",\"source\":\"libdrm\",\"version\":\"2.4.76-1~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 85 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdrm-radeon1", "arch": "amd64", - "source": "libdrm", + "name": "libdrm-radeon1", + "revision": "1~ubuntu16.04.1", "size": "85", - "version": "2.4.76-1~ubuntu16.04.1", - "revision": "1~ubuntu16.04.1" + "source": "libdrm", + "version": "2.4.76-1~ubuntu16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdrm-radeon1\",\"revision\":\"1~ubuntu16.04.1\",\"size\":\"85\",\"source\":\"libdrm\",\"version\":\"2.4.76-1~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdrm2\",\"revision\":\"1~ubuntu16.04.1\",\"size\":\"109\",\"source\":\"libdrm\",\"version\":\"2.4.76-1~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 109 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdrm2", "arch": "amd64", - "source": "libdrm", + "name": "libdrm2", + "revision": "1~ubuntu16.04.1", "size": "109", - "version": "2.4.76-1~ubuntu16.04.1", - "revision": "1~ubuntu16.04.1" + "source": "libdrm", + "version": "2.4.76-1~ubuntu16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdrm2\",\"revision\":\"1~ubuntu16.04.1\",\"size\":\"109\",\"source\":\"libdrm\",\"version\":\"2.4.76-1~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdumbnet1\",\"revision\":\"7\",\"size\":\"89\",\"source\":\"libdumbnet\",\"version\":\"1.12-7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 89 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libdumbnet1", "arch": "amd64", - "source": "libdumbnet", + "name": "libdumbnet1", + "revision": "7", "size": "89", - "version": "1.12-7", - "revision": "7" + "source": "libdumbnet", + "version": "1.12-7" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libdumbnet1\",\"revision\":\"7\",\"size\":\"89\",\"source\":\"libdumbnet\",\"version\":\"1.12-7\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libeatmydata1\",\"revision\":\"3\",\"size\":\"32\",\"source\":\"libeatmydata\",\"version\":\"105-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 32 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libeatmydata1", "arch": "amd64", - "source": "libeatmydata", + "name": "libeatmydata1", + "revision": "3", "size": "32", - "version": "105-3", - "revision": "3" + "source": "libeatmydata", + "version": "105-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libeatmydata1\",\"revision\":\"3\",\"size\":\"32\",\"source\":\"libeatmydata\",\"version\":\"105-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libedit2\",\"revision\":\"1ubuntu2\",\"size\":\"245\",\"source\":\"libedit\",\"version\":\"3.1-20150325-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 245 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libedit2", "arch": "amd64", - "source": "libedit", + "name": "libedit2", + "revision": "1ubuntu2", "size": "245", - "version": "3.1-20150325-1ubuntu2", - "revision": "1ubuntu2" + "source": "libedit", + "version": "3.1-20150325-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libedit2\",\"revision\":\"1ubuntu2\",\"size\":\"245\",\"source\":\"libedit\",\"version\":\"3.1-20150325-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libelf1\",\"revision\":\"3ubuntu1\",\"size\":\"172\",\"source\":\"elfutils\",\"version\":\"0.165-3ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 172 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libelf1", "arch": "amd64", - "source": "elfutils", + "name": "libelf1", + "revision": "3ubuntu1", "size": "172", - "version": "0.165-3ubuntu1", - "revision": "3ubuntu1" + "source": "elfutils", + "version": "0.165-3ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libelf1\",\"revision\":\"3ubuntu1\",\"size\":\"172\",\"source\":\"elfutils\",\"version\":\"0.165-3ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"liberror-perl\",\"revision\":\"1.2\",\"size\":\"54\",\"source\":\"\",\"version\":\"0.17-1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 54 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "liberror-perl", "arch": "all", + "name": "liberror-perl", + "revision": "1.2", "size": "54", - "version": "0.17-1.2", - "revision": "1.2" + "version": "0.17-1.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"liberror-perl\",\"revision\":\"1.2\",\"size\":\"54\",\"source\":\"\",\"version\":\"0.17-1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libestr0\",\"revision\":\"1\",\"size\":\"49\",\"source\":\"libestr\",\"version\":\"0.1.10-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 49 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libestr0", "arch": "amd64", - "source": "libestr", + "name": "libestr0", + "revision": "1", "size": "49", - "version": "0.1.10-1", - "revision": "1" + "source": "libestr", + "version": "0.1.10-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libestr0\",\"revision\":\"1\",\"size\":\"49\",\"source\":\"libestr\",\"version\":\"0.1.10-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libevent-2.0-5\",\"revision\":\"2ubuntu0.16.04.1\",\"size\":\"299\",\"source\":\"libevent\",\"version\":\"2.0.21-stable-2ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 299 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libevent-2.0-5", "arch": "amd64", - "source": "libevent", + "name": "libevent-2.0-5", + "revision": "2ubuntu0.16.04.1", "size": "299", - "version": "2.0.21-stable-2ubuntu0.16.04.1", - "revision": "2ubuntu0.16.04.1" + "source": "libevent", + "version": "2.0.21-stable-2ubuntu0.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libevent-2.0-5\",\"revision\":\"2ubuntu0.16.04.1\",\"size\":\"299\",\"source\":\"libevent\",\"version\":\"2.0.21-stable-2ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libexpat1\",\"revision\":\"7ubuntu0.16.04.3\",\"size\":\"364\",\"source\":\"expat\",\"version\":\"2.1.0-7ubuntu0.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 364 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libexpat1", "arch": "amd64", - "source": "expat", + "name": "libexpat1", + "revision": "7ubuntu0.16.04.3", "size": "364", - "version": "2.1.0-7ubuntu0.16.04.3", - "revision": "7ubuntu0.16.04.3" + "source": "expat", + "version": "2.1.0-7ubuntu0.16.04.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libexpat1\",\"revision\":\"7ubuntu0.16.04.3\",\"size\":\"364\",\"source\":\"expat\",\"version\":\"2.1.0-7ubuntu0.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libfdisk1\",\"revision\":\"6ubuntu3.3\",\"size\":\"449\",\"source\":\"util-linux\",\"version\":\"2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 449 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libfdisk1", "arch": "amd64", - "source": "util-linux", + "name": "libfdisk1", + "revision": "6ubuntu3.3", "size": "449", - "version": "2.27.1-6ubuntu3.3", - "revision": "6ubuntu3.3" + "source": "util-linux", + "version": "2.27.1-6ubuntu3.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libfdisk1\",\"revision\":\"6ubuntu3.3\",\"size\":\"449\",\"source\":\"util-linux\",\"version\":\"2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libffi6\",\"revision\":\"4\",\"size\":\"52\",\"source\":\"libffi\",\"version\":\"3.2.1-4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 52 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libffi6", "arch": "amd64", - "source": "libffi", + "name": "libffi6", + "revision": "4", "size": "52", - "version": "3.2.1-4", - "revision": "4" + "source": "libffi", + "version": "3.2.1-4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libffi6\",\"revision\":\"4\",\"size\":\"52\",\"source\":\"libffi\",\"version\":\"3.2.1-4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libflac8\",\"revision\":\"4\",\"size\":\"513\",\"source\":\"flac\",\"version\":\"1.3.1-4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 513 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libflac8", "arch": "amd64", - "source": "flac", + "name": "libflac8", + "revision": "4", "size": "513", - "version": "1.3.1-4", - "revision": "4" + "source": "flac", + "version": "1.3.1-4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libflac8\",\"revision\":\"4\",\"size\":\"513\",\"source\":\"flac\",\"version\":\"1.3.1-4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libfontconfig1\",\"revision\":\"0ubuntu1.1\",\"size\":\"513\",\"source\":\"fontconfig\",\"version\":\"2.11.94-0ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 513 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libfontconfig1", "arch": "amd64", - "source": "fontconfig", + "name": "libfontconfig1", + "revision": "0ubuntu1.1", "size": "513", - "version": "2.11.94-0ubuntu1.1", - "revision": "0ubuntu1.1" + "source": "fontconfig", + "version": "2.11.94-0ubuntu1.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libfontconfig1\",\"revision\":\"0ubuntu1.1\",\"size\":\"513\",\"source\":\"fontconfig\",\"version\":\"2.11.94-0ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libfreetype6\",\"revision\":\"0.1ubuntu2.3\",\"size\":\"906\",\"source\":\"freetype\",\"version\":\"2.6.1-0.1ubuntu2.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 906 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libfreetype6", "arch": "amd64", - "source": "freetype", + "name": "libfreetype6", + "revision": "0.1ubuntu2.3", "size": "906", - "version": "2.6.1-0.1ubuntu2.3", - "revision": "0.1ubuntu2.3" + "source": "freetype", + "version": "2.6.1-0.1ubuntu2.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libfreetype6\",\"revision\":\"0.1ubuntu2.3\",\"size\":\"906\",\"source\":\"freetype\",\"version\":\"2.6.1-0.1ubuntu2.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libfribidi0\",\"revision\":\"1\",\"size\":\"118\",\"source\":\"fribidi\",\"version\":\"0.19.7-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 118 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libfribidi0", "arch": "amd64", - "source": "fribidi", + "name": "libfribidi0", + "revision": "1", "size": "118", - "version": "0.19.7-1", - "revision": "1" + "source": "fribidi", + "version": "0.19.7-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libfribidi0\",\"revision\":\"1\",\"size\":\"118\",\"source\":\"fribidi\",\"version\":\"0.19.7-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libfuse2\",\"revision\":\"1ubuntu3.1\",\"size\":\"314\",\"source\":\"fuse\",\"version\":\"2.9.4-1ubuntu3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 314 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libfuse2", "arch": "amd64", - "source": "fuse", + "name": "libfuse2", + "revision": "1ubuntu3.1", "size": "314", - "version": "2.9.4-1ubuntu3.1", - "revision": "1ubuntu3.1" + "source": "fuse", + "version": "2.9.4-1ubuntu3.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libfuse2\",\"revision\":\"1ubuntu3.1\",\"size\":\"314\",\"source\":\"fuse\",\"version\":\"2.9.4-1ubuntu3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgcc1\",\"revision\":\"0ubuntu1\",\"size\":\"105\",\"source\":\"gccgo-6 (6.0.1-0ubuntu1)\",\"version\":\"1:6.0.1-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 105 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgcc1", "arch": "amd64", - "source": "gccgo-6 (6.0.1-0ubuntu1)", + "name": "libgcc1", + "revision": "0ubuntu1", "size": "105", - "version": "1:6.0.1-0ubuntu1", - "revision": "0ubuntu1" + "source": "gccgo-6 (6.0.1-0ubuntu1)", + "version": "1:6.0.1-0ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgcc1\",\"revision\":\"0ubuntu1\",\"size\":\"105\",\"source\":\"gccgo-6 (6.0.1-0ubuntu1)\",\"version\":\"1:6.0.1-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgcrypt20\",\"revision\":\"2ubuntu0.3\",\"size\":\"968\",\"source\":\"\",\"version\":\"1.6.5-2ubuntu0.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 968 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgcrypt20", "arch": "amd64", + "name": "libgcrypt20", + "revision": "2ubuntu0.3", "size": "968", - "version": "1.6.5-2ubuntu0.3", - "revision": "2ubuntu0.3" + "version": "1.6.5-2ubuntu0.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgcrypt20\",\"revision\":\"2ubuntu0.3\",\"size\":\"968\",\"source\":\"\",\"version\":\"1.6.5-2ubuntu0.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgdbm3\",\"revision\":\"13.1\",\"size\":\"75\",\"source\":\"gdbm\",\"version\":\"1.8.3-13.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 75 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgdbm3", "arch": "amd64", - "source": "gdbm", + "name": "libgdbm3", + "revision": "13.1", "size": "75", - "version": "1.8.3-13.1", - "revision": "13.1" + "source": "gdbm", + "version": "1.8.3-13.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgdbm3\",\"revision\":\"13.1\",\"size\":\"75\",\"source\":\"gdbm\",\"version\":\"1.8.3-13.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgdk-pixbuf2.0-0\",\"revision\":\"1ubuntu1.3\",\"size\":\"513\",\"source\":\"gdk-pixbuf\",\"version\":\"2.32.2-1ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 513 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgdk-pixbuf2.0-0", "arch": "amd64", - "source": "gdk-pixbuf", + "name": "libgdk-pixbuf2.0-0", + "revision": "1ubuntu1.3", "size": "513", - "version": "2.32.2-1ubuntu1.3", - "revision": "1ubuntu1.3" + "source": "gdk-pixbuf", + "version": "2.32.2-1ubuntu1.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgdk-pixbuf2.0-0\",\"revision\":\"1ubuntu1.3\",\"size\":\"513\",\"source\":\"gdk-pixbuf\",\"version\":\"2.32.2-1ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libgdk-pixbuf2.0-common\",\"revision\":\"1ubuntu1.3\",\"size\":\"64\",\"source\":\"gdk-pixbuf\",\"version\":\"2.32.2-1ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 64 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgdk-pixbuf2.0-common", "arch": "all", - "source": "gdk-pixbuf", + "name": "libgdk-pixbuf2.0-common", + "revision": "1ubuntu1.3", "size": "64", - "version": "2.32.2-1ubuntu1.3", - "revision": "1ubuntu1.3" + "source": "gdk-pixbuf", + "version": "2.32.2-1ubuntu1.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libgdk-pixbuf2.0-common\",\"revision\":\"1ubuntu1.3\",\"size\":\"64\",\"source\":\"gdk-pixbuf\",\"version\":\"2.32.2-1ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgeoip1\",\"revision\":\"1\",\"size\":\"223\",\"source\":\"geoip\",\"version\":\"1.6.9-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 223 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgeoip1", "arch": "amd64", - "source": "geoip", + "name": "libgeoip1", + "revision": "1", "size": "223", - "version": "1.6.9-1", - "revision": "1" + "source": "geoip", + "version": "1.6.9-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgeoip1\",\"revision\":\"1\",\"size\":\"223\",\"source\":\"geoip\",\"version\":\"1.6.9-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgif7\",\"revision\":\"0.3~16.04\",\"size\":\"68\",\"source\":\"giflib\",\"version\":\"5.1.4-0.3~16.04\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 68 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgif7", "arch": "amd64", - "source": "giflib", + "name": "libgif7", + "revision": "0.3~16.04", "size": "68", - "version": "5.1.4-0.3~16.04", - "revision": "0.3~16.04" + "source": "giflib", + "version": "5.1.4-0.3~16.04" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgif7\",\"revision\":\"0.3~16.04\",\"size\":\"68\",\"source\":\"giflib\",\"version\":\"5.1.4-0.3~16.04\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgirepository-1.0-1\",\"revision\":\"3ubuntu1\",\"size\":\"254\",\"source\":\"gobject-introspection\",\"version\":\"1.46.0-3ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 254 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgirepository-1.0-1", "arch": "amd64", - "source": "gobject-introspection", + "name": "libgirepository-1.0-1", + "revision": "3ubuntu1", "size": "254", - "version": "1.46.0-3ubuntu1", - "revision": "3ubuntu1" + "source": "gobject-introspection", + "version": "1.46.0-3ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgirepository-1.0-1\",\"revision\":\"3ubuntu1\",\"size\":\"254\",\"source\":\"gobject-introspection\",\"version\":\"1.46.0-3ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgl1-mesa-dri\",\"revision\":\"0ubuntu0.16.04.2\",\"size\":\"116512\",\"source\":\"mesa\",\"version\":\"17.0.7-0ubuntu0.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 116512 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgl1-mesa-dri", "arch": "amd64", - "source": "mesa", + "name": "libgl1-mesa-dri", + "revision": "0ubuntu0.16.04.2", "size": "116512", - "version": "17.0.7-0ubuntu0.16.04.2", - "revision": "0ubuntu0.16.04.2" + "source": "mesa", + "version": "17.0.7-0ubuntu0.16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgl1-mesa-dri\",\"revision\":\"0ubuntu0.16.04.2\",\"size\":\"116512\",\"source\":\"mesa\",\"version\":\"17.0.7-0ubuntu0.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgl1-mesa-glx\",\"revision\":\"0ubuntu0.16.04.2\",\"size\":\"564\",\"source\":\"mesa\",\"version\":\"17.0.7-0ubuntu0.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 564 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgl1-mesa-glx", "arch": "amd64", - "source": "mesa", + "name": "libgl1-mesa-glx", + "revision": "0ubuntu0.16.04.2", "size": "564", - "version": "17.0.7-0ubuntu0.16.04.2", - "revision": "0ubuntu0.16.04.2" + "source": "mesa", + "version": "17.0.7-0ubuntu0.16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgl1-mesa-glx\",\"revision\":\"0ubuntu0.16.04.2\",\"size\":\"564\",\"source\":\"mesa\",\"version\":\"17.0.7-0ubuntu0.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libglapi-mesa\",\"revision\":\"0ubuntu0.16.04.2\",\"size\":\"253\",\"source\":\"mesa\",\"version\":\"17.0.7-0ubuntu0.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 253 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libglapi-mesa", "arch": "amd64", - "source": "mesa", + "name": "libglapi-mesa", + "revision": "0ubuntu0.16.04.2", "size": "253", - "version": "17.0.7-0ubuntu0.16.04.2", - "revision": "0ubuntu0.16.04.2" + "source": "mesa", + "version": "17.0.7-0ubuntu0.16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libglapi-mesa\",\"revision\":\"0ubuntu0.16.04.2\",\"size\":\"253\",\"source\":\"mesa\",\"version\":\"17.0.7-0ubuntu0.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libglib2.0-0\",\"revision\":\"0ubuntu1\",\"size\":\"3577\",\"source\":\"glib2.0\",\"version\":\"2.48.2-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 3577 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libglib2.0-0", "arch": "amd64", - "source": "glib2.0", + "name": "libglib2.0-0", + "revision": "0ubuntu1", "size": "3577", - "version": "2.48.2-0ubuntu1", - "revision": "0ubuntu1" + "source": "glib2.0", + "version": "2.48.2-0ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libglib2.0-0\",\"revision\":\"0ubuntu1\",\"size\":\"3577\",\"source\":\"glib2.0\",\"version\":\"2.48.2-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libglib2.0-data\",\"revision\":\"0ubuntu1\",\"size\":\"212\",\"source\":\"glib2.0\",\"version\":\"2.48.2-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 212 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libglib2.0-data", "arch": "all", - "source": "glib2.0", + "name": "libglib2.0-data", + "revision": "0ubuntu1", "size": "212", - "version": "2.48.2-0ubuntu1", - "revision": "0ubuntu1" + "source": "glib2.0", + "version": "2.48.2-0ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libglib2.0-data\",\"revision\":\"0ubuntu1\",\"size\":\"212\",\"source\":\"glib2.0\",\"version\":\"2.48.2-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgmp10\",\"revision\":\"2\",\"size\":\"554\",\"source\":\"gmp\",\"version\":\"2:6.1.0+dfsg-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 554 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgmp10", "arch": "amd64", - "source": "gmp", + "name": "libgmp10", + "revision": "2", "size": "554", - "version": "2:6.1.0+dfsg-2", - "revision": "2" + "source": "gmp", + "version": "2:6.1.0+dfsg-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgmp10\",\"revision\":\"2\",\"size\":\"554\",\"source\":\"gmp\",\"version\":\"2:6.1.0+dfsg-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgnutls-openssl27\",\"revision\":\"4ubuntu1.3\",\"size\":\"98\",\"source\":\"gnutls28\",\"version\":\"3.4.10-4ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 98 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgnutls-openssl27", "arch": "amd64", - "source": "gnutls28", + "name": "libgnutls-openssl27", + "revision": "4ubuntu1.3", "size": "98", - "version": "3.4.10-4ubuntu1.3", - "revision": "4ubuntu1.3" + "source": "gnutls28", + "version": "3.4.10-4ubuntu1.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, - "rule": { - "name": "pack_it-compliance_deb_packages" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgnutls-openssl27\",\"revision\":\"4ubuntu1.3\",\"size\":\"98\",\"source\":\"gnutls28\",\"version\":\"3.4.10-4ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" + "rule": { + "name": "pack_it-compliance_deb_packages" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgnutls30\",\"revision\":\"4ubuntu1.3\",\"size\":\"1468\",\"source\":\"gnutls28\",\"version\":\"3.4.10-4ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1468 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgnutls30", "arch": "amd64", - "source": "gnutls28", + "name": "libgnutls30", + "revision": "4ubuntu1.3", "size": "1468", - "version": "3.4.10-4ubuntu1.3", - "revision": "4ubuntu1.3" + "source": "gnutls28", + "version": "3.4.10-4ubuntu1.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgnutls30\",\"revision\":\"4ubuntu1.3\",\"size\":\"1468\",\"source\":\"gnutls28\",\"version\":\"3.4.10-4ubuntu1.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgpg-error0\",\"revision\":\"2ubuntu1\",\"size\":\"156\",\"source\":\"libgpg-error\",\"version\":\"1.21-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 156 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgpg-error0", "arch": "amd64", - "source": "libgpg-error", + "name": "libgpg-error0", + "revision": "2ubuntu1", "size": "156", - "version": "1.21-2ubuntu1", - "revision": "2ubuntu1" + "source": "libgpg-error", + "version": "1.21-2ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgpg-error0\",\"revision\":\"2ubuntu1\",\"size\":\"156\",\"source\":\"libgpg-error\",\"version\":\"1.21-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgpm2\",\"revision\":\"6.1\",\"size\":\"83\",\"source\":\"gpm\",\"version\":\"1.20.4-6.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 83 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgpm2", "arch": "amd64", - "source": "gpm", + "name": "libgpm2", + "revision": "6.1", "size": "83", - "version": "1.20.4-6.1", - "revision": "6.1" + "source": "gpm", + "version": "1.20.4-6.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgpm2\",\"revision\":\"6.1\",\"size\":\"83\",\"source\":\"gpm\",\"version\":\"1.20.4-6.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgraphite2-3\",\"revision\":\"0ubuntu0.16.04.1\",\"size\":\"179\",\"source\":\"graphite2\",\"version\":\"1.3.10-0ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 179 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgraphite2-3", "arch": "amd64", - "source": "graphite2", + "name": "libgraphite2-3", + "revision": "0ubuntu0.16.04.1", "size": "179", - "version": "1.3.10-0ubuntu0.16.04.1", - "revision": "0ubuntu0.16.04.1" + "source": "graphite2", + "version": "1.3.10-0ubuntu0.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgraphite2-3\",\"revision\":\"0ubuntu0.16.04.1\",\"size\":\"179\",\"source\":\"graphite2\",\"version\":\"1.3.10-0ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgssapi-krb5-2\",\"revision\":\"5ubuntu2\",\"size\":\"412\",\"source\":\"krb5\",\"version\":\"1.13.2+dfsg-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 412 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgssapi-krb5-2", "arch": "amd64", - "source": "krb5", + "name": "libgssapi-krb5-2", + "revision": "5ubuntu2", "size": "412", - "version": "1.13.2+dfsg-5ubuntu2", - "revision": "5ubuntu2" + "source": "krb5", + "version": "1.13.2+dfsg-5ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgssapi-krb5-2\",\"revision\":\"5ubuntu2\",\"size\":\"412\",\"source\":\"krb5\",\"version\":\"1.13.2+dfsg-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgssapi3-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"312\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 312 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgssapi3-heimdal", "arch": "amd64", - "source": "heimdal", + "name": "libgssapi3-heimdal", + "revision": "4ubuntu1.16.04.1", "size": "312", - "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1", - "revision": "4ubuntu1.16.04.1" + "source": "heimdal", + "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgssapi3-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"312\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgtk2.0-0\",\"revision\":\"1ubuntu1.16.04.2\",\"size\":\"5742\",\"source\":\"gtk+2.0\",\"version\":\"2.24.30-1ubuntu1.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 5742 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgtk2.0-0", "arch": "amd64", - "source": "gtk+2.0", + "name": "libgtk2.0-0", + "revision": "1ubuntu1.16.04.2", "size": "5742", - "version": "2.24.30-1ubuntu1.16.04.2", - "revision": "1ubuntu1.16.04.2" + "source": "gtk+2.0", + "version": "2.24.30-1ubuntu1.16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgtk2.0-0\",\"revision\":\"1ubuntu1.16.04.2\",\"size\":\"5742\",\"source\":\"gtk+2.0\",\"version\":\"2.24.30-1ubuntu1.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgtk2.0-bin\",\"revision\":\"1ubuntu1.16.04.2\",\"size\":\"80\",\"source\":\"gtk+2.0\",\"version\":\"2.24.30-1ubuntu1.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 80 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgtk2.0-bin", "arch": "amd64", - "source": "gtk+2.0", + "name": "libgtk2.0-bin", + "revision": "1ubuntu1.16.04.2", "size": "80", - "version": "2.24.30-1ubuntu1.16.04.2", - "revision": "1ubuntu1.16.04.2" + "source": "gtk+2.0", + "version": "2.24.30-1ubuntu1.16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libgtk2.0-bin\",\"revision\":\"1ubuntu1.16.04.2\",\"size\":\"80\",\"source\":\"gtk+2.0\",\"version\":\"2.24.30-1ubuntu1.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libgtk2.0-common\",\"revision\":\"1ubuntu1.16.04.2\",\"size\":\"276\",\"source\":\"gtk+2.0\",\"version\":\"2.24.30-1ubuntu1.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 276 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libgtk2.0-common", "arch": "all", - "source": "gtk+2.0", + "name": "libgtk2.0-common", + "revision": "1ubuntu1.16.04.2", "size": "276", - "version": "2.24.30-1ubuntu1.16.04.2", - "revision": "1ubuntu1.16.04.2" + "source": "gtk+2.0", + "version": "2.24.30-1ubuntu1.16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libgtk2.0-common\",\"revision\":\"1ubuntu1.16.04.2\",\"size\":\"276\",\"source\":\"gtk+2.0\",\"version\":\"2.24.30-1ubuntu1.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libharfbuzz0b\",\"revision\":\"1ubuntu0.1\",\"size\":\"404\",\"source\":\"harfbuzz\",\"version\":\"1.0.1-1ubuntu0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 404 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libharfbuzz0b", "arch": "amd64", - "source": "harfbuzz", + "name": "libharfbuzz0b", + "revision": "1ubuntu0.1", "size": "404", - "version": "1.0.1-1ubuntu0.1", - "revision": "1ubuntu0.1" + "source": "harfbuzz", + "version": "1.0.1-1ubuntu0.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libharfbuzz0b\",\"revision\":\"1ubuntu0.1\",\"size\":\"404\",\"source\":\"harfbuzz\",\"version\":\"1.0.1-1ubuntu0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libhcrypto4-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"256\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 256 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libhcrypto4-heimdal", "arch": "amd64", - "source": "heimdal", + "name": "libhcrypto4-heimdal", + "revision": "4ubuntu1.16.04.1", "size": "256", - "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1", - "revision": "4ubuntu1.16.04.1" + "source": "heimdal", + "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libhcrypto4-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"256\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libheimbase1-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"106\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 106 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libheimbase1-heimdal", "arch": "amd64", - "source": "heimdal", + "name": "libheimbase1-heimdal", + "revision": "4ubuntu1.16.04.1", "size": "106", - "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1", - "revision": "4ubuntu1.16.04.1" + "source": "heimdal", + "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libheimbase1-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"106\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libheimntlm0-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"79\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 79 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libheimntlm0-heimdal", "arch": "amd64", - "source": "heimdal", + "name": "libheimntlm0-heimdal", + "revision": "4ubuntu1.16.04.1", "size": "79", - "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1", - "revision": "4ubuntu1.16.04.1" + "source": "heimdal", + "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libheimntlm0-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"79\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libhogweed4\",\"revision\":\"1ubuntu0.16.04.1\",\"size\":\"223\",\"source\":\"nettle\",\"version\":\"3.2-1ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 223 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libhogweed4", "arch": "amd64", - "source": "nettle", + "name": "libhogweed4", + "revision": "1ubuntu0.16.04.1", "size": "223", - "version": "3.2-1ubuntu0.16.04.1", - "revision": "1ubuntu0.16.04.1" + "source": "nettle", + "version": "3.2-1ubuntu0.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libhogweed4\",\"revision\":\"1ubuntu0.16.04.1\",\"size\":\"223\",\"source\":\"nettle\",\"version\":\"3.2-1ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libhx509-5-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"352\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 352 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libhx509-5-heimdal", "arch": "amd64", - "source": "heimdal", + "name": "libhx509-5-heimdal", + "revision": "4ubuntu1.16.04.1", "size": "352", - "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1", - "revision": "4ubuntu1.16.04.1" + "source": "heimdal", + "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libhx509-5-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"352\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libicu55\",\"revision\":\"7ubuntu0.3\",\"size\":\"30094\",\"source\":\"icu\",\"version\":\"55.1-7ubuntu0.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 30094 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libicu55", "arch": "amd64", - "source": "icu", + "name": "libicu55", + "revision": "7ubuntu0.3", "size": "30094", - "version": "55.1-7ubuntu0.3", - "revision": "7ubuntu0.3" + "source": "icu", + "version": "55.1-7ubuntu0.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libicu55\",\"revision\":\"7ubuntu0.3\",\"size\":\"30094\",\"source\":\"icu\",\"version\":\"55.1-7ubuntu0.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libidn11\",\"revision\":\"3ubuntu1.2\",\"size\":\"240\",\"source\":\"libidn\",\"version\":\"1.32-3ubuntu1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 240 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libidn11", "arch": "amd64", - "source": "libidn", + "name": "libidn11", + "revision": "3ubuntu1.2", "size": "240", - "version": "1.32-3ubuntu1.2", - "revision": "3ubuntu1.2" + "source": "libidn", + "version": "1.32-3ubuntu1.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libidn11\",\"revision\":\"3ubuntu1.2\",\"size\":\"240\",\"source\":\"libidn\",\"version\":\"1.32-3ubuntu1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libisc-export160\",\"revision\":\"8ubuntu1.8\",\"size\":\"435\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 435 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libisc-export160", "arch": "amd64", - "source": "bind9", + "name": "libisc-export160", + "revision": "8ubuntu1.8", "size": "435", - "version": "1:9.10.3.dfsg.P4-8ubuntu1.8", - "revision": "8ubuntu1.8" + "source": "bind9", + "version": "1:9.10.3.dfsg.P4-8ubuntu1.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libisc-export160\",\"revision\":\"8ubuntu1.8\",\"size\":\"435\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libisc160\",\"revision\":\"8ubuntu1.8\",\"size\":\"938\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 938 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libisc160", "arch": "amd64", - "source": "bind9", + "name": "libisc160", + "revision": "8ubuntu1.8", "size": "938", - "version": "1:9.10.3.dfsg.P4-8ubuntu1.8", - "revision": "8ubuntu1.8" + "source": "bind9", + "version": "1:9.10.3.dfsg.P4-8ubuntu1.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libisc160\",\"revision\":\"8ubuntu1.8\",\"size\":\"938\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libisccc140\",\"revision\":\"8ubuntu1.8\",\"size\":\"78\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 78 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libisccc140", "arch": "amd64", - "source": "bind9", + "name": "libisccc140", + "revision": "8ubuntu1.8", "size": "78", - "version": "1:9.10.3.dfsg.P4-8ubuntu1.8", - "revision": "8ubuntu1.8" + "source": "bind9", + "version": "1:9.10.3.dfsg.P4-8ubuntu1.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libisccc140\",\"revision\":\"8ubuntu1.8\",\"size\":\"78\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libisccfg140\",\"revision\":\"8ubuntu1.8\",\"size\":\"191\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 191 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libisccfg140", "arch": "amd64", - "source": "bind9", + "name": "libisccfg140", + "revision": "8ubuntu1.8", "size": "191", - "version": "1:9.10.3.dfsg.P4-8ubuntu1.8", - "revision": "8ubuntu1.8" + "source": "bind9", + "version": "1:9.10.3.dfsg.P4-8ubuntu1.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libisccfg140\",\"revision\":\"8ubuntu1.8\",\"size\":\"191\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libjbig0\",\"revision\":\"3.1\",\"size\":\"93\",\"source\":\"jbigkit\",\"version\":\"2.1-3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 93 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libjbig0", "arch": "amd64", - "source": "jbigkit", + "name": "libjbig0", + "revision": "3.1", "size": "93", - "version": "2.1-3.1", - "revision": "3.1" + "source": "jbigkit", + "version": "2.1-3.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libjbig0\",\"revision\":\"3.1\",\"size\":\"93\",\"source\":\"jbigkit\",\"version\":\"2.1-3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libjpeg-turbo8\",\"revision\":\"0ubuntu3\",\"size\":\"386\",\"source\":\"libjpeg-turbo\",\"version\":\"1.4.2-0ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 386 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libjpeg-turbo8", "arch": "amd64", - "source": "libjpeg-turbo", + "name": "libjpeg-turbo8", + "revision": "0ubuntu3", "size": "386", - "version": "1.4.2-0ubuntu3", - "revision": "0ubuntu3" + "source": "libjpeg-turbo", + "version": "1.4.2-0ubuntu3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } - }, - "related": { - "user": [ - "ubuntu" - ], + }, + "related": { "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libjpeg-turbo8\",\"revision\":\"0ubuntu3\",\"size\":\"386\",\"source\":\"libjpeg-turbo\",\"version\":\"1.4.2-0ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libjpeg8\",\"revision\":\"2ubuntu8\",\"size\":\"26\",\"source\":\"libjpeg8-empty\",\"version\":\"8c-2ubuntu8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 26 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libjpeg8", "arch": "amd64", - "source": "libjpeg8-empty", + "name": "libjpeg8", + "revision": "2ubuntu8", "size": "26", - "version": "8c-2ubuntu8", - "revision": "2ubuntu8" + "source": "libjpeg8-empty", + "version": "8c-2ubuntu8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libjpeg8\",\"revision\":\"2ubuntu8\",\"size\":\"26\",\"source\":\"libjpeg8-empty\",\"version\":\"8c-2ubuntu8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libjson-c2\",\"revision\":\"4ubuntu2\",\"size\":\"87\",\"source\":\"json-c\",\"version\":\"0.11-4ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 87 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libjson-c2", "arch": "amd64", - "source": "json-c", + "name": "libjson-c2", + "revision": "4ubuntu2", "size": "87", - "version": "0.11-4ubuntu2", - "revision": "4ubuntu2" + "source": "json-c", + "version": "0.11-4ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libjson-c2\",\"revision\":\"4ubuntu2\",\"size\":\"87\",\"source\":\"json-c\",\"version\":\"0.11-4ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libk5crypto3\",\"revision\":\"5ubuntu2\",\"size\":\"290\",\"source\":\"krb5\",\"version\":\"1.13.2+dfsg-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 290 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libk5crypto3", "arch": "amd64", - "source": "krb5", + "name": "libk5crypto3", + "revision": "5ubuntu2", "size": "290", - "version": "1.13.2+dfsg-5ubuntu2", - "revision": "5ubuntu2" + "source": "krb5", + "version": "1.13.2+dfsg-5ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libk5crypto3\",\"revision\":\"5ubuntu2\",\"size\":\"290\",\"source\":\"krb5\",\"version\":\"1.13.2+dfsg-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libkeyutils1\",\"revision\":\"8ubuntu1\",\"size\":\"36\",\"source\":\"keyutils\",\"version\":\"1.5.9-8ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 36 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libkeyutils1", "arch": "amd64", - "source": "keyutils", + "name": "libkeyutils1", + "revision": "8ubuntu1", "size": "36", - "version": "1.5.9-8ubuntu1", - "revision": "8ubuntu1" + "source": "keyutils", + "version": "1.5.9-8ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libkeyutils1\",\"revision\":\"8ubuntu1\",\"size\":\"36\",\"source\":\"keyutils\",\"version\":\"1.5.9-8ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libklibc\",\"revision\":\"8ubuntu1.16.04.3\",\"size\":\"105\",\"source\":\"klibc\",\"version\":\"2.0.4-8ubuntu1.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 105 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libklibc", "arch": "amd64", - "source": "klibc", + "name": "libklibc", + "revision": "8ubuntu1.16.04.3", "size": "105", - "version": "2.0.4-8ubuntu1.16.04.3", - "revision": "8ubuntu1.16.04.3" + "source": "klibc", + "version": "2.0.4-8ubuntu1.16.04.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libklibc\",\"revision\":\"8ubuntu1.16.04.3\",\"size\":\"105\",\"source\":\"klibc\",\"version\":\"2.0.4-8ubuntu1.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libkmod2\",\"revision\":\"1ubuntu5\",\"size\":\"118\",\"source\":\"kmod\",\"version\":\"22-1ubuntu5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 118 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libkmod2", "arch": "amd64", - "source": "kmod", + "name": "libkmod2", + "revision": "1ubuntu5", "size": "118", - "version": "22-1ubuntu5", - "revision": "1ubuntu5" + "source": "kmod", + "version": "22-1ubuntu5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libkmod2\",\"revision\":\"1ubuntu5\",\"size\":\"118\",\"source\":\"kmod\",\"version\":\"22-1ubuntu5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libkrb5-26-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"633\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 633 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libkrb5-26-heimdal", "arch": "amd64", - "source": "heimdal", + "name": "libkrb5-26-heimdal", + "revision": "4ubuntu1.16.04.1", "size": "633", - "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1", - "revision": "4ubuntu1.16.04.1" + "source": "heimdal", + "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libkrb5-26-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"633\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libkrb5-3\",\"revision\":\"5ubuntu2\",\"size\":\"991\",\"source\":\"krb5\",\"version\":\"1.13.2+dfsg-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 991 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libkrb5-3", "arch": "amd64", - "source": "krb5", + "name": "libkrb5-3", + "revision": "5ubuntu2", "size": "991", - "version": "1.13.2+dfsg-5ubuntu2", - "revision": "5ubuntu2" + "source": "krb5", + "version": "1.13.2+dfsg-5ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libkrb5-3\",\"revision\":\"5ubuntu2\",\"size\":\"991\",\"source\":\"krb5\",\"version\":\"1.13.2+dfsg-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libkrb5support0\",\"revision\":\"5ubuntu2\",\"size\":\"150\",\"source\":\"krb5\",\"version\":\"1.13.2+dfsg-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 150 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libkrb5support0", "arch": "amd64", - "source": "krb5", + "name": "libkrb5support0", + "revision": "5ubuntu2", "size": "150", - "version": "1.13.2+dfsg-5ubuntu2", - "revision": "5ubuntu2" + "source": "krb5", + "version": "1.13.2+dfsg-5ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libkrb5support0\",\"revision\":\"5ubuntu2\",\"size\":\"150\",\"source\":\"krb5\",\"version\":\"1.13.2+dfsg-5ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblcms2-2\",\"revision\":\"3ubuntu2\",\"size\":\"400\",\"source\":\"lcms2\",\"version\":\"2.6-3ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 400 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "liblcms2-2", "arch": "amd64", - "source": "lcms2", + "name": "liblcms2-2", + "revision": "3ubuntu2", "size": "400", - "version": "2.6-3ubuntu2", - "revision": "3ubuntu2" + "source": "lcms2", + "version": "2.6-3ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblcms2-2\",\"revision\":\"3ubuntu2\",\"size\":\"400\",\"source\":\"lcms2\",\"version\":\"2.6-3ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libldap-2.4-2\",\"revision\":\"2ubuntu3.2\",\"size\":\"507\",\"source\":\"openldap\",\"version\":\"2.4.42+dfsg-2ubuntu3.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 507 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libldap-2.4-2", "arch": "amd64", - "source": "openldap", + "name": "libldap-2.4-2", + "revision": "2ubuntu3.2", "size": "507", - "version": "2.4.42+dfsg-2ubuntu3.2", - "revision": "2ubuntu3.2" + "source": "openldap", + "version": "2.4.42+dfsg-2ubuntu3.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, - "rule": { - "name": "pack_it-compliance_deb_packages" - }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libldap-2.4-2\",\"revision\":\"2ubuntu3.2\",\"size\":\"507\",\"source\":\"openldap\",\"version\":\"2.4.42+dfsg-2ubuntu3.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" + "rule": { + "name": "pack_it-compliance_deb_packages" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libllvm4.0\",\"revision\":\"1ubuntu1~16.04.2\",\"size\":\"48144\",\"source\":\"llvm-toolchain-4.0\",\"version\":\"1:4.0-1ubuntu1~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 48144 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libllvm4.0", "arch": "amd64", - "source": "llvm-toolchain-4.0", + "name": "libllvm4.0", + "revision": "1ubuntu1~16.04.2", "size": "48144", - "version": "1:4.0-1ubuntu1~16.04.2", - "revision": "1ubuntu1~16.04.2" + "source": "llvm-toolchain-4.0", + "version": "1:4.0-1ubuntu1~16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libllvm4.0\",\"revision\":\"1ubuntu1~16.04.2\",\"size\":\"48144\",\"source\":\"llvm-toolchain-4.0\",\"version\":\"1:4.0-1ubuntu1~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblocale-gettext-perl\",\"revision\":\"1build1\",\"size\":\"51\",\"source\":\"\",\"version\":\"1.07-1build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 51 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "liblocale-gettext-perl", "arch": "amd64", + "name": "liblocale-gettext-perl", + "revision": "1build1", "size": "51", - "version": "1.07-1build1", - "revision": "1build1" + "version": "1.07-1build1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblocale-gettext-perl\",\"revision\":\"1build1\",\"size\":\"51\",\"source\":\"\",\"version\":\"1.07-1build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblvm2app2.2\",\"revision\":\"1ubuntu10\",\"size\":\"1169\",\"source\":\"lvm2\",\"version\":\"2.02.133-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1169 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "liblvm2app2.2", "arch": "amd64", - "source": "lvm2", + "name": "liblvm2app2.2", + "revision": "1ubuntu10", "size": "1169", - "version": "2.02.133-1ubuntu10", - "revision": "1ubuntu10" + "source": "lvm2", + "version": "2.02.133-1ubuntu10" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblvm2app2.2\",\"revision\":\"1ubuntu10\",\"size\":\"1169\",\"source\":\"lvm2\",\"version\":\"2.02.133-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblvm2cmd2.02\",\"revision\":\"1ubuntu10\",\"size\":\"1562\",\"source\":\"lvm2\",\"version\":\"2.02.133-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1562 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "liblvm2cmd2.02", "arch": "amd64", - "source": "lvm2", + "name": "liblvm2cmd2.02", + "revision": "1ubuntu10", "size": "1562", - "version": "2.02.133-1ubuntu10", - "revision": "1ubuntu10" + "source": "lvm2", + "version": "2.02.133-1ubuntu10" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblvm2cmd2.02\",\"revision\":\"1ubuntu10\",\"size\":\"1562\",\"source\":\"lvm2\",\"version\":\"2.02.133-1ubuntu10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblwres141\",\"revision\":\"8ubuntu1.8\",\"size\":\"114\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 114 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "liblwres141", "arch": "amd64", - "source": "bind9", + "name": "liblwres141", + "revision": "8ubuntu1.8", "size": "114", - "version": "1:9.10.3.dfsg.P4-8ubuntu1.8", - "revision": "8ubuntu1.8" + "source": "bind9", + "version": "1:9.10.3.dfsg.P4-8ubuntu1.8" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblwres141\",\"revision\":\"8ubuntu1.8\",\"size\":\"114\",\"source\":\"bind9\",\"version\":\"1:9.10.3.dfsg.P4-8ubuntu1.8\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblxc1\",\"revision\":\"0ubuntu1~16.04.2\",\"size\":\"666\",\"source\":\"lxc\",\"version\":\"2.0.8-0ubuntu1~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 666 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "liblxc1", "arch": "amd64", - "source": "lxc", + "name": "liblxc1", + "revision": "0ubuntu1~16.04.2", "size": "666", - "version": "2.0.8-0ubuntu1~16.04.2", - "revision": "0ubuntu1~16.04.2" + "source": "lxc", + "version": "2.0.8-0ubuntu1~16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblxc1\",\"revision\":\"0ubuntu1~16.04.2\",\"size\":\"666\",\"source\":\"lxc\",\"version\":\"2.0.8-0ubuntu1~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblz4-1\",\"revision\":\"2ubuntu2\",\"size\":\"116\",\"source\":\"lz4\",\"version\":\"0.0~r131-2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 116 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "liblz4-1", "arch": "amd64", - "source": "lz4", + "name": "liblz4-1", + "revision": "2ubuntu2", "size": "116", - "version": "0.0~r131-2ubuntu2", - "revision": "2ubuntu2" + "source": "lz4", + "version": "0.0~r131-2ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblz4-1\",\"revision\":\"2ubuntu2\",\"size\":\"116\",\"source\":\"lz4\",\"version\":\"0.0~r131-2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblzma5\",\"revision\":\"2ubuntu2\",\"size\":\"305\",\"source\":\"xz-utils\",\"version\":\"5.1.1alpha+20120614-2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 305 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "liblzma5", "arch": "amd64", - "source": "xz-utils", + "name": "liblzma5", + "revision": "2ubuntu2", "size": "305", - "version": "5.1.1alpha+20120614-2ubuntu2", - "revision": "2ubuntu2" + "source": "xz-utils", + "version": "5.1.1alpha+20120614-2ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblzma5\",\"revision\":\"2ubuntu2\",\"size\":\"305\",\"source\":\"xz-utils\",\"version\":\"5.1.1alpha+20120614-2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblzo2-2\",\"revision\":\"1.2\",\"size\":\"180\",\"source\":\"lzo2\",\"version\":\"2.08-1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 180 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "liblzo2-2", "arch": "amd64", - "source": "lzo2", + "name": "liblzo2-2", + "revision": "1.2", "size": "180", - "version": "2.08-1.2", - "revision": "1.2" + "source": "lzo2", + "version": "2.08-1.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"liblzo2-2\",\"revision\":\"1.2\",\"size\":\"180\",\"source\":\"lzo2\",\"version\":\"2.08-1.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmagic1\",\"revision\":\"2ubuntu1\",\"size\":\"3983\",\"source\":\"file\",\"version\":\"1:5.25-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 3983 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libmagic1", "arch": "amd64", - "source": "file", + "name": "libmagic1", + "revision": "2ubuntu1", "size": "3983", - "version": "1:5.25-2ubuntu1", - "revision": "2ubuntu1" + "source": "file", + "version": "1:5.25-2ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmagic1\",\"revision\":\"2ubuntu1\",\"size\":\"3983\",\"source\":\"file\",\"version\":\"1:5.25-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmnl0\",\"revision\":\"5\",\"size\":\"60\",\"source\":\"libmnl\",\"version\":\"1.0.3-5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 60 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libmnl0", "arch": "amd64", - "source": "libmnl", + "name": "libmnl0", + "revision": "5", "size": "60", - "version": "1.0.3-5", - "revision": "5" + "source": "libmnl", + "version": "1.0.3-5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmnl0\",\"revision\":\"5\",\"size\":\"60\",\"source\":\"libmnl\",\"version\":\"1.0.3-5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmount1\",\"revision\":\"6ubuntu3.3\",\"size\":\"384\",\"source\":\"util-linux\",\"version\":\"2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 384 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libmount1", "arch": "amd64", - "source": "util-linux", + "name": "libmount1", + "revision": "6ubuntu3.3", "size": "384", - "version": "2.27.1-6ubuntu3.3", - "revision": "6ubuntu3.3" + "source": "util-linux", + "version": "2.27.1-6ubuntu3.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmount1\",\"revision\":\"6ubuntu3.3\",\"size\":\"384\",\"source\":\"util-linux\",\"version\":\"2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmpdec2\",\"revision\":\"1\",\"size\":\"247\",\"source\":\"mpdecimal\",\"version\":\"2.4.2-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 247 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libmpdec2", "arch": "amd64", - "source": "mpdecimal", + "name": "libmpdec2", + "revision": "1", "size": "247", - "version": "2.4.2-1", - "revision": "1" + "source": "mpdecimal", + "version": "2.4.2-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmpdec2\",\"revision\":\"1\",\"size\":\"247\",\"source\":\"mpdecimal\",\"version\":\"2.4.2-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmpfr4\",\"revision\":\"1\",\"size\":\"812\",\"source\":\"mpfr4\",\"version\":\"3.1.4-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 812 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libmpfr4", "arch": "amd64", - "source": "mpfr4", + "name": "libmpfr4", + "revision": "1", "size": "812", - "version": "3.1.4-1", - "revision": "1" + "source": "mpfr4", + "version": "3.1.4-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmpfr4\",\"revision\":\"1\",\"size\":\"812\",\"source\":\"mpfr4\",\"version\":\"3.1.4-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmspack0\",\"revision\":\"1ubuntu0.16.04.1\",\"size\":\"90\",\"source\":\"libmspack\",\"version\":\"0.5-1ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 90 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libmspack0", "arch": "amd64", - "source": "libmspack", + "name": "libmspack0", + "revision": "1ubuntu0.16.04.1", "size": "90", - "version": "0.5-1ubuntu0.16.04.1", - "revision": "1ubuntu0.16.04.1" + "source": "libmspack", + "version": "0.5-1ubuntu0.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libmspack0\",\"revision\":\"1ubuntu0.16.04.1\",\"size\":\"90\",\"source\":\"libmspack\",\"version\":\"0.5-1ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libncurses5\",\"revision\":\"1ubuntu1\",\"size\":\"281\",\"source\":\"ncurses\",\"version\":\"6.0+20160213-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 281 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libncurses5", "arch": "amd64", - "source": "ncurses", + "name": "libncurses5", + "revision": "1ubuntu1", "size": "281", - "version": "6.0+20160213-1ubuntu1", - "revision": "1ubuntu1" + "source": "ncurses", + "version": "6.0+20160213-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libncurses5\",\"revision\":\"1ubuntu1\",\"size\":\"281\",\"source\":\"ncurses\",\"version\":\"6.0+20160213-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libncursesw5\",\"revision\":\"1ubuntu1\",\"size\":\"345\",\"source\":\"ncurses\",\"version\":\"6.0+20160213-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 345 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libncursesw5", "arch": "amd64", - "source": "ncurses", + "name": "libncursesw5", + "revision": "1ubuntu1", "size": "345", - "version": "6.0+20160213-1ubuntu1", - "revision": "1ubuntu1" + "source": "ncurses", + "version": "6.0+20160213-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libncursesw5\",\"revision\":\"1ubuntu1\",\"size\":\"345\",\"source\":\"ncurses\",\"version\":\"6.0+20160213-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnetfilter-conntrack3\",\"revision\":\"1\",\"size\":\"126\",\"source\":\"libnetfilter-conntrack\",\"version\":\"1.0.5-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 126 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libnetfilter-conntrack3", "arch": "amd64", - "source": "libnetfilter-conntrack", + "name": "libnetfilter-conntrack3", + "revision": "1", "size": "126", - "version": "1.0.5-1", - "revision": "1" + "source": "libnetfilter-conntrack", + "version": "1.0.5-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnetfilter-conntrack3\",\"revision\":\"1\",\"size\":\"126\",\"source\":\"libnetfilter-conntrack\",\"version\":\"1.0.5-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnettle6\",\"revision\":\"1ubuntu0.16.04.1\",\"size\":\"350\",\"source\":\"nettle\",\"version\":\"3.2-1ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 350 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libnettle6", "arch": "amd64", - "source": "nettle", + "name": "libnettle6", + "revision": "1ubuntu0.16.04.1", "size": "350", - "version": "3.2-1ubuntu0.16.04.1", - "revision": "1ubuntu0.16.04.1" + "source": "nettle", + "version": "3.2-1ubuntu0.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnettle6\",\"revision\":\"1ubuntu0.16.04.1\",\"size\":\"350\",\"source\":\"nettle\",\"version\":\"3.2-1ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnewt0.52\",\"revision\":\"1ubuntu2\",\"size\":\"188\",\"source\":\"newt\",\"version\":\"0.52.18-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 188 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libnewt0.52", "arch": "amd64", - "source": "newt", + "name": "libnewt0.52", + "revision": "1ubuntu2", "size": "188", - "version": "0.52.18-1ubuntu2", - "revision": "1ubuntu2" + "source": "newt", + "version": "0.52.18-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnewt0.52\",\"revision\":\"1ubuntu2\",\"size\":\"188\",\"source\":\"newt\",\"version\":\"0.52.18-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnfnetlink0\",\"revision\":\"3\",\"size\":\"60\",\"source\":\"libnfnetlink\",\"version\":\"1.0.1-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 60 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libnfnetlink0", "arch": "amd64", - "source": "libnfnetlink", + "name": "libnfnetlink0", + "revision": "3", "size": "60", - "version": "1.0.1-3", - "revision": "3" + "source": "libnfnetlink", + "version": "1.0.1-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnfnetlink0\",\"revision\":\"3\",\"size\":\"60\",\"source\":\"libnfnetlink\",\"version\":\"1.0.1-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnih1\",\"revision\":\"4.3ubuntu1\",\"size\":\"134\",\"source\":\"libnih\",\"version\":\"1.0.3-4.3ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 134 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libnih1", "arch": "amd64", - "source": "libnih", + "name": "libnih1", + "revision": "4.3ubuntu1", "size": "134", - "version": "1.0.3-4.3ubuntu1", - "revision": "4.3ubuntu1" + "source": "libnih", + "version": "1.0.3-4.3ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnih1\",\"revision\":\"4.3ubuntu1\",\"size\":\"134\",\"source\":\"libnih\",\"version\":\"1.0.3-4.3ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnspr4\",\"revision\":\"0ubuntu0.16.04.1\",\"size\":\"330\",\"source\":\"nspr\",\"version\":\"2:4.13.1-0ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 330 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libnspr4", "arch": "amd64", - "source": "nspr", + "name": "libnspr4", + "revision": "0ubuntu0.16.04.1", "size": "330", - "version": "2:4.13.1-0ubuntu0.16.04.1", - "revision": "0ubuntu0.16.04.1" + "source": "nspr", + "version": "2:4.13.1-0ubuntu0.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnspr4\",\"revision\":\"0ubuntu0.16.04.1\",\"size\":\"330\",\"source\":\"nspr\",\"version\":\"2:4.13.1-0ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnss3\",\"revision\":\"0ubuntu0.16.04.3\",\"size\":\"3715\",\"source\":\"nss\",\"version\":\"2:3.28.4-0ubuntu0.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 3715 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libnss3", "arch": "amd64", - "source": "nss", + "name": "libnss3", + "revision": "0ubuntu0.16.04.3", "size": "3715", - "version": "2:3.28.4-0ubuntu0.16.04.3", - "revision": "0ubuntu0.16.04.3" + "source": "nss", + "version": "2:3.28.4-0ubuntu0.16.04.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnss3\",\"revision\":\"0ubuntu0.16.04.3\",\"size\":\"3715\",\"source\":\"nss\",\"version\":\"2:3.28.4-0ubuntu0.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libnss3-nssdb\",\"revision\":\"0ubuntu0.16.04.3\",\"size\":\"87\",\"source\":\"nss\",\"version\":\"2:3.28.4-0ubuntu0.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 87 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libnss3-nssdb", "arch": "all", - "source": "nss", + "name": "libnss3-nssdb", + "revision": "0ubuntu0.16.04.3", "size": "87", - "version": "2:3.28.4-0ubuntu0.16.04.3", - "revision": "0ubuntu0.16.04.3" + "source": "nss", + "version": "2:3.28.4-0ubuntu0.16.04.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libnss3-nssdb\",\"revision\":\"0ubuntu0.16.04.3\",\"size\":\"87\",\"source\":\"nss\",\"version\":\"2:3.28.4-0ubuntu0.16.04.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnuma1\",\"revision\":\"1ubuntu1\",\"size\":\"74\",\"source\":\"numactl\",\"version\":\"2.0.11-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 74 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libnuma1", "arch": "amd64", - "source": "numactl", + "name": "libnuma1", + "revision": "1ubuntu1", "size": "74", - "version": "2.0.11-1ubuntu1", - "revision": "1ubuntu1" + "source": "numactl", + "version": "2.0.11-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libnuma1\",\"revision\":\"1ubuntu1\",\"size\":\"74\",\"source\":\"numactl\",\"version\":\"2.0.11-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libogg0\",\"revision\":\"1\",\"size\":\"76\",\"source\":\"libogg\",\"version\":\"1.3.2-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 76 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libogg0", "arch": "amd64", - "source": "libogg", + "name": "libogg0", + "revision": "1", "size": "76", - "version": "1.3.2-1", - "revision": "1" + "source": "libogg", + "version": "1.3.2-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libogg0\",\"revision\":\"1\",\"size\":\"76\",\"source\":\"libogg\",\"version\":\"1.3.2-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libp11-kit0\",\"revision\":\"5~ubuntu16.04.1\",\"size\":\"433\",\"source\":\"p11-kit\",\"version\":\"0.23.2-5~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 433 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libp11-kit0", "arch": "amd64", - "source": "p11-kit", + "name": "libp11-kit0", + "revision": "5~ubuntu16.04.1", "size": "433", - "version": "0.23.2-5~ubuntu16.04.1", - "revision": "5~ubuntu16.04.1" + "source": "p11-kit", + "version": "0.23.2-5~ubuntu16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libp11-kit0\",\"revision\":\"5~ubuntu16.04.1\",\"size\":\"433\",\"source\":\"p11-kit\",\"version\":\"0.23.2-5~ubuntu16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpam-modules\",\"revision\":\"3.2ubuntu2\",\"size\":\"918\",\"source\":\"pam\",\"version\":\"1.1.8-3.2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 918 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpam-modules", "arch": "amd64", - "source": "pam", + "name": "libpam-modules", + "revision": "3.2ubuntu2", "size": "918", - "version": "1.1.8-3.2ubuntu2", - "revision": "3.2ubuntu2" + "source": "pam", + "version": "1.1.8-3.2ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpam-modules\",\"revision\":\"3.2ubuntu2\",\"size\":\"918\",\"source\":\"pam\",\"version\":\"1.1.8-3.2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpam-modules-bin\",\"revision\":\"3.2ubuntu2\",\"size\":\"270\",\"source\":\"pam\",\"version\":\"1.1.8-3.2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 270 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpam-modules-bin", "arch": "amd64", - "source": "pam", + "name": "libpam-modules-bin", + "revision": "3.2ubuntu2", "size": "270", - "version": "1.1.8-3.2ubuntu2", - "revision": "3.2ubuntu2" + "source": "pam", + "version": "1.1.8-3.2ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpam-modules-bin\",\"revision\":\"3.2ubuntu2\",\"size\":\"270\",\"source\":\"pam\",\"version\":\"1.1.8-3.2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libpam-runtime\",\"revision\":\"3.2ubuntu2\",\"size\":\"300\",\"source\":\"pam\",\"version\":\"1.1.8-3.2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 300 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpam-runtime", "arch": "all", - "source": "pam", + "name": "libpam-runtime", + "revision": "3.2ubuntu2", "size": "300", - "version": "1.1.8-3.2ubuntu2", - "revision": "3.2ubuntu2" + "source": "pam", + "version": "1.1.8-3.2ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libpam-runtime\",\"revision\":\"3.2ubuntu2\",\"size\":\"300\",\"source\":\"pam\",\"version\":\"1.1.8-3.2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpam-systemd\",\"revision\":\"4ubuntu19\",\"size\":\"353\",\"source\":\"systemd\",\"version\":\"229-4ubuntu19\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 353 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpam-systemd", "arch": "amd64", - "source": "systemd", + "name": "libpam-systemd", + "revision": "4ubuntu19", "size": "353", - "version": "229-4ubuntu19", - "revision": "4ubuntu19" + "source": "systemd", + "version": "229-4ubuntu19" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpam-systemd\",\"revision\":\"4ubuntu19\",\"size\":\"353\",\"source\":\"systemd\",\"version\":\"229-4ubuntu19\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpam0g\",\"revision\":\"3.2ubuntu2\",\"size\":\"209\",\"source\":\"pam\",\"version\":\"1.1.8-3.2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 209 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpam0g", "arch": "amd64", - "source": "pam", + "name": "libpam0g", + "revision": "3.2ubuntu2", "size": "209", - "version": "1.1.8-3.2ubuntu2", - "revision": "3.2ubuntu2" + "source": "pam", + "version": "1.1.8-3.2ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpam0g\",\"revision\":\"3.2ubuntu2\",\"size\":\"209\",\"source\":\"pam\",\"version\":\"1.1.8-3.2ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpango-1.0-0\",\"revision\":\"1\",\"size\":\"537\",\"source\":\"pango1.0\",\"version\":\"1.38.1-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 537 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpango-1.0-0", "arch": "amd64", - "source": "pango1.0", + "name": "libpango-1.0-0", + "revision": "1", "size": "537", - "version": "1.38.1-1", - "revision": "1" + "source": "pango1.0", + "version": "1.38.1-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpango-1.0-0\",\"revision\":\"1\",\"size\":\"537\",\"source\":\"pango1.0\",\"version\":\"1.38.1-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpangocairo-1.0-0\",\"revision\":\"1\",\"size\":\"270\",\"source\":\"pango1.0\",\"version\":\"1.38.1-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 270 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpangocairo-1.0-0", "arch": "amd64", - "source": "pango1.0", + "name": "libpangocairo-1.0-0", + "revision": "1", "size": "270", - "version": "1.38.1-1", - "revision": "1" + "source": "pango1.0", + "version": "1.38.1-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpangocairo-1.0-0\",\"revision\":\"1\",\"size\":\"270\",\"source\":\"pango1.0\",\"version\":\"1.38.1-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpangoft2-1.0-0\",\"revision\":\"1\",\"size\":\"308\",\"source\":\"pango1.0\",\"version\":\"1.38.1-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 308 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpangoft2-1.0-0", "arch": "amd64", - "source": "pango1.0", + "name": "libpangoft2-1.0-0", + "revision": "1", "size": "308", - "version": "1.38.1-1", - "revision": "1" + "source": "pango1.0", + "version": "1.38.1-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpangoft2-1.0-0\",\"revision\":\"1\",\"size\":\"308\",\"source\":\"pango1.0\",\"version\":\"1.38.1-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libparted2\",\"revision\":\"15\",\"size\":\"351\",\"source\":\"parted\",\"version\":\"3.2-15\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 351 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libparted2", "arch": "amd64", - "source": "parted", + "name": "libparted2", + "revision": "15", "size": "351", - "version": "3.2-15", - "revision": "15" + "source": "parted", + "version": "3.2-15" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libparted2\",\"revision\":\"15\",\"size\":\"351\",\"source\":\"parted\",\"version\":\"3.2-15\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpcap0.8\",\"revision\":\"2\",\"size\":\"308\",\"source\":\"libpcap\",\"version\":\"1.7.4-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 308 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpcap0.8", "arch": "amd64", - "source": "libpcap", + "name": "libpcap0.8", + "revision": "2", "size": "308", - "version": "1.7.4-2", - "revision": "2" + "source": "libpcap", + "version": "1.7.4-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpcap0.8\",\"revision\":\"2\",\"size\":\"308\",\"source\":\"libpcap\",\"version\":\"1.7.4-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpci3\",\"revision\":\"1.1ubuntu1.1\",\"size\":\"97\",\"source\":\"pciutils\",\"version\":\"1:3.3.1-1.1ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 97 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpci3", "arch": "amd64", - "source": "pciutils", + "name": "libpci3", + "revision": "1.1ubuntu1.1", "size": "97", - "version": "1:3.3.1-1.1ubuntu1.1", - "revision": "1.1ubuntu1.1" + "source": "pciutils", + "version": "1:3.3.1-1.1ubuntu1.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpci3\",\"revision\":\"1.1ubuntu1.1\",\"size\":\"97\",\"source\":\"pciutils\",\"version\":\"1:3.3.1-1.1ubuntu1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpciaccess0\",\"revision\":\"1\",\"size\":\"62\",\"source\":\"libpciaccess\",\"version\":\"0.13.4-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 62 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpciaccess0", "arch": "amd64", - "source": "libpciaccess", + "name": "libpciaccess0", + "revision": "1", "size": "62", - "version": "0.13.4-1", - "revision": "1" + "source": "libpciaccess", + "version": "0.13.4-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpciaccess0\",\"revision\":\"1\",\"size\":\"62\",\"source\":\"libpciaccess\",\"version\":\"0.13.4-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpcre3\",\"revision\":\"3.1\",\"size\":\"655\",\"source\":\"pcre3\",\"version\":\"2:8.38-3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 655 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpcre3", "arch": "amd64", - "source": "pcre3", + "name": "libpcre3", + "revision": "3.1", "size": "655", - "version": "2:8.38-3.1", - "revision": "3.1" + "source": "pcre3", + "version": "2:8.38-3.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpcre3\",\"revision\":\"3.1\",\"size\":\"655\",\"source\":\"pcre3\",\"version\":\"2:8.38-3.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpcsclite1\",\"revision\":\"1ubuntu1.16.04.1\",\"size\":\"71\",\"source\":\"pcsc-lite\",\"version\":\"1.8.14-1ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 71 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpcsclite1", "arch": "amd64", - "source": "pcsc-lite", + "name": "libpcsclite1", + "revision": "1ubuntu1.16.04.1", "size": "71", - "version": "1.8.14-1ubuntu1.16.04.1", - "revision": "1ubuntu1.16.04.1" + "source": "pcsc-lite", + "version": "1.8.14-1ubuntu1.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpcsclite1\",\"revision\":\"1ubuntu1.16.04.1\",\"size\":\"71\",\"source\":\"pcsc-lite\",\"version\":\"1.8.14-1ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libperl5.22\",\"revision\":\"9ubuntu0.2\",\"size\":\"20352\",\"source\":\"perl\",\"version\":\"5.22.1-9ubuntu0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 20352 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libperl5.22", "arch": "amd64", - "source": "perl", + "name": "libperl5.22", + "revision": "9ubuntu0.2", "size": "20352", - "version": "5.22.1-9ubuntu0.2", - "revision": "9ubuntu0.2" + "source": "perl", + "version": "5.22.1-9ubuntu0.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libperl5.22\",\"revision\":\"9ubuntu0.2\",\"size\":\"20352\",\"source\":\"perl\",\"version\":\"5.22.1-9ubuntu0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpipeline1\",\"revision\":\"2\",\"size\":\"72\",\"source\":\"libpipeline\",\"version\":\"1.4.1-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 72 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpipeline1", "arch": "amd64", - "source": "libpipeline", + "name": "libpipeline1", + "revision": "2", "size": "72", - "version": "1.4.1-2", - "revision": "2" + "source": "libpipeline", + "version": "1.4.1-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpipeline1\",\"revision\":\"2\",\"size\":\"72\",\"source\":\"libpipeline\",\"version\":\"1.4.1-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpixman-1-0\",\"revision\":\"1\",\"size\":\"699\",\"source\":\"pixman\",\"version\":\"0.33.6-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 699 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpixman-1-0", "arch": "amd64", - "source": "pixman", + "name": "libpixman-1-0", + "revision": "1", "size": "699", - "version": "0.33.6-1", - "revision": "1" + "source": "pixman", + "version": "0.33.6-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpixman-1-0\",\"revision\":\"1\",\"size\":\"699\",\"source\":\"pixman\",\"version\":\"0.33.6-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libplymouth4\",\"revision\":\"3ubuntu13.1\",\"size\":\"298\",\"source\":\"plymouth\",\"version\":\"0.9.2-3ubuntu13.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 298 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libplymouth4", "arch": "amd64", - "source": "plymouth", + "name": "libplymouth4", + "revision": "3ubuntu13.1", "size": "298", - "version": "0.9.2-3ubuntu13.1", - "revision": "3ubuntu13.1" + "source": "plymouth", + "version": "0.9.2-3ubuntu13.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libplymouth4\",\"revision\":\"3ubuntu13.1\",\"size\":\"298\",\"source\":\"plymouth\",\"version\":\"0.9.2-3ubuntu13.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpng12-0\",\"revision\":\"1ubuntu1\",\"size\":\"278\",\"source\":\"libpng\",\"version\":\"1.2.54-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 278 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpng12-0", "arch": "amd64", - "source": "libpng", + "name": "libpng12-0", + "revision": "1ubuntu1", "size": "278", - "version": "1.2.54-1ubuntu1", - "revision": "1ubuntu1" + "source": "libpng", + "version": "1.2.54-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpng12-0\",\"revision\":\"1ubuntu1\",\"size\":\"278\",\"source\":\"libpng\",\"version\":\"1.2.54-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpolkit-agent-1-0\",\"revision\":\"14.1\",\"size\":\"63\",\"source\":\"policykit-1\",\"version\":\"0.105-14.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 63 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpolkit-agent-1-0", "arch": "amd64", - "source": "policykit-1", + "name": "libpolkit-agent-1-0", + "revision": "14.1", "size": "63", - "version": "0.105-14.1", - "revision": "14.1" + "source": "policykit-1", + "version": "0.105-14.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpolkit-agent-1-0\",\"revision\":\"14.1\",\"size\":\"63\",\"source\":\"policykit-1\",\"version\":\"0.105-14.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpolkit-backend-1-0\",\"revision\":\"14.1\",\"size\":\"126\",\"source\":\"policykit-1\",\"version\":\"0.105-14.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 126 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpolkit-backend-1-0", "arch": "amd64", - "source": "policykit-1", + "name": "libpolkit-backend-1-0", + "revision": "14.1", "size": "126", - "version": "0.105-14.1", - "revision": "14.1" + "source": "policykit-1", + "version": "0.105-14.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpolkit-backend-1-0\",\"revision\":\"14.1\",\"size\":\"126\",\"source\":\"policykit-1\",\"version\":\"0.105-14.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpolkit-gobject-1-0\",\"revision\":\"14.1\",\"size\":\"141\",\"source\":\"policykit-1\",\"version\":\"0.105-14.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 141 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpolkit-gobject-1-0", "arch": "amd64", - "source": "policykit-1", + "name": "libpolkit-gobject-1-0", + "revision": "14.1", "size": "141", - "version": "0.105-14.1", - "revision": "14.1" + "source": "policykit-1", + "version": "0.105-14.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpolkit-gobject-1-0\",\"revision\":\"14.1\",\"size\":\"141\",\"source\":\"policykit-1\",\"version\":\"0.105-14.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpopt0\",\"revision\":\"10\",\"size\":\"128\",\"source\":\"popt\",\"version\":\"1.16-10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 128 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpopt0", "arch": "amd64", - "source": "popt", + "name": "libpopt0", + "revision": "10", "size": "128", - "version": "1.16-10", - "revision": "10" + "source": "popt", + "version": "1.16-10" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpopt0\",\"revision\":\"10\",\"size\":\"128\",\"source\":\"popt\",\"version\":\"1.16-10\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libprocps4\",\"revision\":\"4ubuntu2.3\",\"size\":\"126\",\"source\":\"procps\",\"version\":\"2:3.3.10-4ubuntu2.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 126 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libprocps4", "arch": "amd64", - "source": "procps", + "name": "libprocps4", + "revision": "4ubuntu2.3", "size": "126", - "version": "2:3.3.10-4ubuntu2.3", - "revision": "4ubuntu2.3" + "source": "procps", + "version": "2:3.3.10-4ubuntu2.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libprocps4\",\"revision\":\"4ubuntu2.3\",\"size\":\"126\",\"source\":\"procps\",\"version\":\"2:3.3.10-4ubuntu2.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpulse0\",\"revision\":\"0ubuntu3.4\",\"size\":\"951\",\"source\":\"pulseaudio\",\"version\":\"1:8.0-0ubuntu3.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 951 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpulse0", "arch": "amd64", - "source": "pulseaudio", + "name": "libpulse0", + "revision": "0ubuntu3.4", "size": "951", - "version": "1:8.0-0ubuntu3.4", - "revision": "0ubuntu3.4" + "source": "pulseaudio", + "version": "1:8.0-0ubuntu3.4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpulse0\",\"revision\":\"0ubuntu3.4\",\"size\":\"951\",\"source\":\"pulseaudio\",\"version\":\"1:8.0-0ubuntu3.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython-stdlib\",\"revision\":\"1\",\"size\":\"37\",\"source\":\"python-defaults\",\"version\":\"2.7.11-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 37 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpython-stdlib", "arch": "amd64", - "source": "python-defaults", + "name": "libpython-stdlib", + "revision": "1", "size": "37", - "version": "2.7.11-1", - "revision": "1" + "source": "python-defaults", + "version": "2.7.11-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython-stdlib\",\"revision\":\"1\",\"size\":\"37\",\"source\":\"python-defaults\",\"version\":\"2.7.11-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython2.7-minimal\",\"revision\":\"1ubuntu0~16.04.2\",\"size\":\"2773\",\"source\":\"python2.7\",\"version\":\"2.7.12-1ubuntu0~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 2773 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpython2.7-minimal", "arch": "amd64", - "source": "python2.7", + "name": "libpython2.7-minimal", + "revision": "1ubuntu0~16.04.2", "size": "2773", - "version": "2.7.12-1ubuntu0~16.04.2", - "revision": "1ubuntu0~16.04.2" + "source": "python2.7", + "version": "2.7.12-1ubuntu0~16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython2.7-minimal\",\"revision\":\"1ubuntu0~16.04.2\",\"size\":\"2773\",\"source\":\"python2.7\",\"version\":\"2.7.12-1ubuntu0~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython2.7-stdlib\",\"revision\":\"1ubuntu0~16.04.2\",\"size\":\"8720\",\"source\":\"python2.7\",\"version\":\"2.7.12-1ubuntu0~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 8720 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpython2.7-stdlib", "arch": "amd64", - "source": "python2.7", + "name": "libpython2.7-stdlib", + "revision": "1ubuntu0~16.04.2", "size": "8720", - "version": "2.7.12-1ubuntu0~16.04.2", - "revision": "1ubuntu0~16.04.2" + "source": "python2.7", + "version": "2.7.12-1ubuntu0~16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython2.7-stdlib\",\"revision\":\"1ubuntu0~16.04.2\",\"size\":\"8720\",\"source\":\"python2.7\",\"version\":\"2.7.12-1ubuntu0~16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython3-stdlib\",\"revision\":\"3\",\"size\":\"36\",\"source\":\"python3-defaults\",\"version\":\"3.5.1-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 36 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpython3-stdlib", "arch": "amd64", - "source": "python3-defaults", + "name": "libpython3-stdlib", + "revision": "3", "size": "36", - "version": "3.5.1-3", - "revision": "3" + "source": "python3-defaults", + "version": "3.5.1-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" - ] - }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" + ], + "user": [ + "ubuntu" + ] }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython3-stdlib\",\"revision\":\"3\",\"size\":\"36\",\"source\":\"python3-defaults\",\"version\":\"3.5.1-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython3.5\",\"revision\":\"2ubuntu0~16.04.4\",\"size\":\"4515\",\"source\":\"python3.5\",\"version\":\"3.5.2-2ubuntu0~16.04.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 4515 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpython3.5", "arch": "amd64", - "source": "python3.5", + "name": "libpython3.5", + "revision": "2ubuntu0~16.04.4", "size": "4515", - "version": "3.5.2-2ubuntu0~16.04.4", - "revision": "2ubuntu0~16.04.4" + "source": "python3.5", + "version": "3.5.2-2ubuntu0~16.04.4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython3.5\",\"revision\":\"2ubuntu0~16.04.4\",\"size\":\"4515\",\"source\":\"python3.5\",\"version\":\"3.5.2-2ubuntu0~16.04.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython3.5-minimal\",\"revision\":\"2ubuntu0~16.04.4\",\"size\":\"3755\",\"source\":\"python3.5\",\"version\":\"3.5.2-2ubuntu0~16.04.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 3755 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpython3.5-minimal", "arch": "amd64", - "source": "python3.5", + "name": "libpython3.5-minimal", + "revision": "2ubuntu0~16.04.4", "size": "3755", - "version": "3.5.2-2ubuntu0~16.04.4", - "revision": "2ubuntu0~16.04.4" + "source": "python3.5", + "version": "3.5.2-2ubuntu0~16.04.4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython3.5-minimal\",\"revision\":\"2ubuntu0~16.04.4\",\"size\":\"3755\",\"source\":\"python3.5\",\"version\":\"3.5.2-2ubuntu0~16.04.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython3.5-stdlib\",\"revision\":\"2ubuntu0~16.04.4\",\"size\":\"9854\",\"source\":\"python3.5\",\"version\":\"3.5.2-2ubuntu0~16.04.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 9854 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libpython3.5-stdlib", "arch": "amd64", - "source": "python3.5", + "name": "libpython3.5-stdlib", + "revision": "2ubuntu0~16.04.4", "size": "9854", - "version": "3.5.2-2ubuntu0~16.04.4", - "revision": "2ubuntu0~16.04.4" + "source": "python3.5", + "version": "3.5.2-2ubuntu0~16.04.4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libpython3.5-stdlib\",\"revision\":\"2ubuntu0~16.04.4\",\"size\":\"9854\",\"source\":\"python3.5\",\"version\":\"3.5.2-2ubuntu0~16.04.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libreadline5\",\"revision\":\"3build1\",\"size\":\"324\",\"source\":\"readline5\",\"version\":\"5.2+dfsg-3build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 324 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libreadline5", "arch": "amd64", - "source": "readline5", + "name": "libreadline5", + "revision": "3build1", "size": "324", - "version": "5.2+dfsg-3build1", - "revision": "3build1" + "source": "readline5", + "version": "5.2+dfsg-3build1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libreadline5\",\"revision\":\"3build1\",\"size\":\"324\",\"source\":\"readline5\",\"version\":\"5.2+dfsg-3build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libreadline6\",\"revision\":\"8ubuntu2\",\"size\":\"382\",\"source\":\"readline6\",\"version\":\"6.3-8ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 382 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libreadline6", "arch": "amd64", - "source": "readline6", + "name": "libreadline6", + "revision": "8ubuntu2", "size": "382", - "version": "6.3-8ubuntu2", - "revision": "8ubuntu2" + "source": "readline6", + "version": "6.3-8ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libreadline6\",\"revision\":\"8ubuntu2\",\"size\":\"382\",\"source\":\"readline6\",\"version\":\"6.3-8ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libroken18-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"138\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 138 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libroken18-heimdal", "arch": "amd64", - "source": "heimdal", + "name": "libroken18-heimdal", + "revision": "4ubuntu1.16.04.1", "size": "138", - "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1", - "revision": "4ubuntu1.16.04.1" + "source": "heimdal", + "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libroken18-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"138\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"librtmp1\",\"revision\":\"1ubuntu0.1\",\"size\":\"131\",\"source\":\"rtmpdump\",\"version\":\"2.4+20151223.gitfa8646d-1ubuntu0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 131 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "librtmp1", "arch": "amd64", - "source": "rtmpdump", + "name": "librtmp1", + "revision": "1ubuntu0.1", "size": "131", - "version": "2.4+20151223.gitfa8646d-1ubuntu0.1", - "revision": "1ubuntu0.1" + "source": "rtmpdump", + "version": "2.4+20151223.gitfa8646d-1ubuntu0.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"librtmp1\",\"revision\":\"1ubuntu0.1\",\"size\":\"131\",\"source\":\"rtmpdump\",\"version\":\"2.4+20151223.gitfa8646d-1ubuntu0.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsasl2-2\",\"revision\":\"14build1\",\"size\":\"147\",\"source\":\"cyrus-sasl2\",\"version\":\"2.1.26.dfsg1-14build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 147 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsasl2-2", "arch": "amd64", - "source": "cyrus-sasl2", + "name": "libsasl2-2", + "revision": "14build1", "size": "147", - "version": "2.1.26.dfsg1-14build1", - "revision": "14build1" + "source": "cyrus-sasl2", + "version": "2.1.26.dfsg1-14build1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsasl2-2\",\"revision\":\"14build1\",\"size\":\"147\",\"source\":\"cyrus-sasl2\",\"version\":\"2.1.26.dfsg1-14build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsasl2-modules\",\"revision\":\"14build1\",\"size\":\"222\",\"source\":\"cyrus-sasl2\",\"version\":\"2.1.26.dfsg1-14build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 222 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsasl2-modules", "arch": "amd64", - "source": "cyrus-sasl2", + "name": "libsasl2-modules", + "revision": "14build1", "size": "222", - "version": "2.1.26.dfsg1-14build1", - "revision": "14build1" + "source": "cyrus-sasl2", + "version": "2.1.26.dfsg1-14build1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsasl2-modules\",\"revision\":\"14build1\",\"size\":\"222\",\"source\":\"cyrus-sasl2\",\"version\":\"2.1.26.dfsg1-14build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsasl2-modules-db\",\"revision\":\"14build1\",\"size\":\"60\",\"source\":\"cyrus-sasl2\",\"version\":\"2.1.26.dfsg1-14build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 60 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsasl2-modules-db", "arch": "amd64", - "source": "cyrus-sasl2", + "name": "libsasl2-modules-db", + "revision": "14build1", "size": "60", - "version": "2.1.26.dfsg1-14build1", - "revision": "14build1" + "source": "cyrus-sasl2", + "version": "2.1.26.dfsg1-14build1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsasl2-modules-db\",\"revision\":\"14build1\",\"size\":\"60\",\"source\":\"cyrus-sasl2\",\"version\":\"2.1.26.dfsg1-14build1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libseccomp2\",\"revision\":\"3ubuntu3\",\"size\":\"264\",\"source\":\"libseccomp\",\"version\":\"2.2.3-3ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 264 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libseccomp2", "arch": "amd64", - "source": "libseccomp", + "name": "libseccomp2", + "revision": "3ubuntu3", "size": "264", - "version": "2.2.3-3ubuntu3", - "revision": "3ubuntu3" + "source": "libseccomp", + "version": "2.2.3-3ubuntu3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "ubuntu" + } + }, + { + "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, "event": { "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libseccomp2\",\"revision\":\"3ubuntu3\",\"size\":\"264\",\"source\":\"libseccomp\",\"version\":\"2.2.3-3ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libselinux1\",\"revision\":\"3build2\",\"size\":\"168\",\"source\":\"libselinux\",\"version\":\"2.4-3build2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2017-12-07T17:57:33.000Z", "file": { "size": 168 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libselinux1", "arch": "amd64", - "source": "libselinux", + "name": "libselinux1", + "revision": "3build2", "size": "168", - "version": "2.4-3build2", - "revision": "3build2" + "source": "libselinux", + "version": "2.4-3build2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libselinux1\",\"revision\":\"3build2\",\"size\":\"168\",\"source\":\"libselinux\",\"version\":\"2.4-3build2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libsemanage-common\",\"revision\":\"1build3\",\"size\":\"28\",\"source\":\"libsemanage\",\"version\":\"2.3-1build3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 28 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsemanage-common", "arch": "all", - "source": "libsemanage", + "name": "libsemanage-common", + "revision": "1build3", "size": "28", - "version": "2.3-1build3", - "revision": "1build3" + "source": "libsemanage", + "version": "2.3-1build3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libsemanage-common\",\"revision\":\"1build3\",\"size\":\"28\",\"source\":\"libsemanage\",\"version\":\"2.3-1build3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsemanage1\",\"revision\":\"1build3\",\"size\":\"247\",\"source\":\"libsemanage\",\"version\":\"2.3-1build3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 247 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsemanage1", "arch": "amd64", - "source": "libsemanage", + "name": "libsemanage1", + "revision": "1build3", "size": "247", - "version": "2.3-1build3", - "revision": "1build3" + "source": "libsemanage", + "version": "2.3-1build3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsemanage1\",\"revision\":\"1build3\",\"size\":\"247\",\"source\":\"libsemanage\",\"version\":\"2.3-1build3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsensors4\",\"revision\":\"2\",\"size\":\"111\",\"source\":\"lm-sensors\",\"version\":\"1:3.4.0-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 111 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsensors4", "arch": "amd64", - "source": "lm-sensors", + "name": "libsensors4", + "revision": "2", "size": "111", - "version": "1:3.4.0-2", - "revision": "2" + "source": "lm-sensors", + "version": "1:3.4.0-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsensors4\",\"revision\":\"2\",\"size\":\"111\",\"source\":\"lm-sensors\",\"version\":\"1:3.4.0-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsepol1\",\"revision\":\"2\",\"size\":\"555\",\"source\":\"libsepol\",\"version\":\"2.4-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 555 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsepol1", "arch": "amd64", - "source": "libsepol", + "name": "libsepol1", + "revision": "2", "size": "555", - "version": "2.4-2", - "revision": "2" + "source": "libsepol", + "version": "2.4-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsepol1\",\"revision\":\"2\",\"size\":\"555\",\"source\":\"libsepol\",\"version\":\"2.4-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsigsegv2\",\"revision\":\"4\",\"size\":\"61\",\"source\":\"libsigsegv\",\"version\":\"2.10-4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 61 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsigsegv2", "arch": "amd64", - "source": "libsigsegv", + "name": "libsigsegv2", + "revision": "4", "size": "61", - "version": "2.10-4", - "revision": "4" + "source": "libsigsegv", + "version": "2.10-4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsigsegv2\",\"revision\":\"4\",\"size\":\"61\",\"source\":\"libsigsegv\",\"version\":\"2.10-4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libslang2\",\"revision\":\"2ubuntu1\",\"size\":\"1524\",\"source\":\"slang2\",\"version\":\"2.3.0-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1524 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libslang2", "arch": "amd64", - "source": "slang2", + "name": "libslang2", + "revision": "2ubuntu1", "size": "1524", - "version": "2.3.0-2ubuntu1", - "revision": "2ubuntu1" + "source": "slang2", + "version": "2.3.0-2ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libslang2\",\"revision\":\"2ubuntu1\",\"size\":\"1524\",\"source\":\"slang2\",\"version\":\"2.3.0-2ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsmartcols1\",\"revision\":\"6ubuntu3.3\",\"size\":\"236\",\"source\":\"util-linux\",\"version\":\"2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 236 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsmartcols1", "arch": "amd64", - "source": "util-linux", + "name": "libsmartcols1", + "revision": "6ubuntu3.3", "size": "236", - "version": "2.27.1-6ubuntu3.3", - "revision": "6ubuntu3.3" + "source": "util-linux", + "version": "2.27.1-6ubuntu3.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsmartcols1\",\"revision\":\"6ubuntu3.3\",\"size\":\"236\",\"source\":\"util-linux\",\"version\":\"2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsndfile1\",\"revision\":\"10ubuntu0.16.04.1\",\"size\":\"498\",\"source\":\"libsndfile\",\"version\":\"1.0.25-10ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 498 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsndfile1", "arch": "amd64", - "source": "libsndfile", + "name": "libsndfile1", + "revision": "10ubuntu0.16.04.1", "size": "498", - "version": "1.0.25-10ubuntu0.16.04.1", - "revision": "10ubuntu0.16.04.1" + "source": "libsndfile", + "version": "1.0.25-10ubuntu0.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsndfile1\",\"revision\":\"10ubuntu0.16.04.1\",\"size\":\"498\",\"source\":\"libsndfile\",\"version\":\"1.0.25-10ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsqlite3-0\",\"revision\":\"1ubuntu1\",\"size\":\"951\",\"source\":\"sqlite3\",\"version\":\"3.11.0-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 951 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsqlite3-0", "arch": "amd64", - "source": "sqlite3", + "name": "libsqlite3-0", + "revision": "1ubuntu1", "size": "951", - "version": "3.11.0-1ubuntu1", - "revision": "1ubuntu1" + "source": "sqlite3", + "version": "3.11.0-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsqlite3-0\",\"revision\":\"1ubuntu1\",\"size\":\"951\",\"source\":\"sqlite3\",\"version\":\"3.11.0-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libss2\",\"revision\":\"1ubuntu1\",\"size\":\"98\",\"source\":\"e2fsprogs\",\"version\":\"1.42.13-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 98 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libss2", "arch": "amd64", - "source": "e2fsprogs", + "name": "libss2", + "revision": "1ubuntu1", "size": "98", - "version": "1.42.13-1ubuntu1", - "revision": "1ubuntu1" + "source": "e2fsprogs", + "version": "1.42.13-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libss2\",\"revision\":\"1ubuntu1\",\"size\":\"98\",\"source\":\"e2fsprogs\",\"version\":\"1.42.13-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libssl1.0.0\",\"revision\":\"1ubuntu4.9\",\"size\":\"3402\",\"source\":\"openssl\",\"version\":\"1.0.2g-1ubuntu4.9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 3402 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libssl1.0.0", "arch": "amd64", - "source": "openssl", + "name": "libssl1.0.0", + "revision": "1ubuntu4.9", "size": "3402", - "version": "1.0.2g-1ubuntu4.9", - "revision": "1ubuntu4.9" + "source": "openssl", + "version": "1.0.2g-1ubuntu4.9" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libssl1.0.0\",\"revision\":\"1ubuntu4.9\",\"size\":\"3402\",\"source\":\"openssl\",\"version\":\"1.0.2g-1ubuntu4.9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libstdc++6\",\"revision\":\"6ubuntu1~16.04.4\",\"size\":\"1987\",\"source\":\"gcc-5\",\"version\":\"5.4.0-6ubuntu1~16.04.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1987 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libstdc++6", "arch": "amd64", - "source": "gcc-5", + "name": "libstdc++6", + "revision": "6ubuntu1~16.04.4", "size": "1987", - "version": "5.4.0-6ubuntu1~16.04.4", - "revision": "6ubuntu1~16.04.4" + "source": "gcc-5", + "version": "5.4.0-6ubuntu1~16.04.4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libstdc++6\",\"revision\":\"6ubuntu1~16.04.4\",\"size\":\"1987\",\"source\":\"gcc-5\",\"version\":\"5.4.0-6ubuntu1~16.04.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsystemd0\",\"revision\":\"4ubuntu19\",\"size\":\"618\",\"source\":\"systemd\",\"version\":\"229-4ubuntu19\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 618 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libsystemd0", "arch": "amd64", - "source": "systemd", + "name": "libsystemd0", + "revision": "4ubuntu19", "size": "618", - "version": "229-4ubuntu19", - "revision": "4ubuntu19" + "source": "systemd", + "version": "229-4ubuntu19" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libsystemd0\",\"revision\":\"4ubuntu19\",\"size\":\"618\",\"source\":\"systemd\",\"version\":\"229-4ubuntu19\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtasn1-6\",\"revision\":\"3ubuntu0.16.04.2\",\"size\":\"111\",\"source\":\"\",\"version\":\"4.7-3ubuntu0.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 111 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libtasn1-6", "arch": "amd64", + "name": "libtasn1-6", + "revision": "3ubuntu0.16.04.2", "size": "111", - "version": "4.7-3ubuntu0.16.04.2", - "revision": "3ubuntu0.16.04.2" + "version": "4.7-3ubuntu0.16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtasn1-6\",\"revision\":\"3ubuntu0.16.04.2\",\"size\":\"111\",\"source\":\"\",\"version\":\"4.7-3ubuntu0.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtext-charwidth-perl\",\"revision\":\"7build5\",\"size\":\"39\",\"source\":\"\",\"version\":\"0.04-7build5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 39 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libtext-charwidth-perl", "arch": "amd64", + "name": "libtext-charwidth-perl", + "revision": "7build5", "size": "39", - "version": "0.04-7build5", - "revision": "7build5" + "version": "0.04-7build5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtext-charwidth-perl\",\"revision\":\"7build5\",\"size\":\"39\",\"source\":\"\",\"version\":\"0.04-7build5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtext-iconv-perl\",\"revision\":\"5build4\",\"size\":\"47\",\"source\":\"\",\"version\":\"1.7-5build4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 47 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libtext-iconv-perl", "arch": "amd64", + "name": "libtext-iconv-perl", + "revision": "5build4", "size": "47", - "version": "1.7-5build4", - "revision": "5build4" + "version": "1.7-5build4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtext-iconv-perl\",\"revision\":\"5build4\",\"size\":\"47\",\"source\":\"\",\"version\":\"1.7-5build4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libtext-wrapi18n-perl\",\"revision\":\"7.1\",\"size\":\"26\",\"source\":\"\",\"version\":\"0.06-7.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 26 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libtext-wrapi18n-perl", "arch": "all", + "name": "libtext-wrapi18n-perl", + "revision": "7.1", "size": "26", - "version": "0.06-7.1", - "revision": "7.1" + "version": "0.06-7.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libtext-wrapi18n-perl\",\"revision\":\"7.1\",\"size\":\"26\",\"source\":\"\",\"version\":\"0.06-7.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libthai-data\",\"revision\":\"2\",\"size\":\"571\",\"source\":\"libthai\",\"version\":\"0.1.24-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 571 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libthai-data", "arch": "all", - "source": "libthai", + "name": "libthai-data", + "revision": "2", "size": "571", - "version": "0.1.24-2", - "revision": "2" + "source": "libthai", + "version": "0.1.24-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libthai-data\",\"revision\":\"2\",\"size\":\"571\",\"source\":\"libthai\",\"version\":\"0.1.24-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libthai0\",\"revision\":\"2\",\"size\":\"87\",\"source\":\"libthai\",\"version\":\"0.1.24-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 87 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libthai0", "arch": "amd64", - "source": "libthai", + "name": "libthai0", + "revision": "2", "size": "87", - "version": "0.1.24-2", - "revision": "2" + "source": "libthai", + "version": "0.1.24-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libthai0\",\"revision\":\"2\",\"size\":\"87\",\"source\":\"libthai\",\"version\":\"0.1.24-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtiff5\",\"revision\":\"1ubuntu0.2\",\"size\":\"502\",\"source\":\"tiff\",\"version\":\"4.0.6-1ubuntu0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 502 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libtiff5", "arch": "amd64", - "source": "tiff", + "name": "libtiff5", + "revision": "1ubuntu0.2", "size": "502", - "version": "4.0.6-1ubuntu0.2", - "revision": "1ubuntu0.2" + "source": "tiff", + "version": "4.0.6-1ubuntu0.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtiff5\",\"revision\":\"1ubuntu0.2\",\"size\":\"502\",\"source\":\"tiff\",\"version\":\"4.0.6-1ubuntu0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtinfo5\",\"revision\":\"1ubuntu1\",\"size\":\"468\",\"source\":\"ncurses\",\"version\":\"6.0+20160213-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 468 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libtinfo5", "arch": "amd64", - "source": "ncurses", + "name": "libtinfo5", + "revision": "1ubuntu1", "size": "468", - "version": "6.0+20160213-1ubuntu1", - "revision": "1ubuntu1" + "source": "ncurses", + "version": "6.0+20160213-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtinfo5\",\"revision\":\"1ubuntu1\",\"size\":\"468\",\"source\":\"ncurses\",\"version\":\"6.0+20160213-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtxc-dxtn-s2tc0\",\"revision\":\"1.1\",\"size\":\"260\",\"source\":\"s2tc\",\"version\":\"0~git20131104-1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 260 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libtxc-dxtn-s2tc0", "arch": "amd64", - "source": "s2tc", + "name": "libtxc-dxtn-s2tc0", + "revision": "1.1", "size": "260", - "version": "0~git20131104-1.1", - "revision": "1.1" + "source": "s2tc", + "version": "0~git20131104-1.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libtxc-dxtn-s2tc0\",\"revision\":\"1.1\",\"size\":\"260\",\"source\":\"s2tc\",\"version\":\"0~git20131104-1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libudev1\",\"revision\":\"4ubuntu19\",\"size\":\"204\",\"source\":\"systemd\",\"version\":\"229-4ubuntu19\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 204 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libudev1", "arch": "amd64", - "source": "systemd", + "name": "libudev1", + "revision": "4ubuntu19", "size": "204", - "version": "229-4ubuntu19", - "revision": "4ubuntu19" + "source": "systemd", + "version": "229-4ubuntu19" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libudev1\",\"revision\":\"4ubuntu19\",\"size\":\"204\",\"source\":\"systemd\",\"version\":\"229-4ubuntu19\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libusb-0.1-4\",\"revision\":\"28\",\"size\":\"56\",\"source\":\"libusb\",\"version\":\"2:0.1.12-28\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 56 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libusb-0.1-4", "arch": "amd64", - "source": "libusb", + "name": "libusb-0.1-4", + "revision": "28", "size": "56", - "version": "2:0.1.12-28", - "revision": "28" + "source": "libusb", + "version": "2:0.1.12-28" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libusb-0.1-4\",\"revision\":\"28\",\"size\":\"56\",\"source\":\"libusb\",\"version\":\"2:0.1.12-28\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libusb-1.0-0\",\"revision\":\"1\",\"size\":\"122\",\"source\":\"libusb-1.0\",\"version\":\"2:1.0.20-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 122 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libusb-1.0-0", "arch": "amd64", - "source": "libusb-1.0", + "name": "libusb-1.0-0", + "revision": "1", "size": "122", - "version": "2:1.0.20-1", - "revision": "1" + "source": "libusb-1.0", + "version": "2:1.0.20-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libusb-1.0-0\",\"revision\":\"1\",\"size\":\"122\",\"source\":\"libusb-1.0\",\"version\":\"2:1.0.20-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libustr-1.0-1\",\"revision\":\"5\",\"size\":\"273\",\"source\":\"ustr\",\"version\":\"1.0.4-5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 273 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libustr-1.0-1", "arch": "amd64", - "source": "ustr", + "name": "libustr-1.0-1", + "revision": "5", "size": "273", - "version": "1.0.4-5", - "revision": "5" + "source": "ustr", + "version": "1.0.4-5" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libustr-1.0-1\",\"revision\":\"5\",\"size\":\"273\",\"source\":\"ustr\",\"version\":\"1.0.4-5\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libutempter0\",\"revision\":\"3\",\"size\":\"41\",\"source\":\"libutempter\",\"version\":\"1.1.6-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 41 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libutempter0", "arch": "amd64", - "source": "libutempter", + "name": "libutempter0", + "revision": "3", "size": "41", - "version": "1.1.6-3", - "revision": "3" + "source": "libutempter", + "version": "1.1.6-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libutempter0\",\"revision\":\"3\",\"size\":\"41\",\"source\":\"libutempter\",\"version\":\"1.1.6-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libuuid1\",\"revision\":\"6ubuntu3.3\",\"size\":\"113\",\"source\":\"util-linux\",\"version\":\"2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 113 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libuuid1", "arch": "amd64", - "source": "util-linux", + "name": "libuuid1", + "revision": "6ubuntu3.3", "size": "113", - "version": "2.27.1-6ubuntu3.3", - "revision": "6ubuntu3.3" + "source": "util-linux", + "version": "2.27.1-6ubuntu3.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libuuid1\",\"revision\":\"6ubuntu3.3\",\"size\":\"113\",\"source\":\"util-linux\",\"version\":\"2.27.1-6ubuntu3.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libvorbis0a\",\"revision\":\"3\",\"size\":\"205\",\"source\":\"libvorbis\",\"version\":\"1.3.5-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 205 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libvorbis0a", "arch": "amd64", - "source": "libvorbis", + "name": "libvorbis0a", + "revision": "3", "size": "205", - "version": "1.3.5-3", - "revision": "3" + "source": "libvorbis", + "version": "1.3.5-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libvorbis0a\",\"revision\":\"3\",\"size\":\"205\",\"source\":\"libvorbis\",\"version\":\"1.3.5-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libvorbisenc2\",\"revision\":\"3\",\"size\":\"699\",\"source\":\"libvorbis\",\"version\":\"1.3.5-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 699 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libvorbisenc2", "arch": "amd64", - "source": "libvorbis", + "name": "libvorbisenc2", + "revision": "3", "size": "699", - "version": "1.3.5-3", - "revision": "3" + "source": "libvorbis", + "version": "1.3.5-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libvorbisenc2\",\"revision\":\"3\",\"size\":\"699\",\"source\":\"libvorbis\",\"version\":\"1.3.5-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libwind0-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"206\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 206 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libwind0-heimdal", "arch": "amd64", - "source": "heimdal", + "name": "libwind0-heimdal", + "revision": "4ubuntu1.16.04.1", "size": "206", - "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1", - "revision": "4ubuntu1.16.04.1" + "source": "heimdal", + "version": "1.7~git20150920+dfsg-4ubuntu1.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libwind0-heimdal\",\"revision\":\"4ubuntu1.16.04.1\",\"size\":\"206\",\"source\":\"heimdal\",\"version\":\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libwrap0\",\"revision\":\"25\",\"size\":\"121\",\"source\":\"tcp-wrappers\",\"version\":\"7.6.q-25\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 121 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libwrap0", "arch": "amd64", - "source": "tcp-wrappers", + "name": "libwrap0", + "revision": "25", "size": "121", - "version": "7.6.q-25", - "revision": "25" + "source": "tcp-wrappers", + "version": "7.6.q-25" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libwrap0\",\"revision\":\"25\",\"size\":\"121\",\"source\":\"tcp-wrappers\",\"version\":\"7.6.q-25\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libx11-6\",\"revision\":\"1ubuntu2\",\"size\":\"1366\",\"source\":\"libx11\",\"version\":\"2:1.6.3-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1366 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libx11-6", "arch": "amd64", - "source": "libx11", + "name": "libx11-6", + "revision": "1ubuntu2", "size": "1366", - "version": "2:1.6.3-1ubuntu2", - "revision": "1ubuntu2" + "source": "libx11", + "version": "2:1.6.3-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libx11-6\",\"revision\":\"1ubuntu2\",\"size\":\"1366\",\"source\":\"libx11\",\"version\":\"2:1.6.3-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libx11-data\",\"revision\":\"1ubuntu2\",\"size\":\"1497\",\"source\":\"libx11\",\"version\":\"2:1.6.3-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1497 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libx11-data", "arch": "all", - "source": "libx11", + "name": "libx11-data", + "revision": "1ubuntu2", "size": "1497", - "version": "2:1.6.3-1ubuntu2", - "revision": "1ubuntu2" + "source": "libx11", + "version": "2:1.6.3-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"libx11-data\",\"revision\":\"1ubuntu2\",\"size\":\"1497\",\"source\":\"libx11\",\"version\":\"2:1.6.3-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libx11-xcb1\",\"revision\":\"1ubuntu2\",\"size\":\"76\",\"source\":\"libx11\",\"version\":\"2:1.6.3-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 76 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libx11-xcb1", "arch": "amd64", - "source": "libx11", + "name": "libx11-xcb1", + "revision": "1ubuntu2", "size": "76", - "version": "2:1.6.3-1ubuntu2", - "revision": "1ubuntu2" + "source": "libx11", + "version": "2:1.6.3-1ubuntu2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libx11-xcb1\",\"revision\":\"1ubuntu2\",\"size\":\"76\",\"source\":\"libx11\",\"version\":\"2:1.6.3-1ubuntu2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxau6\",\"revision\":\"1\",\"size\":\"50\",\"source\":\"libxau\",\"version\":\"1:1.0.8-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 50 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxau6", "arch": "amd64", - "source": "libxau", + "name": "libxau6", + "revision": "1", "size": "50", - "version": "1:1.0.8-1", - "revision": "1" + "source": "libxau", + "version": "1:1.0.8-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxau6\",\"revision\":\"1\",\"size\":\"50\",\"source\":\"libxau\",\"version\":\"1:1.0.8-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-dri2-0\",\"revision\":\"1ubuntu1\",\"size\":\"42\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 42 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxcb-dri2-0", "arch": "amd64", - "source": "libxcb", + "name": "libxcb-dri2-0", + "revision": "1ubuntu1", "size": "42", - "version": "1.11.1-1ubuntu1", - "revision": "1ubuntu1" + "source": "libxcb", + "version": "1.11.1-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-dri2-0\",\"revision\":\"1ubuntu1\",\"size\":\"42\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-dri3-0\",\"revision\":\"1ubuntu1\",\"size\":\"32\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 32 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxcb-dri3-0", "arch": "amd64", - "source": "libxcb", + "name": "libxcb-dri3-0", + "revision": "1ubuntu1", "size": "32", - "version": "1.11.1-1ubuntu1", - "revision": "1ubuntu1" + "source": "libxcb", + "version": "1.11.1-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-dri3-0\",\"revision\":\"1ubuntu1\",\"size\":\"32\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-glx0\",\"revision\":\"1ubuntu1\",\"size\":\"140\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 140 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxcb-glx0", "arch": "amd64", - "source": "libxcb", + "name": "libxcb-glx0", + "revision": "1ubuntu1", "size": "140", - "version": "1.11.1-1ubuntu1", - "revision": "1ubuntu1" + "source": "libxcb", + "version": "1.11.1-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-glx0\",\"revision\":\"1ubuntu1\",\"size\":\"140\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-present0\",\"revision\":\"1ubuntu1\",\"size\":\"32\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 32 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxcb-present0", "arch": "amd64", - "source": "libxcb", + "name": "libxcb-present0", + "revision": "1ubuntu1", "size": "32", - "version": "1.11.1-1ubuntu1", - "revision": "1ubuntu1" + "source": "libxcb", + "version": "1.11.1-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-present0\",\"revision\":\"1ubuntu1\",\"size\":\"32\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-render0\",\"revision\":\"1ubuntu1\",\"size\":\"66\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 66 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxcb-render0", "arch": "amd64", - "source": "libxcb", + "name": "libxcb-render0", + "revision": "1ubuntu1", "size": "66", - "version": "1.11.1-1ubuntu1", - "revision": "1ubuntu1" + "source": "libxcb", + "version": "1.11.1-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-render0\",\"revision\":\"1ubuntu1\",\"size\":\"66\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-shm0\",\"revision\":\"1ubuntu1\",\"size\":\"36\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 36 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxcb-shm0", "arch": "amd64", - "source": "libxcb", + "name": "libxcb-shm0", + "revision": "1ubuntu1", "size": "36", - "version": "1.11.1-1ubuntu1", - "revision": "1ubuntu1" + "source": "libxcb", + "version": "1.11.1-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-shm0\",\"revision\":\"1ubuntu1\",\"size\":\"36\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-sync1\",\"revision\":\"1ubuntu1\",\"size\":\"50\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 50 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxcb-sync1", "arch": "amd64", - "source": "libxcb", + "name": "libxcb-sync1", + "revision": "1ubuntu1", "size": "50", - "version": "1.11.1-1ubuntu1", - "revision": "1ubuntu1" + "source": "libxcb", + "version": "1.11.1-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb-sync1\",\"revision\":\"1ubuntu1\",\"size\":\"50\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb1\",\"revision\":\"1ubuntu1\",\"size\":\"173\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 173 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxcb1", "arch": "amd64", - "source": "libxcb", + "name": "libxcb1", + "revision": "1ubuntu1", "size": "173", - "version": "1.11.1-1ubuntu1", - "revision": "1ubuntu1" + "source": "libxcb", + "version": "1.11.1-1ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcb1\",\"revision\":\"1ubuntu1\",\"size\":\"173\",\"source\":\"libxcb\",\"version\":\"1.11.1-1ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcomposite1\",\"revision\":\"1\",\"size\":\"47\",\"source\":\"libxcomposite\",\"version\":\"1:0.4.4-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 47 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxcomposite1", "arch": "amd64", - "source": "libxcomposite", + "name": "libxcomposite1", + "revision": "1", "size": "47", - "version": "1:0.4.4-1", - "revision": "1" + "source": "libxcomposite", + "version": "1:0.4.4-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcomposite1\",\"revision\":\"1\",\"size\":\"47\",\"source\":\"libxcomposite\",\"version\":\"1:0.4.4-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcursor1\",\"revision\":\"1ubuntu0.16.04.1\",\"size\":\"58\",\"source\":\"libxcursor\",\"version\":\"1:1.1.14-1ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 58 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxcursor1", "arch": "amd64", - "source": "libxcursor", + "name": "libxcursor1", + "revision": "1ubuntu0.16.04.1", "size": "58", - "version": "1:1.1.14-1ubuntu0.16.04.1", - "revision": "1ubuntu0.16.04.1" + "source": "libxcursor", + "version": "1:1.1.14-1ubuntu0.16.04.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxcursor1\",\"revision\":\"1ubuntu0.16.04.1\",\"size\":\"58\",\"source\":\"libxcursor\",\"version\":\"1:1.1.14-1ubuntu0.16.04.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxdamage1\",\"revision\":\"2\",\"size\":\"46\",\"source\":\"libxdamage\",\"version\":\"1:1.1.4-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 46 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxdamage1", "arch": "amd64", - "source": "libxdamage", + "name": "libxdamage1", + "revision": "2", "size": "46", - "version": "1:1.1.4-2", - "revision": "2" + "source": "libxdamage", + "version": "1:1.1.4-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxdamage1\",\"revision\":\"2\",\"size\":\"46\",\"source\":\"libxdamage\",\"version\":\"1:1.1.4-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxdmcp6\",\"revision\":\"1.1\",\"size\":\"39\",\"source\":\"libxdmcp\",\"version\":\"1:1.1.2-1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 39 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxdmcp6", "arch": "amd64", - "source": "libxdmcp", + "name": "libxdmcp6", + "revision": "1.1", "size": "39", - "version": "1:1.1.2-1.1", - "revision": "1.1" + "source": "libxdmcp", + "version": "1:1.1.2-1.1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxdmcp6\",\"revision\":\"1.1\",\"size\":\"39\",\"source\":\"libxdmcp\",\"version\":\"1:1.1.2-1.1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxext6\",\"revision\":\"1\",\"size\":\"122\",\"source\":\"libxext\",\"version\":\"2:1.3.3-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 122 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxext6", "arch": "amd64", - "source": "libxext", + "name": "libxext6", + "revision": "1", "size": "122", - "version": "2:1.3.3-1", - "revision": "1" + "source": "libxext", + "version": "2:1.3.3-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxext6\",\"revision\":\"1\",\"size\":\"122\",\"source\":\"libxext\",\"version\":\"2:1.3.3-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxfixes3\",\"revision\":\"2\",\"size\":\"61\",\"source\":\"libxfixes\",\"version\":\"1:5.0.1-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 61 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxfixes3", "arch": "amd64", - "source": "libxfixes", + "name": "libxfixes3", + "revision": "2", "size": "61", - "version": "1:5.0.1-2", - "revision": "2" + "source": "libxfixes", + "version": "1:5.0.1-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxfixes3\",\"revision\":\"2\",\"size\":\"61\",\"source\":\"libxfixes\",\"version\":\"1:5.0.1-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxi6\",\"revision\":\"1\",\"size\":\"87\",\"source\":\"libxi\",\"version\":\"2:1.7.6-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 87 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxi6", "arch": "amd64", - "source": "libxi", + "name": "libxi6", + "revision": "1", "size": "87", - "version": "2:1.7.6-1", - "revision": "1" + "source": "libxi", + "version": "2:1.7.6-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxi6\",\"revision\":\"1\",\"size\":\"87\",\"source\":\"libxi\",\"version\":\"2:1.7.6-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxinerama1\",\"revision\":\"1\",\"size\":\"49\",\"source\":\"libxinerama\",\"version\":\"2:1.1.3-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 49 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxinerama1", "arch": "amd64", - "source": "libxinerama", + "name": "libxinerama1", + "revision": "1", "size": "49", - "version": "2:1.1.3-1", - "revision": "1" + "source": "libxinerama", + "version": "2:1.1.3-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxinerama1\",\"revision\":\"1\",\"size\":\"49\",\"source\":\"libxinerama\",\"version\":\"2:1.1.3-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxml2\",\"revision\":\"1ubuntu0.4\",\"size\":\"2130\",\"source\":\"\",\"version\":\"2.9.3+dfsg1-1ubuntu0.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 2130 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxml2", "arch": "amd64", + "name": "libxml2", + "revision": "1ubuntu0.4", "size": "2130", - "version": "2.9.3+dfsg1-1ubuntu0.4", - "revision": "1ubuntu0.4" + "version": "2.9.3+dfsg1-1ubuntu0.4" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxml2\",\"revision\":\"1ubuntu0.4\",\"size\":\"2130\",\"source\":\"\",\"version\":\"2.9.3+dfsg1-1ubuntu0.4\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxmuu1\",\"revision\":\"2\",\"size\":\"33\",\"source\":\"libxmu\",\"version\":\"2:1.1.2-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 33 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxmuu1", "arch": "amd64", - "source": "libxmu", + "name": "libxmuu1", + "revision": "2", "size": "33", - "version": "2:1.1.2-2", - "revision": "2" + "source": "libxmu", + "version": "2:1.1.2-2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxmuu1\",\"revision\":\"2\",\"size\":\"33\",\"source\":\"libxmu\",\"version\":\"2:1.1.2-2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxrandr2\",\"revision\":\"1\",\"size\":\"66\",\"source\":\"libxrandr\",\"version\":\"2:1.5.0-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 66 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxrandr2", "arch": "amd64", - "source": "libxrandr", + "name": "libxrandr2", + "revision": "1", "size": "66", - "version": "2:1.5.0-1", - "revision": "1" + "source": "libxrandr", + "version": "2:1.5.0-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxrandr2\",\"revision\":\"1\",\"size\":\"66\",\"source\":\"libxrandr\",\"version\":\"2:1.5.0-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxrender1\",\"revision\":\"0ubuntu1\",\"size\":\"79\",\"source\":\"libxrender\",\"version\":\"1:0.9.9-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 79 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxrender1", "arch": "amd64", - "source": "libxrender", + "name": "libxrender1", + "revision": "0ubuntu1", "size": "79", - "version": "1:0.9.9-0ubuntu1", - "revision": "0ubuntu1" + "source": "libxrender", + "version": "1:0.9.9-0ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxrender1\",\"revision\":\"0ubuntu1\",\"size\":\"79\",\"source\":\"libxrender\",\"version\":\"1:0.9.9-0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxshmfence1\",\"revision\":\"1\",\"size\":\"45\",\"source\":\"libxshmfence\",\"version\":\"1.2-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 45 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxshmfence1", "arch": "amd64", - "source": "libxshmfence", + "name": "libxshmfence1", + "revision": "1", "size": "45", - "version": "1.2-1", - "revision": "1" + "source": "libxshmfence", + "version": "1.2-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxshmfence1\",\"revision\":\"1\",\"size\":\"45\",\"source\":\"libxshmfence\",\"version\":\"1.2-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxtables11\",\"revision\":\"2ubuntu3\",\"size\":\"97\",\"source\":\"iptables\",\"version\":\"1.6.0-2ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 97 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxtables11", "arch": "amd64", - "source": "iptables", + "name": "libxtables11", + "revision": "2ubuntu3", "size": "97", - "version": "1.6.0-2ubuntu3", - "revision": "2ubuntu3" + "source": "iptables", + "version": "1.6.0-2ubuntu3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxtables11\",\"revision\":\"2ubuntu3\",\"size\":\"97\",\"source\":\"iptables\",\"version\":\"1.6.0-2ubuntu3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxtst6\",\"revision\":\"1\",\"size\":\"64\",\"source\":\"libxtst\",\"version\":\"2:1.2.2-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 64 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxtst6", "arch": "amd64", - "source": "libxtst", + "name": "libxtst6", + "revision": "1", "size": "64", - "version": "2:1.2.2-1", - "revision": "1" + "source": "libxtst", + "version": "2:1.2.2-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxtst6\",\"revision\":\"1\",\"size\":\"64\",\"source\":\"libxtst\",\"version\":\"2:1.2.2-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxxf86vm1\",\"revision\":\"1\",\"size\":\"59\",\"source\":\"libxxf86vm\",\"version\":\"1:1.1.4-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 59 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libxxf86vm1", "arch": "amd64", - "source": "libxxf86vm", + "name": "libxxf86vm1", + "revision": "1", "size": "59", - "version": "1:1.1.4-1", - "revision": "1" + "source": "libxxf86vm", + "version": "1:1.1.4-1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libxxf86vm1\",\"revision\":\"1\",\"size\":\"59\",\"source\":\"libxxf86vm\",\"version\":\"1:1.1.4-1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libyaml-0-2\",\"revision\":\"3\",\"size\":\"162\",\"source\":\"libyaml\",\"version\":\"0.1.6-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 162 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "libyaml-0-2", "arch": "amd64", - "source": "libyaml", + "name": "libyaml-0-2", + "revision": "3", "size": "162", - "version": "0.1.6-3", - "revision": "3" + "source": "libyaml", + "version": "0.1.6-3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"libyaml-0-2\",\"revision\":\"3\",\"size\":\"162\",\"source\":\"libyaml\",\"version\":\"0.1.6-3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"linux-base\",\"revision\":\"\",\"size\":\"22\",\"source\":\"\",\"version\":\"4.0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 22 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-base", "arch": "all", + "name": "linux-base", "size": "22", "version": "4.0ubuntu1" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"linux-base\",\"revision\":\"\",\"size\":\"22\",\"source\":\"\",\"version\":\"4.0ubuntu1\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"linux-headers-4.4.0-101\",\"revision\":\"101.124\",\"size\":\"69070\",\"source\":\"linux\",\"version\":\"4.4.0-101.124\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 69070 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-headers-4.4.0-101", "arch": "all", - "source": "linux", + "name": "linux-headers-4.4.0-101", + "revision": "101.124", "size": "69070", - "version": "4.4.0-101.124", - "revision": "101.124" + "source": "linux", + "version": "4.4.0-101.124" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"linux-headers-4.4.0-101\",\"revision\":\"101.124\",\"size\":\"69070\",\"source\":\"linux\",\"version\":\"4.4.0-101.124\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-headers-4.4.0-101-generic\",\"revision\":\"101.124\",\"size\":\"7261\",\"source\":\"linux\",\"version\":\"4.4.0-101.124\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 7261 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-headers-4.4.0-101-generic", "arch": "amd64", - "source": "linux", + "name": "linux-headers-4.4.0-101-generic", + "revision": "101.124", "size": "7261", - "version": "4.4.0-101.124", - "revision": "101.124" + "source": "linux", + "version": "4.4.0-101.124" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-headers-4.4.0-101-generic\",\"revision\":\"101.124\",\"size\":\"7261\",\"source\":\"linux\",\"version\":\"4.4.0-101.124\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"linux-headers-4.4.0-93\",\"revision\":\"93.116\",\"size\":\"68915\",\"source\":\"linux\",\"version\":\"4.4.0-93.116\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 68915 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-headers-4.4.0-93", "arch": "all", - "source": "linux", + "name": "linux-headers-4.4.0-93", + "revision": "93.116", "size": "68915", - "version": "4.4.0-93.116", - "revision": "93.116" + "source": "linux", + "version": "4.4.0-93.116" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"linux-headers-4.4.0-93\",\"revision\":\"93.116\",\"size\":\"68915\",\"source\":\"linux\",\"version\":\"4.4.0-93.116\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-headers-4.4.0-93-generic\",\"revision\":\"93.116\",\"size\":\"7238\",\"source\":\"linux\",\"version\":\"4.4.0-93.116\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 7238 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-headers-4.4.0-93-generic", "arch": "amd64", - "source": "linux", + "name": "linux-headers-4.4.0-93-generic", + "revision": "93.116", "size": "7238", - "version": "4.4.0-93.116", - "revision": "93.116" + "source": "linux", + "version": "4.4.0-93.116" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-headers-4.4.0-93-generic\",\"revision\":\"93.116\",\"size\":\"7238\",\"source\":\"linux\",\"version\":\"4.4.0-93.116\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"linux-headers-4.4.0-98\",\"revision\":\"98.121\",\"size\":\"69064\",\"source\":\"linux\",\"version\":\"4.4.0-98.121\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 69064 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-headers-4.4.0-98", "arch": "all", - "source": "linux", + "name": "linux-headers-4.4.0-98", + "revision": "98.121", "size": "69064", - "version": "4.4.0-98.121", - "revision": "98.121" + "source": "linux", + "version": "4.4.0-98.121" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"linux-headers-4.4.0-98\",\"revision\":\"98.121\",\"size\":\"69064\",\"source\":\"linux\",\"version\":\"4.4.0-98.121\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-headers-4.4.0-98-generic\",\"revision\":\"98.121\",\"size\":\"7257\",\"source\":\"linux\",\"version\":\"4.4.0-98.121\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 7257 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-headers-4.4.0-98-generic", "arch": "amd64", - "source": "linux", + "name": "linux-headers-4.4.0-98-generic", + "revision": "98.121", "size": "7257", - "version": "4.4.0-98.121", - "revision": "98.121" + "source": "linux", + "version": "4.4.0-98.121" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-headers-4.4.0-98-generic\",\"revision\":\"98.121\",\"size\":\"7257\",\"source\":\"linux\",\"version\":\"4.4.0-98.121\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-headers-generic\",\"revision\":\"\",\"size\":\"13\",\"source\":\"linux-meta\",\"version\":\"4.4.0.101.106\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 13 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-headers-generic", "arch": "amd64", - "source": "linux-meta", + "name": "linux-headers-generic", "size": "13", + "source": "linux-meta", "version": "4.4.0.101.106" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-headers-generic\",\"revision\":\"\",\"size\":\"13\",\"source\":\"linux-meta\",\"version\":\"4.4.0.101.106\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-headers-virtual\",\"revision\":\"\",\"size\":\"13\",\"source\":\"linux-meta\",\"version\":\"4.4.0.101.106\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 13 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-headers-virtual", "arch": "amd64", - "source": "linux-meta", + "name": "linux-headers-virtual", "size": "13", + "source": "linux-meta", "version": "4.4.0.101.106" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-headers-virtual\",\"revision\":\"\",\"size\":\"13\",\"source\":\"linux-meta\",\"version\":\"4.4.0.101.106\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-image-4.4.0-101-generic\",\"revision\":\"101.124\",\"size\":\"65320\",\"source\":\"linux\",\"version\":\"4.4.0-101.124\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 65320 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-image-4.4.0-101-generic", "arch": "amd64", - "source": "linux", + "name": "linux-image-4.4.0-101-generic", + "revision": "101.124", "size": "65320", - "version": "4.4.0-101.124", - "revision": "101.124" + "source": "linux", + "version": "4.4.0-101.124" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-image-4.4.0-101-generic\",\"revision\":\"101.124\",\"size\":\"65320\",\"source\":\"linux\",\"version\":\"4.4.0-101.124\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-image-4.4.0-93-generic\",\"revision\":\"93.116\",\"size\":\"65401\",\"source\":\"linux\",\"version\":\"4.4.0-93.116\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 65401 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-image-4.4.0-93-generic", "arch": "amd64", - "source": "linux", + "name": "linux-image-4.4.0-93-generic", + "revision": "93.116", "size": "65401", - "version": "4.4.0-93.116", - "revision": "93.116" + "source": "linux", + "version": "4.4.0-93.116" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-image-4.4.0-93-generic\",\"revision\":\"93.116\",\"size\":\"65401\",\"source\":\"linux\",\"version\":\"4.4.0-93.116\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-image-4.4.0-98-generic\",\"revision\":\"98.121\",\"size\":\"65443\",\"source\":\"linux\",\"version\":\"4.4.0-98.121\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 65443 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-image-4.4.0-98-generic", "arch": "amd64", - "source": "linux", + "name": "linux-image-4.4.0-98-generic", + "revision": "98.121", "size": "65443", - "version": "4.4.0-98.121", - "revision": "98.121" + "source": "linux", + "version": "4.4.0-98.121" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-image-4.4.0-98-generic\",\"revision\":\"98.121\",\"size\":\"65443\",\"source\":\"linux\",\"version\":\"4.4.0-98.121\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-image-virtual\",\"revision\":\"\",\"size\":\"13\",\"source\":\"linux-meta\",\"version\":\"4.4.0.101.106\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 13 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-image-virtual", "arch": "amd64", - "source": "linux-meta", + "name": "linux-image-virtual", "size": "13", + "source": "linux-meta", "version": "4.4.0.101.106" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-image-virtual\",\"revision\":\"\",\"size\":\"13\",\"source\":\"linux-meta\",\"version\":\"4.4.0.101.106\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-virtual\",\"revision\":\"\",\"size\":\"13\",\"source\":\"linux-meta\",\"version\":\"4.4.0.101.106\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 13 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "linux-virtual", "arch": "amd64", - "source": "linux-meta", + "name": "linux-virtual", "size": "13", + "source": "linux-meta", "version": "4.4.0.101.106" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"linux-virtual\",\"revision\":\"\",\"size\":\"13\",\"source\":\"linux-meta\",\"version\":\"4.4.0.101.106\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"locales\",\"revision\":\"0ubuntu9\",\"size\":\"13684\",\"source\":\"glibc\",\"version\":\"2.23-0ubuntu9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 13684 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "locales", "arch": "all", - "source": "glibc", + "name": "locales", + "revision": "0ubuntu9", "size": "13684", - "version": "2.23-0ubuntu9", - "revision": "0ubuntu9" + "source": "glibc", + "version": "2.23-0ubuntu9" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"locales\",\"revision\":\"0ubuntu9\",\"size\":\"13684\",\"source\":\"glibc\",\"version\":\"2.23-0ubuntu9\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"login\",\"revision\":\"3.1ubuntu5.3\",\"size\":\"1192\",\"source\":\"shadow\",\"version\":\"1:4.2-3.1ubuntu5.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 1192 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "login", "arch": "amd64", - "source": "shadow", + "name": "login", + "revision": "3.1ubuntu5.3", "size": "1192", - "version": "1:4.2-3.1ubuntu5.3", - "revision": "3.1ubuntu5.3" + "source": "shadow", + "version": "1:4.2-3.1ubuntu5.3" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"login\",\"revision\":\"3.1ubuntu5.3\",\"size\":\"1192\",\"source\":\"shadow\",\"version\":\"1:4.2-3.1ubuntu5.3\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"logrotate\",\"revision\":\"2ubuntu2.16.04.2\",\"size\":\"113\",\"source\":\"\",\"version\":\"3.8.7-2ubuntu2.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 113 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "logrotate", "arch": "amd64", + "name": "logrotate", + "revision": "2ubuntu2.16.04.2", "size": "113", - "version": "3.8.7-2ubuntu2.16.04.2", - "revision": "2ubuntu2.16.04.2" + "version": "3.8.7-2ubuntu2.16.04.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"amd64\",\"name\":\"logrotate\",\"revision\":\"2ubuntu2.16.04.2\",\"size\":\"113\",\"source\":\"\",\"version\":\"3.8.7-2ubuntu2.16.04.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } }, { "@timestamp": "2017-12-07T17:57:33.000Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "added", + "created": "2020-04-28T11:07:58.223Z", + "kind": "event", + "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"lsb-base\",\"revision\":\"\",\"size\":\"58\",\"source\":\"lsb\",\"version\":\"9.20160110ubuntu0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", + "type": "info" + }, "file": { "size": 58 }, - "ecs": { - "version": "8.2.0" + "host": { + "hostname": "ubuntu-xenial", + "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" }, "osquery": { "result": { + "action": "added", + "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", "columns": { - "name": "lsb-base", "arch": "all", - "source": "lsb", + "name": "lsb-base", "size": "58", + "source": "lsb", "version": "9.20160110ubuntu0.2" }, - "name": "pack_it-compliance_deb_packages", - "unix_time": "1512669453", - "action": "added", + "counter": "0", "decorations": { "host_uuid": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "username": "ubuntu" }, "epoch": "0", - "counter": "0", - "calendar_time": "Thu Dec 7 17:57:33 2017 UTC", - "host_identifier": "ubuntu-xenial" + "host_identifier": "ubuntu-xenial", + "name": "pack_it-compliance_deb_packages", + "unix_time": "1512669453" } }, "related": { - "user": [ - "ubuntu" - ], "hosts": [ "ubuntu-xenial" + ], + "user": [ + "ubuntu" ] }, - "host": { - "hostname": "ubuntu-xenial", - "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9" - }, "rule": { "name": "pack_it-compliance_deb_packages" }, - "event": { - "action": "added", - "original": "{\"action\":\"added\",\"calendarTime\":\"Thu Dec 7 17:57:33 2017 UTC\",\"columns\":{\"arch\":\"all\",\"name\":\"lsb-base\",\"revision\":\"\",\"size\":\"58\",\"source\":\"lsb\",\"version\":\"9.20160110ubuntu0.2\"},\"counter\":\"0\",\"decorations\":{\"host_uuid\":\"72E1287B-D1BC-4FC6-B9D8-64F4352776A9\",\"username\":\"ubuntu\"},\"epoch\":\"0\",\"hostIdentifier\":\"ubuntu-xenial\",\"name\":\"pack_it-compliance_deb_packages\",\"unixTime\":\"1512669453\"}", - "type": "info", - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "user": { - "name": "ubuntu" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "name": "ubuntu" + } } ] } \ No newline at end of file diff --git a/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml b/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml index 577b89ff299..b277326c066 100644 --- a/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml +++ b/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: target_field: "json" - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/osquery/data_stream/result/sample_event.json b/packages/osquery/data_stream/result/sample_event.json index b82755014f1..b6b104cf2c6 100644 --- a/packages/osquery/data_stream/result/sample_event.json +++ b/packages/osquery/data_stream/result/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/osquery/docs/README.md b/packages/osquery/docs/README.md index 8266b181363..47c2766911e 100644 --- a/packages/osquery/docs/README.md +++ b/packages/osquery/docs/README.md @@ -38,7 +38,7 @@ An example event for `result` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/osquery/manifest.yml b/packages/osquery/manifest.yml index e295cd72a63..3d66630d376 100644 --- a/packages/osquery/manifest.yml +++ b/packages/osquery/manifest.yml @@ -1,6 +1,6 @@ name: osquery title: Osquery Logs -version: 1.3.0 +version: "1.4.0" release: ga description: Collect and parse logs from Osquery instances with Elastic Agent. type: integration diff --git a/packages/panw/_dev/build/build.yml b/packages/panw/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/panw/_dev/build/build.yml +++ b/packages/panw/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index e8cc6db8f7b..8ccf9264a6f 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.2.2" changes: - description: Fix mapping for zone breakout diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json index 618a7d8c776..c7c5c7ac4e7 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-03-24T11:30:00.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -92,7 +92,7 @@ { "@timestamp": "2021-03-24T11:29:49.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -194,7 +194,7 @@ { "@timestamp": "2021-04-07T17:41:30.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -286,7 +286,7 @@ { "@timestamp": "2021-04-07T17:41:29.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -389,7 +389,7 @@ { "@timestamp": "2021-04-07T17:41:28.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -475,7 +475,7 @@ { "@timestamp": "2021-03-02T09:55:39.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -565,7 +565,7 @@ { "@timestamp": "2021-03-02T11:01:02.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -665,7 +665,7 @@ { "@timestamp": "2021-03-02T09:39:26.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -751,7 +751,7 @@ { "@timestamp": "2021-03-02T09:47:13.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -842,7 +842,7 @@ { "@timestamp": "2021-10-22T11:10:05.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -921,7 +921,7 @@ { "@timestamp": "2021-11-09T16:45:14.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1000,7 +1000,7 @@ { "@timestamp": "2021-11-09T16:45:14.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json index 47a23dc83b4..1a88c26a459 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-03-02T10:06:25.000-06:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ { "@timestamp": "2019-10-09T10:20:15.000-06:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json index 712ef418f25..d2a4fcb1881 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2012-02-25T00:51:50.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:58:57.000+05:45", @@ -31,7 +31,7 @@ { "@timestamp": "2012-02-25T00:53:22.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:02.000+05:45", @@ -59,7 +59,7 @@ { "@timestamp": "2012-02-25T00:53:40.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:02.000+05:45", @@ -87,7 +87,7 @@ { "@timestamp": "2012-02-25T00:53:53.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:02.000+05:45", @@ -115,7 +115,7 @@ { "@timestamp": "2012-02-25T00:53:56.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:02.000+05:45", @@ -143,7 +143,7 @@ { "@timestamp": "2012-02-25T00:54:16.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:02.000+05:45", @@ -171,7 +171,7 @@ { "@timestamp": "2012-02-25T00:54:16.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:02.000+05:45", @@ -199,7 +199,7 @@ { "@timestamp": "2012-02-25T00:57:17.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:02.000+05:45", @@ -227,7 +227,7 @@ { "@timestamp": "2012-02-25T00:57:36.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:02.000+05:45", @@ -255,7 +255,7 @@ { "@timestamp": "2012-02-25T00:57:49.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:02.000+05:45", @@ -283,7 +283,7 @@ { "@timestamp": "2012-02-25T00:57:52.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:02.000+05:45", @@ -311,7 +311,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:07.000+05:45", @@ -339,7 +339,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:07.000+05:45", @@ -367,7 +367,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:07.000+05:45", @@ -395,7 +395,7 @@ { "@timestamp": "2012-02-25T00:58:14.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:07.000+05:45", @@ -423,7 +423,7 @@ { "@timestamp": "2012-02-25T00:59:36.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:07.000+05:45", @@ -451,7 +451,7 @@ { "@timestamp": "2012-04-10T03:11:57.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:22.000+05:45", @@ -479,7 +479,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:22.000+05:45", @@ -507,7 +507,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:22.000+05:45", @@ -535,7 +535,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:22.000+05:45", @@ -563,7 +563,7 @@ { "@timestamp": "2012-04-10T03:06:11.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:22.000+05:45", @@ -591,7 +591,7 @@ { "@timestamp": "2012-04-10T03:06:00.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:27.000+05:45", @@ -619,7 +619,7 @@ { "@timestamp": "2012-04-09T09:02:53.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:27.000+05:45", @@ -647,7 +647,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:27.000+05:45", @@ -675,7 +675,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:27.000+05:45", @@ -703,7 +703,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:27.000+05:45", @@ -731,7 +731,7 @@ { "@timestamp": "2012-04-09T09:00:55.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:27.000+05:45", @@ -759,7 +759,7 @@ { "@timestamp": "2012-04-09T09:00:52.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:27.000+05:45", @@ -787,7 +787,7 @@ { "@timestamp": "2012-04-09T09:00:35.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:32.000+05:45", @@ -815,7 +815,7 @@ { "@timestamp": "2012-04-09T09:00:20.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:32.000+05:45", @@ -843,7 +843,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:47.000+05:45", @@ -871,7 +871,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:47.000+05:45", @@ -899,7 +899,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2013-03-25T23:59:47.000+05:45", @@ -947,7 +947,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json index 0cdb08aac2c..242bf8fbeec 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json @@ -21,7 +21,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -158,7 +158,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -295,7 +295,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -432,7 +432,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -569,7 +569,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -706,7 +706,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -843,7 +843,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -980,7 +980,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1117,7 +1117,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1254,7 +1254,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1391,7 +1391,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1528,7 +1528,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1665,7 +1665,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1802,7 +1802,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1937,7 +1937,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2074,7 +2074,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2211,7 +2211,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2346,7 +2346,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2483,7 +2483,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2620,7 +2620,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2757,7 +2757,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2894,7 +2894,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3031,7 +3031,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3168,7 +3168,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3305,7 +3305,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3442,7 +3442,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3579,7 +3579,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3716,7 +3716,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3853,7 +3853,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3990,7 +3990,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4127,7 +4127,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4264,7 +4264,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4401,7 +4401,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4538,7 +4538,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4673,7 +4673,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4808,7 +4808,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4943,7 +4943,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5078,7 +5078,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5213,7 +5213,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5348,7 +5348,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5483,7 +5483,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5618,7 +5618,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5753,7 +5753,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5881,7 +5881,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "spyware_detected", @@ -6020,7 +6020,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6155,7 +6155,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6290,7 +6290,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6425,7 +6425,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6560,7 +6560,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6695,7 +6695,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6830,7 +6830,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6965,7 +6965,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -7100,7 +7100,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -7228,7 +7228,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file_match", @@ -7370,7 +7370,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -7498,7 +7498,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file_match", @@ -7633,7 +7633,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file_match", @@ -7775,7 +7775,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -7903,7 +7903,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file_match", @@ -8038,7 +8038,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file_match", @@ -8180,7 +8180,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -8315,7 +8315,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -8450,7 +8450,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -8578,7 +8578,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file_match", @@ -8720,7 +8720,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -8855,7 +8855,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -8983,7 +8983,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -9118,7 +9118,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -9260,7 +9260,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -9388,7 +9388,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -9530,7 +9530,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -9658,7 +9658,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -9793,7 +9793,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "file_match", @@ -9928,7 +9928,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -10063,7 +10063,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -10198,7 +10198,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -10333,7 +10333,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -10475,7 +10475,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -10603,7 +10603,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -10738,7 +10738,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -10873,7 +10873,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -11008,7 +11008,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -11143,7 +11143,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -11278,7 +11278,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -11413,7 +11413,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -11548,7 +11548,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -11683,7 +11683,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -11818,7 +11818,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -11953,7 +11953,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -12088,7 +12088,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -12230,7 +12230,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -12358,7 +12358,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -12493,7 +12493,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -12635,7 +12635,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -12763,7 +12763,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -12898,7 +12898,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -13033,7 +13033,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -13168,7 +13168,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -13303,7 +13303,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", @@ -13438,7 +13438,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "data_match", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json index 8d703f9b891..3c74d873be1 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json @@ -23,7 +23,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -155,7 +155,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -287,7 +287,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -419,7 +419,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -551,7 +551,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -683,7 +683,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -815,7 +815,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -947,7 +947,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -1079,7 +1079,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -1211,7 +1211,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -1343,7 +1343,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -1475,7 +1475,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -1607,7 +1607,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -1739,7 +1739,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -1871,7 +1871,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -2003,7 +2003,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -2135,7 +2135,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -2267,7 +2267,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -2399,7 +2399,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -2531,7 +2531,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -2663,7 +2663,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -2795,7 +2795,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -2927,7 +2927,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -3059,7 +3059,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -3191,7 +3191,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -3323,7 +3323,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -3455,7 +3455,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -3587,7 +3587,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -3719,7 +3719,7 @@ "port": 13069 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -3851,7 +3851,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -3983,7 +3983,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -4115,7 +4115,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -4247,7 +4247,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -4379,7 +4379,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -4511,7 +4511,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -4643,7 +4643,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -4775,7 +4775,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -4907,7 +4907,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -5039,7 +5039,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -5171,7 +5171,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5294,7 +5294,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5426,7 +5426,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5549,7 +5549,7 @@ "port": 40026 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5681,7 +5681,7 @@ "port": 40029 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5813,7 +5813,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5936,7 +5936,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -6068,7 +6068,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -6200,7 +6200,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -6332,7 +6332,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -6464,7 +6464,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -6596,7 +6596,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -6728,7 +6728,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -6860,7 +6860,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -6992,7 +6992,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -7124,7 +7124,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -7256,7 +7256,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -7388,7 +7388,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -7520,7 +7520,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -7652,7 +7652,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -7784,7 +7784,7 @@ "port": 40043 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -7916,7 +7916,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -8048,7 +8048,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -8180,7 +8180,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -8312,7 +8312,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -8444,7 +8444,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -8576,7 +8576,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -8708,7 +8708,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -8840,7 +8840,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -8972,7 +8972,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -9104,7 +9104,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -9236,7 +9236,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -9368,7 +9368,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -9500,7 +9500,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -9632,7 +9632,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -9764,7 +9764,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -9896,7 +9896,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -10028,7 +10028,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -10150,7 +10150,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10282,7 +10282,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10414,7 +10414,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10536,7 +10536,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10658,7 +10658,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10790,7 +10790,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -10922,7 +10922,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -11054,7 +11054,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -11186,7 +11186,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -11318,7 +11318,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -11440,7 +11440,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -11572,7 +11572,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -11704,7 +11704,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -11836,7 +11836,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -11968,7 +11968,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -12100,7 +12100,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -12232,7 +12232,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -12364,7 +12364,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -12496,7 +12496,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -12618,7 +12618,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -12750,7 +12750,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -12882,7 +12882,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -13014,7 +13014,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json index 9695d7cb1e4..55eec7c5907 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json @@ -23,7 +23,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json index e32ec22ab47..6a8c012432b 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json @@ -24,7 +24,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -192,7 +192,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -360,7 +360,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -528,7 +528,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -696,7 +696,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -864,7 +864,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1032,7 +1032,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1200,7 +1200,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1368,7 +1368,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1536,7 +1536,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1704,7 +1704,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -1872,7 +1872,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2040,7 +2040,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2208,7 +2208,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2376,7 +2376,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2544,7 +2544,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2712,7 +2712,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -2880,7 +2880,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3048,7 +3048,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3216,7 +3216,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3384,7 +3384,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3552,7 +3552,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3720,7 +3720,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -3888,7 +3888,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4056,7 +4056,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4224,7 +4224,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4392,7 +4392,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4560,7 +4560,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4728,7 +4728,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -4896,7 +4896,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5064,7 +5064,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5232,7 +5232,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5400,7 +5400,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5568,7 +5568,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5736,7 +5736,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -5904,7 +5904,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6072,7 +6072,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6240,7 +6240,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6408,7 +6408,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6576,7 +6576,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6744,7 +6744,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -6912,7 +6912,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -7080,7 +7080,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -7248,7 +7248,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -7416,7 +7416,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -7584,7 +7584,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -7752,7 +7752,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -7920,7 +7920,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -8088,7 +8088,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -8256,7 +8256,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -8424,7 +8424,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -8592,7 +8592,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -8760,7 +8760,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -8928,7 +8928,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -9096,7 +9096,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -9264,7 +9264,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -9432,7 +9432,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -9600,7 +9600,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -9768,7 +9768,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -9936,7 +9936,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -10104,7 +10104,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -10272,7 +10272,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -10440,7 +10440,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -10608,7 +10608,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -10776,7 +10776,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -10944,7 +10944,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -11112,7 +11112,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -11280,7 +11280,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -11448,7 +11448,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -11616,7 +11616,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -11784,7 +11784,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -11952,7 +11952,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -12120,7 +12120,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -12288,7 +12288,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -12456,7 +12456,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", @@ -12624,7 +12624,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "url_filtering", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json index f468d887aaa..b3906a6de09 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json @@ -26,7 +26,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -188,7 +188,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -341,7 +341,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -503,7 +503,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -656,7 +656,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -818,7 +818,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -980,7 +980,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -1133,7 +1133,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -1295,7 +1295,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -1457,7 +1457,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -1619,7 +1619,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -1781,7 +1781,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -1943,7 +1943,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -2105,7 +2105,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -2267,7 +2267,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -2429,7 +2429,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -2582,7 +2582,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -2744,7 +2744,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -2906,7 +2906,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -3068,7 +3068,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -3221,7 +3221,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -3383,7 +3383,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -3545,7 +3545,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_started", @@ -3707,7 +3707,7 @@ "port": 4282 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_dropped", @@ -3869,7 +3869,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_denied", @@ -4022,7 +4022,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -4181,7 +4181,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -4340,7 +4340,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -4502,7 +4502,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -4664,7 +4664,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -4817,7 +4817,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -4970,7 +4970,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5132,7 +5132,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5294,7 +5294,7 @@ "port": 4282 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5456,7 +5456,7 @@ "port": 17472 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5618,7 +5618,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5780,7 +5780,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -5942,7 +5942,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -6104,7 +6104,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -6266,7 +6266,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -6428,7 +6428,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -6590,7 +6590,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -6752,7 +6752,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -6914,7 +6914,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -7076,7 +7076,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -7238,7 +7238,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -7400,7 +7400,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -7562,7 +7562,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -7724,7 +7724,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -7886,7 +7886,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -8037,7 +8037,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -8199,7 +8199,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -8361,7 +8361,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -8523,7 +8523,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -8685,7 +8685,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -8847,7 +8847,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -9009,7 +9009,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -9171,7 +9171,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -9333,7 +9333,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -9495,7 +9495,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -9657,7 +9657,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -9819,7 +9819,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -9981,7 +9981,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10143,7 +10143,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10305,7 +10305,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10467,7 +10467,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10629,7 +10629,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10791,7 +10791,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -10953,7 +10953,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -11115,7 +11115,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -11277,7 +11277,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -11439,7 +11439,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -11601,7 +11601,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -11763,7 +11763,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -11925,7 +11925,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -12087,7 +12087,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -12249,7 +12249,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -12411,7 +12411,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -12572,7 +12572,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -12733,7 +12733,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -12894,7 +12894,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -13055,7 +13055,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -13217,7 +13217,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -13379,7 +13379,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -13541,7 +13541,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -13703,7 +13703,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -13865,7 +13865,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -14027,7 +14027,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -14189,7 +14189,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -14351,7 +14351,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -14513,7 +14513,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -14675,7 +14675,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -14837,7 +14837,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -14999,7 +14999,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -15161,7 +15161,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -15314,7 +15314,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -15476,7 +15476,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -15638,7 +15638,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -15800,7 +15800,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", @@ -15962,7 +15962,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "flow_terminated", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json index 333a1317230..68def78e442 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json @@ -6,7 +6,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -80,7 +80,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -154,7 +154,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -217,7 +217,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -280,7 +280,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -343,7 +343,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -406,7 +406,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -480,7 +480,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -554,7 +554,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -628,7 +628,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -701,7 +701,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -774,7 +774,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -847,7 +847,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml index 8d6240bb1a9..1db1e51502d 100644 --- a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: "Pipeline for Palo Alto Networks PAN-OS Logs" processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: observer.vendor value: Palo Alto Networks diff --git a/packages/panw/data_stream/panos/sample_event.json b/packages/panw/data_stream/panos/sample_event.json index 138a503b608..0e6dda0a309 100644 --- a/packages/panw/data_stream/panos/sample_event.json +++ b/packages/panw/data_stream/panos/sample_event.json @@ -36,7 +36,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "69c5b3bb-a0c8-407c-9f6f-166c94a2d63f", diff --git a/packages/panw/docs/README.md b/packages/panw/docs/README.md index e74f5919063..1dd67386923 100644 --- a/packages/panw/docs/README.md +++ b/packages/panw/docs/README.md @@ -53,7 +53,7 @@ An example event for `panos` looks as following: "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "69c5b3bb-a0c8-407c-9f6f-166c94a2d63f", diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index 249116c4fd8..cdeb776bb51 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Networks Logs -version: 2.2.2 +version: "2.3.0" release: ga description: Collect PAN-OS firewall monitoring logs from Palo Alto Networks devices with Elastic Agent. type: integration diff --git a/packages/panw_cortex_xdr/_dev/build/build.yml b/packages/panw_cortex_xdr/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/panw_cortex_xdr/_dev/build/build.yml +++ b/packages/panw_cortex_xdr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/panw_cortex_xdr/changelog.yml b/packages/panw_cortex_xdr/changelog.yml index 71cf075efe2..fefd8dd2000 100644 --- a/packages/panw_cortex_xdr/changelog.yml +++ b/packages/panw_cortex_xdr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.2.1" changes: - description: Updated the links in the file to Palo Alto Cortex XDR documentation diff --git a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json index 53e021974af..2cee2d9edaf 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-05-06T19:15:14.182Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DETECTED", diff --git a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json index f77e9208b9e..1a417bafcfb 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json @@ -19,7 +19,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "BLOCKED_9", @@ -124,7 +124,7 @@ { "@timestamp": "2020-02-21T08:36:19.588Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "BLOCKED", diff --git a/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 650d72243d2..099284420fe 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Palo Alto XDR API. processors: - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: alert diff --git a/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json b/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json index b46ac99ed3b..0545a938621 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/panw_cortex_xdr/docs/README.md b/packages/panw_cortex_xdr/docs/README.md index 508e715fb30..1bf6e3efcde 100644 --- a/packages/panw_cortex_xdr/docs/README.md +++ b/packages/panw_cortex_xdr/docs/README.md @@ -28,7 +28,7 @@ An example event for `alerts` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/panw_cortex_xdr/manifest.yml b/packages/panw_cortex_xdr/manifest.yml index a1ea8e995d5..05024ad145d 100644 --- a/packages/panw_cortex_xdr/manifest.yml +++ b/packages/panw_cortex_xdr/manifest.yml @@ -1,6 +1,6 @@ name: panw_cortex_xdr title: Palo Alto Cortex XDR Logs -version: 1.2.1 +version: "1.3.0" release: ga description: Collect and parse logs from Palo Alto Cortex XDR API with Elastic Agent. type: integration diff --git a/packages/pfsense/_dev/build/build.yml b/packages/pfsense/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/pfsense/_dev/build/build.yml +++ b/packages/pfsense/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/pfsense/changelog.yml b/packages/pfsense/changelog.yml index fdaa71884f3..41b9803af5e 100644 --- a/packages/pfsense/changelog.yml +++ b/packages/pfsense/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.3" changes: - description: updated links in the documentation to the vendor documentation diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json index 5738e4eedf5..d8b9ded78cb 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json @@ -20,7 +20,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -115,7 +115,7 @@ "port": 547 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -201,7 +201,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DHCPDISCOVER", @@ -274,7 +274,7 @@ "type": "question" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json index f3117a2a0a6..4f17edd951d 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json @@ -20,7 +20,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -126,7 +126,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -232,7 +232,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", @@ -329,7 +329,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -435,7 +435,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -541,7 +541,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -635,7 +635,7 @@ "port": 547 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -730,7 +730,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -836,7 +836,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -942,7 +942,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -1048,7 +1048,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -1154,7 +1154,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -1260,7 +1260,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -1366,7 +1366,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -1460,7 +1460,7 @@ "port": 137 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", @@ -1557,7 +1557,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -1662,7 +1662,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", @@ -1755,7 +1755,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", @@ -1840,7 +1840,7 @@ "ip": "10.100.15.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json index 1183346babd..1858657aaa2 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json @@ -10,7 +10,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DHCPDISCOVER", @@ -76,7 +76,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DHCPOFFER", @@ -156,7 +156,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DHCPREQUEST", @@ -238,7 +238,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "DHCPACK", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json index 22a058f9e8f..4384d8a544d 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-15T16:15:18.502-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -88,7 +88,7 @@ { "@timestamp": "2021-08-15T16:15:18.407-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -172,7 +172,7 @@ { "@timestamp": "2021-08-15T16:15:10.549-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -248,7 +248,7 @@ { "@timestamp": "2022-06-13T20:53:10.208-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -334,7 +334,7 @@ { "@timestamp": "2022-06-13T20:56:55.187-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "duration": 204000000, @@ -398,7 +398,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -467,7 +467,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json index 460e824cb74..f7e00ca48c9 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -39,7 +39,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -75,7 +75,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -111,7 +111,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -147,7 +147,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -183,7 +183,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -219,7 +219,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -255,7 +255,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -291,7 +291,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -327,7 +327,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -363,7 +363,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -399,7 +399,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -435,7 +435,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -471,7 +471,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -507,7 +507,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -543,7 +543,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -579,7 +579,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -615,7 +615,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -651,7 +651,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -687,7 +687,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -723,7 +723,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -759,7 +759,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -795,7 +795,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -831,7 +831,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -884,7 +884,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json index 21304eee3cc..b775d7572f5 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -56,7 +56,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -109,7 +109,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -162,7 +162,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -215,7 +215,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -268,7 +268,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -321,7 +321,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -374,7 +374,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -429,7 +429,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -473,7 +473,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -531,7 +531,7 @@ { "@timestamp": "2021-07-04T03:17:01.074Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -593,7 +593,7 @@ { "@timestamp": "2021-07-04T03:40:38.477Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json index 2c7e75d1a48..f6576cc49e9 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json @@ -19,7 +19,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json index fe2b9fd619f..807e6e1ae98 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json @@ -20,7 +20,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -127,7 +127,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -222,7 +222,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", @@ -320,7 +320,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -427,7 +427,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -522,7 +522,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", @@ -633,7 +633,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -740,7 +740,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -835,7 +835,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", @@ -921,7 +921,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", @@ -1019,7 +1019,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -1126,7 +1126,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "block", @@ -1233,7 +1233,7 @@ "port": 1900 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", @@ -1318,7 +1318,7 @@ "ip": "224.0.0.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "pass", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json index 7e705284dd9..18263749ec8 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json @@ -18,7 +18,7 @@ "type": "question" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -81,7 +81,7 @@ "type": "question" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml index e520c07032c..cda478809cf 100644 --- a/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for PFsense processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: observer.vendor value: netgate diff --git a/packages/pfsense/data_stream/log/sample_event.json b/packages/pfsense/data_stream/log/sample_event.json index 6f70d5817ed..89c6e847a8d 100644 --- a/packages/pfsense/data_stream/log/sample_event.json +++ b/packages/pfsense/data_stream/log/sample_event.json @@ -30,7 +30,7 @@ "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/pfsense/docs/README.md b/packages/pfsense/docs/README.md index 07f30b6ccd8..51dd47c5dbc 100644 --- a/packages/pfsense/docs/README.md +++ b/packages/pfsense/docs/README.md @@ -77,7 +77,7 @@ An example event for `log` looks as following: "port": 853 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/pfsense/manifest.yml b/packages/pfsense/manifest.yml index 6889f59e3d8..12e7618e49a 100644 --- a/packages/pfsense/manifest.yml +++ b/packages/pfsense/manifest.yml @@ -1,6 +1,6 @@ name: pfsense title: pfSense Logs -version: "1.0.3" +version: "1.1.0" release: ga description: Collect and parse logs from pfSense and OPNsense devices with Elastic Agent. type: integration diff --git a/packages/proofpoint/_dev/build/build.yml b/packages/proofpoint/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/proofpoint/_dev/build/build.yml +++ b/packages/proofpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/proofpoint/changelog.yml b/packages/proofpoint/changelog.yml index 190acf9f69b..b0f6e4d98b0 100644 --- a/packages/proofpoint/changelog.yml +++ b/packages/proofpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.7.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/proofpoint/data_stream/emailsecurity/_dev/test/pipeline/test-generated.log-expected.json b/packages/proofpoint/data_stream/emailsecurity/_dev/test/pipeline/test-generated.log-expected.json index 74bc726148d..539b9b110df 100644 --- a/packages/proofpoint/data_stream/emailsecurity/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/proofpoint/data_stream/emailsecurity/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 29 06:09:59 avolupt low mod=perl cmd=clone cmd=olab id=nto duration=sse", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016/02/12T13:12:33.umdo itessequ session_store[vol]: info luptat high s=nibus mod=mipsumq cmd=gnaali module=enatus rule=mquia folder=ameaqu pri=aqu duration=utper", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 26 20:15:08 emape low s=incidi mod=session_connect cmd=nse ip=10.46.185.46 country=temvel lip=iatu prot=serror hops_active=anti routes=ofdeF notroutes=metcons perlwait=roinBCS", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016/03/12T03:17:42.iam mqua queued-eurort[3391]: olab: from=mquisnos, size=5771, class=ore, nrcpts=etconsec, msgid=err, proto=rdp, daemon=mUt, tls_verify=usmodte, auth=ele, relay=tenbyCic5882.api.home [10.69.20.77]", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 26 10:20:16 pteursi medium mod=service cmd=refresh cmd=turveli duration=toccae", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 9 17:22:51 ccusan low mod=zerohour type=Ciceroi cmd=refresh id=aveniam version=uradi", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 24 00:25:25 aboreetd high mod=smtpsrv cmd=listen cmd=dun addr=10.89.185.38", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 8 07:27:59 ctetura medium mod=zerohour type=dolore cmd=init id=abor version=iqui", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 22 14:30:33 ritatis oloremi high s=icab mod=av_run cmd=mwr rule=fugi name=inculpaq cleaned=agna vendor=tionemu duration=eomnisis", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016/06/05T21:33:08.incidi picia queued-reinject[mUtenima]: warn emaperi[7183]: sumquiad: from=dexeaco, size=6178, class=colabor, nrcpts=iusmodt, msgid=etdolo, proto=tcp, daemon=lorumw, relay=ommod3671.mail.domain", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 20 04:35:42 imadmi high s=tion mod=session_judge cmd=eataev module=liquide rule=uasia", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016/07/04T11:38:16.uames tati access_run[utaliqu]: warn oriosamn medium s=santium m=iciatisu x=rehender mod=eporroqu cmd=uat rule=tem duration=est", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 18 18:40:50 samvolu err eid=ittenbyC module=isc age=aturve limit=emulla", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016/08/02T01:43:25.itame eumfug zerohour_init[lit]: note asun low mod=quamnih type=oluptate cmd=onseq id=serunt version=aquaeabi", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 16 08:45:59 ento warn eid=pic status=\"evita file suntexp does not contain enough (or correct) info. Fix this or remove the file.\"", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 30 15:48:33 tmo very-high s=abi mod=spam_run cmd=sectetur rule=uioffi policy=oru score=temqu ndrscore=edol ipscore=colab suspectscore=ommodico phishscore=quatD bulkscore=mcolab spamscore=67.309000 adjustscore=tenima adultscore=tsedqu classifier=agnid adjust=proide reason=dolorem scancount=tlab engine=volupt definitions=osqui raw=xerc tests=iutali duration=fdeFi", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016/09/13T22:51:07.sequine ectio dkimv_type[dutper]: err lamcolab: low mod=radi unexpected response type=gel", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 28 05:53:42 xeacomm very-high mod=av type=aturQui cmd=load id=utlabor", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 12 12:56:16 madmi tur low s=uatD mod=mail_attachment cmd=ariatu id=edquiac file=nci mime=tev type=saute omime=ntocca oext=ostru corrupted=ntoccae protected=autf size=3471 virtual=temquiav", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016/10/26T19:58:50.tor qui queued-aglife[4499]: eavolup: to=fugiatn, delay=docon, xdelay=etconsec, mailer=ios, pri=evolu, relay=ersp3536.www5.lan, dsn=sauteiru, stat=mod", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016/11/10T03:01:24.iquipe itempor mail_env_rcpt[quin]: err upida high s=nve m=remag x=uredol mod=ccaecat cmd=tquiin r=7440 value=temqu verified=ovol routes=ptasn", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 24 10:03:59 idolore low mod=spam type=eetdolo cmd=refresh id=cteturad engine=untut definitions=uamni", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 8 17:06:33 orumSe high mod=regulation type=isnost cmd=init id=queips action=cancel dict=itess file=iscinge", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016-12-23T12:09:07.inci atatn queued-alert[temUt]: info avol[752]: STARTTLS=essequam, relay=[10.193.83.81], version=1.5020, verify=str, cipher=iat, bits=etur", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/01/06T07:11:41.isnostr umqu smtpsrv_run[tinv]: warn adipisc medium mod=isnisi cmd=ritatise rule=uamei duration=siut", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/01/20T14:14:16.ttenby boris dkimv_run[stenatu]: err isiuta low s=ratv m=riat x=ianon mod=tsed cmd=nts status=\"siut, tconsect\"", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/02/03T21:16:50.ctetura aveni sendmail[elit]: note seosqui sequamni[3866]: STARTTLS=tdol, relay=sit6590.lan [10.123.143.188], version=ncididun, verify=umSe, cipher=xeacomm, bits=cinge", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 18 04:19:24 runtmol very-high mod=spam type=odi cmd=load id=ptass", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 4 11:21:59 aec medium mod=spam type=iduntu cmd=load id=ccaeca", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 18 18:24:33 leumiu tla very-high s=uaeratv mod=session_connect cmd=isa ip=10.38.65.236 country=dqu lip=pid prot=rExc hops_active=iusmo routes=tame notroutes=naaliq perlwait=nte", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/04/02T01:27:07.ullamcor itationu dmarc_run[proident]: rprt maliquam medium s=atione m=lores x=ritati mod=orisni cmd=ons rule=remagn duration=ecillu", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 16 08:29:41 umetMalo high mod=av type=utp cmd=refresh id=aeconseq vendor=lor engine=Sedut definitions=yCiceroi signatures=quunt", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 30 15:32:16 aliq low mod=access type=teni cmd=refresh id=dquiac action=accept dict=tore file=elits", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/05/14T22:34:50.uamnihi risnis mail_release[uov]: info itlab low s=sBono m=loremqu x=tetur mod=amvo cmd=siuta status=failure err=ommodo", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 29 05:37:24 atv high mod=access type=quira cmd=refresh id=rehende action=block dict=obeataev file=tempor", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 12 12:39:58 tlaboree note s=norumet m=dtempo x=tin module=fugitse action=deny size=3916", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/06/26T19:42:33.aturQu aaliq session_store[mipsamvo]: warn eiusmod very-high s=reetdo m=oreveri x=ehende mod=eaqueip cmd=eum module=lamc rule=umetMal folder=asper pri=umq duration=naal", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/07/11T02:45:07.uto iuntNequ pdr_ttl[esseq]: warn aincidun low s=veniamq mod=occ ttl=oloreseo reply=\"\\\"iruredol rscore=veniamqu\\\"\"", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 25 09:47:41 minim ataevi low s=repreh mod=av_run cmd=plic rule=irured name=illumqui cleaned=saq vendor=amali duration=ate", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/08/08T16:50:15.autfugi tasun mail_continue-system-sendmail[duntutla]: err ntium low s=asuntexp mod=adminim cmd=orisni action=cancel err=lmole", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/08/22T23:52:50.dolorem tem spam_init[exeacomm]: info aspe very-high mod=mides type=ciun cmd=olupta id=tsuntinc engine=inrepreh definitions=quovo", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 6 06:55:24 occaec acommodi medium s=quaeab mod=mail_env_rcpt cmd=fici r=5161 value=dipiscin verified=olup routes=aco", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/09/20T13:57:58.mag tob smtpsrv_load[dolores]: rprt equamnih high mod=deF type=itempo cmd=orumw id=redol", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 4 21:00:32 radipis high s=tiumto mod=mail_env_from cmd=litan value=nder qid=stenatus tls=equep routes=ever notroutes=tali host=BCS3474.lan ip=10.1.204.187 sampling=quin", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/10/19T04:03:07.nculpaq culpaqui regulation_init[tvolup]: note tdolore low mod=col type=obea cmd=emp id=agnaaliq action=cancel dict=uptatem file=oinv", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "queued-reinject[2957]: odt", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/11/16T18:08:15.caecat rautod rprt[olest]: info eataev very-high s=ritati m=edquia x=itesse mod=mullam cmd=mexerc secprofile_name=meaque rcpts=5808 duration=mip", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/12/01T01:10:49.deriti sintocc session_throttle[cididu]: rprt uteir high s=mwrit mod=ptat cmd=der rule=equuntur ip=10.219.133.187 rate=quameiu crate=diduntu limit=eiusmod", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 15 08:13:24 tassita very-high mod=smtpsrv cmd=run cmd=oremi rule=ugitsedq duration=turmag", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017/12/29T15:15:58.consecte pteurs dkimv_run[catcupi]: info autf very-high s=tiaecon m=uaturve x=amquisno mod=uido cmd=tla signature=mquiad identity=CSe host=lors7553.api.local result=unknown result_detail=rroqui", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/01/12T22:18:32.itae dtempo cvtd[atnula]: warn ditautf low mod=iquidex cmd=olup", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/01/27T05:21:06.rspici snisi queued-aglife[766]: olor: to=etquasia, delay=nula, xdelay=quiacons, mailer=uisa, pri=xeacommo, relay=[10.65.174.31], dsn=atur, stat=issu", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/02/10T12:23:41.ite tasnul note[tuserr]: note tise very-high s=tnul m=expl x=ess module=quiad action=cancel size=6084", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/02/24T19:26:15.llumq tenim spam_init[eiusmo]: warn ainc medium mod=antiumdo type=ecill cmd=iduntu id=pisci engine=sunt definitions=texplica", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 11 02:28:49 ate action_checksubmsg s=con m=tqu x=eirur action=accept score=tametco submsgadjust=mquisnos spamscore=25.933000 suspectscore=cit malwarescore=siar phishscore=isn adultscore=veniamq bulkscore=lup tests=iumtotam", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/03/25T09:31:24.voluptas velill regulation_init[rspic]: err orinrepr high mod=meum type=borumSec cmd=aecatcup id=snisiut action=allow dict=nre file=inB", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/04/08T16:33:58.upt ulamc cvt_detect[cept]: err aedictas low pid=4253 mod=orio cmd=gna name=ici status=success err=olu", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/04/22T23:36:32.seq moll queued-VoltageEncrypt[2861]: sunt: from=dquianon, size=956, class=itesse, nrcpts=iamqui, msgid=quide, proto=igmp, daemon=cididun, relay=str4641.domain [10.151.31.58]", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/05/07T06:39:06.cti rumSecti session_throttle[riamea]: info eca very-high s=tes mod=equam cmd=isi rule=iaecon ip=10.119.38.124 rate=rep crate=remap limit=deri", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 21 13:41:41 scipit high pid=745 mod=cvt cmd=detect cmd=borisnis name=onorumet status=success err=isiutali", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 4 20:44:15 aedict low mod=cvtd cmd=miurere", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/06/19T03:46:49.seq rumSe queued-vdedc2v5[tatnonp]: rprt ommo[4821]: idunt: to=expl, delay=olore, xdelay=uian, mailer=atuserro, pri=madminim, relay=[10.52.47.230] [10.113.119.47], dsn=quioff, stat=iuntN", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/07/03T10:49:23.mquis lorsi filter[tetura]: rprt eeufug high mod=modt sig=iduntutl", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 17 17:51:58 expl very-high pid=prehende mod=cvtd cmd=encrypted encrypted=lup", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 1 00:54:32 umd sumd medium s=dat mod=session_judge cmd=aUtenima module=turQuis rule=taevi", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/08/15T07:57:06.ercitati eve spf_run[rro]: err oeiusmo very-high s=cusanti m=tconse x=rem mod=tseddoei cmd=teursint rule=etMa duration=llita", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/08/29T14:59:40.nostrum orroquis av_init[eumi]: info tvo low mod=tuser type=mmo cmd=eve id=nbyCicer vendor=scipit engine=equuntu definitions=quamni signatures=turveli", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 12 22:02:15 ihilm medium s=caboNemo mod=mltr uptas", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/09/27T05:04:49.dol exe info[tis]: note oluptat low eid=tinvolup pid=497 status=tvol", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 11 12:07:23 eritqui medium s=atus mod=session_judge cmd=tassitas module=obea rule=velite", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/10/25T19:09:57.lore luptate av_init[eritqu]: err elites very-high mod=tamr type=serr cmd=usci id=unturmag vendor=dexeaco engine=lupta definitions=ura signatures=oreeufug", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/11/09T02:12:32.ree itten milter_listen[quipexea]: warn orsitv medium mod=nostrum cmd=autodita addr=10.27.154.247", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/11/23T09:15:06.utfugi ursintoc dkimv_type[tio]: rprt mmodicon: high mod=trudex unexpected response type=tvol", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018/12/07T16:17:40.rehen uaeab session_throttle[ptat]: warn mipsu high s=eturadip mod=amquaera cmd=rsitamet rule=leumiur ip=10.253.121.154 rate=olesti crate=edquia limit=ihi", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 21 23:20:14 emoenimi high pid=5895 mod=cvt cmd=detect cmd=mqu name=onorume status=unknown err=veleu", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 5 06:22:49 dquia high s=bori mod=mltr dipi", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 19 13:25:23 quovolu high s=dexe mod=mltr nemul", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/02/02T20:27:57.quatur dminim mail_msg[ptatevel]: warn aperiame very-high s=eirured mod=sequamn cmd=perspici module=inimve rule=aea action=allow attachments=5821 rcpts=296 routes=ptat size=4878 guid=nde hdr_mid=quame qid=orumwri subject=atisu spamscore=66.849000 virusname=tse duration=rad elapsed=iat", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/02/17T03:30:32.lorum suntexpl sm-msp-queue[iqu]: rprt iquamqu[6293]: audant: to=obeata, ctladdr=uredol, delay=uptat, xdelay=toditau, mailer=uiad, pri=nvolupta, relay=[10.80.133.120] [10.147.147.248], dsn=onpr, stat=uira", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/03/03T10:33:06.aliqu sequine regulation_refresh[utaliqui]: note isciv very-high mod=econ type=aborio cmd=rve id=catcup action=deny dict=runtmoll file=busBon", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/03/17T17:35:40.occaeca dan queued-alert[pta]: err upt[4762]: itaedict: to=eroi, delay=onemull, xdelay=mdo, mailer=labore, pri=lorem, relay=[10.68.159.207] [10.232.240.177], dsn=estq, stat=quasiarc", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/04/01T00:38:14.tDuisaut uel warn[dexerc]: info vol high eid=agn status=\"iqu file: quamqua\"", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 15 07:40:49 uunturm very-high mod=regulation type=iaconseq cmd=init id=tseddo action=cancel dict=rissusci file=ectetur", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 29 14:43:23 quaturve medium mod=zerohour type=gnamali cmd=init id=iumtota version=issusci", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/05/13T21:45:57.ecillumd iumto dmarc_type[sequatu]: rprt tiumtot: medium mod=mdoloree type=que cmd=inBCSed id=cteturad policy_cache_entries=umq", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 28 04:48:31 reseo quam very-high s=pariat mod=mail_env_rcpt cmd=icaboNe r=4840 value=lumd verified=tiaec routes=lorem", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 11 11:51:06 seq low mod=info sys=lorsita evt=deny active=itation expires=utlabo msg=tat", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 25 18:53:40 ididu medium s=epteurs mod=mail_env_from cmd=itse value=rever ofrom=sBonoru qid=ecatcu tls=ntoccae routes=iscive notroutes=amni host=etconse5657.api.lan ip=10.118.249.126 sampling=dminimv", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/07/10T01:56:14.rep nostru access_load[docons]: info emipsumq low mod=qua type=modit cmd=tatione id=aedicta", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 24 08:58:48 uas high s=reeufu mod=mail_env_from cmd=umexe value=xce ofrom=omnisis qid=corporis tls=tco routes=stiaec notroutes=Cicero host=ven5410.mail.host ip=10.170.55.203 sampling=deom", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/08/07T16:01:23.Utenima nse info[umq]: note enim low mod=meaquei sys=snisiu evt=allow active=atev expires=vento msg=litsed", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 21 23:03:57 susc taed high s=mipsumd mod=mail_continue-system-sendmail cmd=eiusmo action=block err=sum", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 5 06:06:31 ipex low s=upta cmd=send profile=ivel qid=tmollita rcpts=tionofd", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/09/19T13:09:05.ccaec repreh http_listen[imven]: note usan very-high mod=idolo cmd=olup addr=10.199.46.88", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/10/03T20:11:40.nulapari beataevi queued-VoltageEncrypt[3274]: eruntmol: from=plicab, size=5930, class=dmin, nrcpts=sum, msgid=lloinve, proto=ggp, daemon=nim, relay=Sedutper7794.www5.domain [10.154.22.241]", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/10/18T03:14:14.nvol doloreeu cvtd_encrypted[elillumq]: info loremeum medium pid=obeataev mod=rrorsit encrypted=aincid", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 1 10:16:48 nis info pid=472 iin /uteiru: xer", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/11/15T17:19:22.isauteir eritquii soap_listen[atevelit]: note dese low mod=ionula cmd=itaed addr=10.38.111.125", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 30 00:21:57 ationem high mod=spam type=ing cmd=load id=ollita", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019/12/14T07:24:31.nih ncididu queued-default[4250]: STARTTLS=gitsed, relay=estla4081.corp, version=meumf, verify=rExce, cipher=quisquam, bits=boreet", "tags": [ diff --git a/packages/proofpoint/data_stream/emailsecurity/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint/data_stream/emailsecurity/elasticsearch/ingest_pipeline/default.yml index 4746189f937..8ab5b97e3db 100644 --- a/packages/proofpoint/data_stream/emailsecurity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint/data_stream/emailsecurity/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Proofpoint Email Security processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/proofpoint/data_stream/emailsecurity/sample_event.json b/packages/proofpoint/data_stream/emailsecurity/sample_event.json index 6c08748eec1..d40707cefb0 100644 --- a/packages/proofpoint/data_stream/emailsecurity/sample_event.json +++ b/packages/proofpoint/data_stream/emailsecurity/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/proofpoint/manifest.yml b/packages/proofpoint/manifest.yml index 48391488a56..e5f16824607 100644 --- a/packages/proofpoint/manifest.yml +++ b/packages/proofpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: proofpoint title: Proofpoint Email Security Logs -version: 0.7.0 +version: "0.8.0" description: Collect logs from Proofpoint Email Security devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/proofpoint_tap/_dev/build/build.yml b/packages/proofpoint_tap/_dev/build/build.yml index d61527283ec..5661d603a89 100644 --- a/packages/proofpoint_tap/_dev/build/build.yml +++ b/packages/proofpoint_tap/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.2 + reference: git@v8.3.0 diff --git a/packages/proofpoint_tap/changelog.yml b/packages/proofpoint_tap/changelog.yml index fb37f7f3f1b..1ed9950df7a 100644 --- a/packages/proofpoint_tap/changelog.yml +++ b/packages/proofpoint_tap/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: 0.1.0 changes: - description: Initial draft of the package. diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json b/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json index acfb0bb8710..e5fa4e2f757 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json @@ -24,7 +24,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -116,7 +116,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -207,7 +207,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -299,7 +299,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -391,7 +391,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml index 4647d994c37..ffb06068af0 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP blocked clicks logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json b/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json index 881c2f01a86..ab4b2c65b5e 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json @@ -35,7 +35,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "3dc09e3a-0004-444b-a301-8c632b17172b", diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json b/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json index 0c481913836..ea3e1d2938b 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json @@ -24,7 +24,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -115,7 +115,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -207,7 +207,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -298,7 +298,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml index 378558c4f95..9ea38e1377d 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP permitted clicks logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json b/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json index 16e7c809f8f..a6c0c3d01e8 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json @@ -35,7 +35,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "3dc09e3a-0004-444b-a301-8c632b17172b", diff --git a/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json b/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json index a6586c5ea99..e5e40b6c3f5 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json +++ b/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": [ @@ -123,7 +123,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": [ @@ -243,7 +243,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": [ @@ -370,7 +370,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": [ @@ -566,7 +566,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": [ @@ -692,7 +692,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": [ diff --git a/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml index 73da7207a7f..deceac5cf00 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP blocked message logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json b/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json index 377c23317dd..3ef00636d79 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json +++ b/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "3dc09e3a-0004-444b-a301-8c632b17172b", diff --git a/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json b/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json index 15f13de4849..6acfb2a9668 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json +++ b/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "delivery_timestamp": "2022-01-05T10:05:56.020Z", @@ -88,7 +88,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -157,7 +157,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -232,7 +232,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -307,7 +307,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": [ @@ -454,7 +454,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": [ @@ -608,7 +608,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": [ @@ -756,7 +756,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "attachments": [ diff --git a/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml index 139b593dfc4..62ee68e1084 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP delivered message logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json b/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json index 60229edc5b8..e682705a58c 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json +++ b/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "3dc09e3a-0004-444b-a301-8c632b17172b", diff --git a/packages/proofpoint_tap/docs/README.md b/packages/proofpoint_tap/docs/README.md index 4499fb5f31d..0c37b759043 100644 --- a/packages/proofpoint_tap/docs/README.md +++ b/packages/proofpoint_tap/docs/README.md @@ -63,7 +63,7 @@ An example event for `clicks_blocked` looks as following: "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "3dc09e3a-0004-444b-a301-8c632b17172b", @@ -290,7 +290,7 @@ An example event for `clicks_permitted` looks as following: "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "3dc09e3a-0004-444b-a301-8c632b17172b", @@ -496,7 +496,7 @@ An example event for `message_blocked` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "3dc09e3a-0004-444b-a301-8c632b17172b", @@ -805,7 +805,7 @@ An example event for `message_delivered` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "3dc09e3a-0004-444b-a301-8c632b17172b", diff --git a/packages/proofpoint_tap/manifest.yml b/packages/proofpoint_tap/manifest.yml index 69c83c7db53..e8763169fc3 100644 --- a/packages/proofpoint_tap/manifest.yml +++ b/packages/proofpoint_tap/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: proofpoint_tap title: Proofpoint TAP -version: 0.1.0 +version: "0.2.0" license: basic description: Collect logs from Proofpoint TAP with Elastic Agent. type: integration diff --git a/packages/pulse_connect_secure/_dev/build/build.yml b/packages/pulse_connect_secure/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/pulse_connect_secure/_dev/build/build.yml +++ b/packages/pulse_connect_secure/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/pulse_connect_secure/changelog.yml b/packages/pulse_connect_secure/changelog.yml index dbb2255406d..95e1202efdd 100644 --- a/packages/pulse_connect_secure/changelog.yml +++ b/packages/pulse_connect_secure/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.1" changes: - description: Add mapping for `event.create` diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json index 6ec34ee5a60..a7d1d230a9f 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -85,7 +85,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -145,7 +145,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -223,7 +223,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -301,7 +301,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -381,7 +381,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -459,7 +459,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -539,7 +539,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -617,7 +617,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -695,7 +695,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json index 4eed7adf0de..40acaafbfd4 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -105,7 +105,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -185,7 +185,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -247,7 +247,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -291,7 +291,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json index f3117783d54..1dfddd5f257 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json @@ -7,7 +7,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -67,7 +67,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -127,7 +127,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -169,7 +169,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -211,7 +211,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -271,7 +271,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json index e0d45cf4950..8d0b893dd48 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -103,7 +103,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -200,7 +200,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -293,7 +293,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -371,7 +371,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -449,7 +449,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -529,7 +529,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -607,7 +607,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -687,7 +687,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -771,7 +771,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -863,7 +863,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -944,7 +944,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 57cbefc7306..edaf4c43eac 100644 --- a/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Pulse Connect Secure logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/pulse_connect_secure/data_stream/log/sample_event.json b/packages/pulse_connect_secure/data_stream/log/sample_event.json index 507cf48f599..ec0c798e21b 100644 --- a/packages/pulse_connect_secure/data_stream/log/sample_event.json +++ b/packages/pulse_connect_secure/data_stream/log/sample_event.json @@ -35,7 +35,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/pulse_connect_secure/docs/README.md b/packages/pulse_connect_secure/docs/README.md index 5949b8dd001..5b84220d8af 100644 --- a/packages/pulse_connect_secure/docs/README.md +++ b/packages/pulse_connect_secure/docs/README.md @@ -44,7 +44,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/pulse_connect_secure/manifest.yml b/packages/pulse_connect_secure/manifest.yml index a1d00eb1c07..b41bda219a3 100644 --- a/packages/pulse_connect_secure/manifest.yml +++ b/packages/pulse_connect_secure/manifest.yml @@ -1,6 +1,6 @@ name: pulse_connect_secure title: Pulse Connect Secure -version: 1.0.1 +version: "1.1.0" release: ga description: Collect logs from Pulse Connect Secure with Elastic Agent. type: integration diff --git a/packages/qnap_nas/_dev/build/build.yml b/packages/qnap_nas/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/qnap_nas/_dev/build/build.yml +++ b/packages/qnap_nas/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/qnap_nas/changelog.yml b/packages/qnap_nas/changelog.yml index 65a54ed30f1..34b44bd23bc 100644 --- a/packages/qnap_nas/changelog.yml +++ b/packages/qnap_nas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.2.1" changes: - description: Added link to QNAP documentation in the readme file diff --git a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json index 9f8aa4ad5b9..04c91ed7642 100644 --- a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json +++ b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json @@ -1,48 +1,43 @@ { "expected": [ { - "process": { - "name": "qulogd", - "pid": 14629 + "@timestamp": "2022-10-30T20:24:24.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "create-directory", + "category": [ + "file" + ], + "created": "2022-10-30T20:24:24.000-05:00", + "kind": "event", + "original": "\u003c30\u003eOct 30 20:24:24 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/New folder, Action: Create Directory", + "provider": "conn-log", + "timezone": "-05:00", + "type": [ + "creation" + ] + }, + "file": { + "path": "path/to/files/New folder" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "domain": "user-laptop", - "ip": "10.50.36.33" - }, - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:24:24.000-05:00", - "file": { - "path": "path/to/files/New folder" - }, - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin.user" - ], - "hosts": [ - "user-laptop" - ], - "ip": [ - "10.50.36.33" - ] - }, - "host": { - "name": "qnap-nas01" + "process": { + "name": "qulogd", + "pid": 14629 }, "qnap": { "nas": { @@ -52,34 +47,17 @@ } } }, - "event": { - "original": "\u003c30\u003eOct 30 20:24:24 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/New folder, Action: Create Directory", - "provider": "conn-log", - "timezone": "-05:00", - "created": "2022-10-30T20:24:24.000-05:00", - "kind": "event", - "action": "create-directory", - "type": [ - "creation" + "related": { + "hosts": [ + "user-laptop" ], - "category": [ - "file" + "ip": [ + "10.50.36.33" + ], + "user": [ + "admin.user" ] }, - "user": { - "name": "admin.user" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14629 - }, - "log": { - "syslog": { - "priority": 30 - } - }, "source": { "address": "10.50.36.33", "domain": "user-laptop", @@ -88,562 +66,579 @@ "tags": [ "preserve_original_event" ], - "observer": { - "type": "nas", - "product": "NAS", - "vendor": "QNAP" - }, + "user": { + "name": "admin.user" + } + }, + { "@timestamp": "2022-10-30T20:24:25.000-05:00", "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "guest" - ], - "hosts": [ - "user-laptop" - ], - "ip": [ - "10.50.36.33" - ] - }, - "host": { - "name": "qnap-nas01" - }, - "qnap": { - "nas": { - "connection_type": "Samba" - } + "version": "8.3.0" }, "event": { + "action": "login-fail", + "category": [ + "authentication" + ], + "created": "2022-10-30T20:24:25.000-05:00", + "kind": "event", "original": "\u003c30\u003eOct 30 20:24:25 qnap-nas01 qulogd[14629]: conn log: Users: guest, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: ---, Action: Login Fail", + "outcome": "failure", "provider": "conn-log", "timezone": "-05:00", - "created": "2022-10-30T20:24:25.000-05:00", - "kind": "event", - "action": "login-fail", "type": [ "info" - ], - "category": [ - "authentication" - ], - "outcome": "failure" + ] }, - "user": { - "name": "guest" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14629 + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "domain": "user-laptop", - "ip": "10.50.36.33" - }, - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:35:25.000-05:00", - "ecs": { - "version": "8.2.0" + "process": { + "name": "qulogd", + "pid": 14629 + }, + "qnap": { + "nas": { + "connection_type": "Samba" + } }, "related": { - "user": [ - "guest" - ], "hosts": [ "user-laptop" ], "ip": [ "10.50.36.33" + ], + "user": [ + "guest" ] }, - "host": { - "name": "qnap-nas01" + "source": { + "address": "10.50.36.33", + "domain": "user-laptop", + "ip": "10.50.36.33" }, - "qnap": { - "nas": { - "connection_type": "Samba" - } + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "guest" + } + }, + { + "@timestamp": "2022-10-30T20:35:25.000-05:00", + "ecs": { + "version": "8.3.0" }, "event": { + "action": "login-success", + "category": [ + "authentication" + ], + "created": "2022-10-30T20:35:25.000-05:00", + "kind": "event", "original": "\u003c30\u003eOct 30 20:35:25 qnap-nas01 qulogd[14629]: conn log: Users: guest, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: ---, Action: Login Success", + "outcome": "success", "provider": "conn-log", "timezone": "-05:00", - "created": "2022-10-30T20:35:25.000-05:00", - "kind": "event", - "action": "login-success", "type": [ "start" - ], - "category": [ - "authentication" - ], - "outcome": "success" + ] }, - "user": { - "name": "guest" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14387 + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "ip": "10.50.36.33" - }, - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-11-21T14:42:18.000-05:00", - "ecs": { - "version": "8.2.0" + "process": { + "name": "qulogd", + "pid": 14629 + }, + "qnap": { + "nas": { + "connection_type": "Samba" + } }, "related": { - "user": [ - "admin.user" + "hosts": [ + "user-laptop" ], "ip": [ "10.50.36.33" + ], + "user": [ + "guest" ] }, - "host": { - "name": "qnap-nas01" + "source": { + "address": "10.50.36.33", + "domain": "user-laptop", + "ip": "10.50.36.33" }, - "qnap": { - "nas": { - "application": "Administration", - "connection_type": "HTTP/HTTPS" - } + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "guest" + } + }, + { + "@timestamp": "2022-11-21T14:42:18.000-05:00", + "ecs": { + "version": "8.3.0" }, "event": { + "action": "login-success", + "category": [ + "authentication" + ], + "created": "2022-11-21T14:42:18.000-05:00", + "kind": "event", "original": "\u003c30\u003eNov 21 14:42:18 qnap-nas01 qulogd[14387]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Connection type: HTTP/HTTPS, Accessed resources: Administration, Action: Login Success", + "outcome": "success", "provider": "conn-log", "timezone": "-05:00", - "created": "2022-11-21T14:42:18.000-05:00", - "kind": "event", - "action": "login-success", "type": [ "start" - ], - "category": [ - "authentication" - ], - "outcome": "success" + ] }, - "user": { - "name": "admin.user" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14629 + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "domain": "user-laptop", - "ip": "10.50.36.33" - }, - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:35:25.000-05:00", - "ecs": { - "version": "8.2.0" + "process": { + "name": "qulogd", + "pid": 14387 + }, + "qnap": { + "nas": { + "application": "Administration", + "connection_type": "HTTP/HTTPS" + } }, "related": { - "user": [ - "guest" - ], - "hosts": [ - "user-laptop" - ], "ip": [ "10.50.36.33" + ], + "user": [ + "admin.user" ] }, - "host": { - "name": "qnap-nas01" + "source": { + "address": "10.50.36.33", + "ip": "10.50.36.33" }, - "qnap": { - "nas": { - "connection_type": "HTTP/HTTPS" - } + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin.user" + } + }, + { + "@timestamp": "2022-10-30T20:35:25.000-05:00", + "ecs": { + "version": "8.3.0" }, "event": { + "action": "logout", + "category": [ + "authentication" + ], + "created": "2022-10-30T20:35:25.000-05:00", + "kind": "event", "original": "\u003c30\u003eOct 30 20:35:25 qnap-nas01 qulogd[14629]: conn log: Users: guest, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: HTTP/HTTPS, Accessed resources: ---, Action: Logout", "provider": "conn-log", "timezone": "-05:00", - "created": "2022-10-30T20:35:25.000-05:00", - "kind": "event", - "action": "logout", "type": [ "end" - ], - "category": [ - "authentication" ] }, - "user": { - "name": "guest" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14629 + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "ip": "10.50.36.33" - }, - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:24:30.000-05:00", - "file": { - "path": "/Browser Station/admin" + "process": { + "name": "qulogd", + "pid": 14629 }, - "ecs": { - "version": "8.2.0" + "qnap": { + "nas": { + "connection_type": "HTTP/HTTPS" + } }, "related": { - "user": [ - "admin.user" + "hosts": [ + "user-laptop" ], "ip": [ "10.50.36.33" + ], + "user": [ + "guest" ] }, - "host": { - "name": "qnap-nas01" + "source": { + "address": "10.50.36.33", + "domain": "user-laptop", + "ip": "10.50.36.33" }, - "qnap": { - "nas": { - "application": "File Station", - "connection_type": "HTTP/HTTPS", - "file": { - "path": "/Browser Station/admin" - } - } + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "guest" + } + }, + { + "@timestamp": "2022-10-30T20:24:30.000-05:00", + "ecs": { + "version": "8.3.0" }, "event": { + "action": "read", + "category": [ + "file" + ], + "created": "2022-10-30T20:24:30.000-05:00", + "kind": "event", "original": "\u003c30\u003eOct 30 20:24:30 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Connection type: HTTP/HTTPS, Accessed resources: [File Station] /Browser Station/admin, Action: Read", "provider": "conn-log", "timezone": "-05:00", - "created": "2022-10-30T20:24:30.000-05:00", - "kind": "event", - "action": "read", "type": [ "access" - ], - "category": [ - "file" ] }, - "user": { - "name": "admin.user" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14629 + "file": { + "path": "/Browser Station/admin" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "domain": "user-laptop", - "ip": "10.50.36.33" - }, - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:24:30.000-05:00", - "ecs": { - "version": "8.2.0" + "process": { + "name": "qulogd", + "pid": 14629 + }, + "qnap": { + "nas": { + "application": "File Station", + "connection_type": "HTTP/HTTPS", + "file": { + "path": "/Browser Station/admin" + } + } }, "related": { - "user": [ - "admin.user" - ], - "hosts": [ - "user-laptop" - ], "ip": [ "10.50.36.33" + ], + "user": [ + "admin.user" ] }, - "host": { - "name": "qnap-nas01" + "source": { + "address": "10.50.36.33", + "ip": "10.50.36.33" }, - "qnap": { - "nas": { - "application": "path/to/files/New folder -\u003e path/to/files/asdf", - "connection_type": "Samba" - } + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin.user" + } + }, + { + "@timestamp": "2022-10-30T20:24:30.000-05:00", + "ecs": { + "version": "8.3.0" }, "event": { + "action": "rename", + "category": [ + "file" + ], + "created": "2022-10-30T20:24:30.000-05:00", + "kind": "event", "original": "\u003c30\u003eOct 30 20:24:30 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/New folder -\u003e path/to/files/asdf, Action: Rename", "provider": "conn-log", "timezone": "-05:00", - "created": "2022-10-30T20:24:30.000-05:00", - "kind": "event", - "action": "rename", "type": [ "change" - ], - "category": [ - "file" ] }, - "user": { - "name": "admin.user" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14629 + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "domain": "user-laptop", - "ip": "10.50.36.33" - }, - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:24:33.000-05:00", - "file": { - "path": "path/to/files/asdf" + "process": { + "name": "qulogd", + "pid": 14629 }, - "ecs": { - "version": "8.2.0" + "qnap": { + "nas": { + "application": "path/to/files/New folder -\u003e path/to/files/asdf", + "connection_type": "Samba" + } }, "related": { - "user": [ - "admin.user" - ], "hosts": [ "user-laptop" ], "ip": [ "10.50.36.33" + ], + "user": [ + "admin.user" ] }, - "host": { - "name": "qnap-nas01" + "source": { + "address": "10.50.36.33", + "domain": "user-laptop", + "ip": "10.50.36.33" }, - "qnap": { - "nas": { - "connection_type": "Samba", - "file": { - "path": "path/to/files/asdf" - } - } + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin.user" + } + }, + { + "@timestamp": "2022-10-30T20:24:33.000-05:00", + "ecs": { + "version": "8.3.0" }, "event": { + "action": "delete", + "category": [ + "file" + ], + "created": "2022-10-30T20:24:33.000-05:00", + "kind": "event", "original": "\u003c30\u003eOct 30 20:24:33 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/asdf, Action: Delete", "provider": "conn-log", "timezone": "-05:00", - "created": "2022-10-30T20:24:33.000-05:00", - "kind": "event", - "action": "delete", "type": [ "deletion" - ], - "category": [ - "file" ] }, - "user": { - "name": "admin.user" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14629 + "file": { + "path": "path/to/files/asdf" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "domain": "user-laptop", - "ip": "10.50.36.33" - }, - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:43:19.000-05:00", - "file": { - "path": "path/to/files/picture.jpg", - "extension": "jpg" + "process": { + "name": "qulogd", + "pid": 14629 }, - "ecs": { - "version": "8.2.0" + "qnap": { + "nas": { + "connection_type": "Samba", + "file": { + "path": "path/to/files/asdf" + } + } }, "related": { - "user": [ - "admin.user" - ], "hosts": [ "user-laptop" ], "ip": [ "10.50.36.33" + ], + "user": [ + "admin.user" ] }, - "host": { - "name": "qnap-nas01" + "source": { + "address": "10.50.36.33", + "domain": "user-laptop", + "ip": "10.50.36.33" }, - "qnap": { - "nas": { - "connection_type": "Samba", - "file": { - "path": "path/to/files/picture.jpg" - } - } + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin.user" + } + }, + { + "@timestamp": "2022-10-30T20:43:19.000-05:00", + "ecs": { + "version": "8.3.0" }, "event": { + "action": "read", + "category": [ + "file" + ], + "created": "2022-10-30T20:43:19.000-05:00", + "kind": "event", "original": "\u003c30\u003eOct 30 20:43:19 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/picture.jpg, Action: Read", "provider": "conn-log", "timezone": "-05:00", - "created": "2022-10-30T20:43:19.000-05:00", - "kind": "event", - "action": "read", "type": [ "access" - ], - "category": [ - "file" ] }, - "user": { - "name": "admin.user" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14629 + "file": { + "extension": "jpg", + "path": "path/to/files/picture.jpg" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "domain": "user-laptop", - "ip": "10.50.36.33" - }, - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:43:19.000-05:00", - "file": { - "path": "path/to/files/picture.jpg", - "extension": "jpg" + "process": { + "name": "qulogd", + "pid": 14629 }, - "ecs": { - "version": "8.2.0" + "qnap": { + "nas": { + "connection_type": "Samba", + "file": { + "path": "path/to/files/picture.jpg" + } + } }, "related": { - "user": [ - "admin.user" - ], "hosts": [ "user-laptop" ], "ip": [ "10.50.36.33" + ], + "user": [ + "admin.user" + ] + }, + "source": { + "address": "10.50.36.33", + "domain": "user-laptop", + "ip": "10.50.36.33" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin.user" + } + }, + { + "@timestamp": "2022-10-30T20:43:19.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "add", + "category": [ + "file" + ], + "created": "2022-10-30T20:43:19.000-05:00", + "kind": "event", + "original": "\u003c30\u003eOct 30 20:43:19 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/picture.jpg, Action: Add", + "provider": "conn-log", + "timezone": "-05:00", + "type": [ + "creation" ] }, + "file": { + "extension": "jpg", + "path": "path/to/files/picture.jpg" + }, "host": { "name": "qnap-nas01" }, + "log": { + "syslog": { + "priority": 30 + } + }, + "observer": { + "product": "NAS", + "type": "nas", + "vendor": "QNAP" + }, + "process": { + "name": "qulogd", + "pid": 14629 + }, "qnap": { "nas": { "connection_type": "Samba", @@ -652,20 +647,25 @@ } } }, - "event": { - "original": "\u003c30\u003eOct 30 20:43:19 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/picture.jpg, Action: Add", - "provider": "conn-log", - "timezone": "-05:00", - "created": "2022-10-30T20:43:19.000-05:00", - "kind": "event", - "action": "add", - "type": [ - "creation" + "related": { + "hosts": [ + "user-laptop" ], - "category": [ - "file" + "ip": [ + "10.50.36.33" + ], + "user": [ + "admin.user" ] }, + "source": { + "address": "10.50.36.33", + "domain": "user-laptop", + "ip": "10.50.36.33" + }, + "tags": [ + "preserve_original_event" + ], "user": { "name": "admin.user" } diff --git a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json index 4cc57959055..0e7644f8c31 100644 --- a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json +++ b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json @@ -1,9 +1,23 @@ { "expected": [ { - "process": { - "name": "qulogd", - "pid": 14629 + "@timestamp": "2022-10-30T20:28:41.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "category": [ + "configuration" + ], + "created": "2022-10-30T20:28:41.000-05:00", + "kind": "event", + "original": "\u003c28\u003eOct 30 20:28:41 qnap-nas01 qulogd[14629]: event log: Users: admin, Source IP: 127.0.0.1, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Infrastructure, Content: [Network \u0026 Virtual Switch] Interface \"Adapter 2\" disconnected.", + "provider": "event-log", + "timezone": "-05:00", + "type": "change" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { @@ -11,25 +25,14 @@ } }, "message": "[Network \u0026 Virtual Switch] Interface \"Adapter 2\" disconnected.", - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:28:41.000-05:00", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin" - ] - }, - "host": { - "name": "qnap-nas01" + "process": { + "name": "qulogd", + "pid": 14629 }, "qnap": { "nas": { @@ -37,25 +40,36 @@ "category": "Infrastructure" } }, - "event": { - "original": "\u003c28\u003eOct 30 20:28:41 qnap-nas01 qulogd[14629]: event log: Users: admin, Source IP: 127.0.0.1, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Infrastructure, Content: [Network \u0026 Virtual Switch] Interface \"Adapter 2\" disconnected.", - "provider": "event-log", - "timezone": "-05:00", - "created": "2022-10-30T20:28:41.000-05:00", - "kind": "event", - "type": "change", - "category": [ - "configuration" + "related": { + "user": [ + "admin" ] }, + "tags": [ + "preserve_original_event" + ], "user": { "name": "admin" } }, { - "process": { - "name": "qulogd", - "pid": 14629 + "@timestamp": "2022-10-30T20:29:32.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "category": [ + "configuration" + ], + "created": "2022-10-30T20:29:32.000-05:00", + "kind": "event", + "original": "\u003c30\u003eOct 30 20:29:32 qnap-nas01 qulogd[14629]: event log: Users: admin, Source IP: 127.0.0.1, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Infrastructure, Content: [Network \u0026 Virtual Switch] Interface \"Adapter 2\" connected.", + "provider": "event-log", + "timezone": "-05:00", + "type": "change" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { @@ -63,25 +77,14 @@ } }, "message": "[Network \u0026 Virtual Switch] Interface \"Adapter 2\" connected.", - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:29:32.000-05:00", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin" - ] - }, - "host": { - "name": "qnap-nas01" + "process": { + "name": "qulogd", + "pid": 14629 }, "qnap": { "nas": { @@ -89,25 +92,36 @@ "category": "Infrastructure" } }, - "event": { - "original": "\u003c30\u003eOct 30 20:29:32 qnap-nas01 qulogd[14629]: event log: Users: admin, Source IP: 127.0.0.1, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Infrastructure, Content: [Network \u0026 Virtual Switch] Interface \"Adapter 2\" connected.", - "provider": "event-log", - "timezone": "-05:00", - "created": "2022-10-30T20:29:32.000-05:00", - "kind": "event", - "type": "change", - "category": [ - "configuration" + "related": { + "user": [ + "admin" ] }, + "tags": [ + "preserve_original_event" + ], "user": { "name": "admin" } }, { - "process": { - "name": "qulogd", - "pid": 14629 + "@timestamp": "2022-10-30T20:29:32.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "category": [ + "configuration" + ], + "created": "2022-10-30T20:29:32.000-05:00", + "kind": "event", + "original": "\u003c30\u003eOct 30 20:29:32 qnap-nas01 qulogd[14629]: event log: Users: admin, Source IP: 127.0.0.1, Computer name: ---, Application: External Device, Category: UPS, Content: [External Device] UPS power restored. Canceled autoprotection mode..", + "provider": "event-log", + "timezone": "-05:00", + "type": "change" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { @@ -115,25 +129,14 @@ } }, "message": "[External Device] UPS power restored. Canceled autoprotection mode..", - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:29:32.000-05:00", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin" - ] - }, - "host": { - "name": "qnap-nas01" + "process": { + "name": "qulogd", + "pid": 14629 }, "qnap": { "nas": { @@ -141,58 +144,51 @@ "category": "UPS" } }, - "event": { - "original": "\u003c30\u003eOct 30 20:29:32 qnap-nas01 qulogd[14629]: event log: Users: admin, Source IP: 127.0.0.1, Computer name: ---, Application: External Device, Category: UPS, Content: [External Device] UPS power restored. Canceled autoprotection mode..", - "provider": "event-log", - "timezone": "-05:00", - "created": "2022-10-30T20:29:32.000-05:00", - "kind": "event", - "type": "change", - "category": [ - "configuration" + "related": { + "user": [ + "admin" ] }, + "tags": [ + "preserve_original_event" + ], "user": { "name": "admin" } }, { - "process": { - "name": "qulogd", - "pid": 14629 + "@timestamp": "2022-10-30T20:32:25.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "category": [ + "configuration" + ], + "created": "2022-10-30T20:32:25.000-05:00", + "kind": "event", + "original": "\u003c30\u003eOct 30 20:32:25 qnap-nas01 qulogd[14629]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Static Route, Content: [Network \u0026 Virtual Switch] Added static route. Interface: , Destination: 5.5.5.0.", + "provider": "event-log", + "timezone": "-05:00", + "type": "change" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "ip": "10.50.36.33" - }, "message": "[Network \u0026 Virtual Switch] Added static route. Interface: , Destination: 5.5.5.0.", - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:32:25.000-05:00", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin.user" - ], - "ip": [ - "10.50.36.33" - ] - }, - "host": { - "name": "qnap-nas01" + "process": { + "name": "qulogd", + "pid": 14629 }, "qnap": { "nas": { @@ -200,120 +196,123 @@ "category": "Static Route" } }, - "event": { - "original": "\u003c30\u003eOct 30 20:32:25 qnap-nas01 qulogd[14629]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Static Route, Content: [Network \u0026 Virtual Switch] Added static route. Interface: , Destination: 5.5.5.0.", - "provider": "event-log", - "timezone": "-05:00", - "created": "2022-10-30T20:32:25.000-05:00", - "kind": "event", - "type": "change", - "category": [ - "configuration" + "related": { + "ip": [ + "10.50.36.33" + ], + "user": [ + "admin.user" ] }, + "source": { + "address": "10.50.36.33", + "ip": "10.50.36.33" + }, + "tags": [ + "preserve_original_event" + ], "user": { "name": "admin.user" } }, { - "process": { - "name": "qulogd", - "pid": 14629 + "@timestamp": "2022-10-30T20:34:22.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "category": [ + "configuration" + ], + "created": "2022-10-30T20:34:22.000-05:00", + "kind": "event", + "original": "\u003c30\u003eOct 30 20:34:22 qnap-nas01 qulogd[14629]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Static Route, Content: [Network \u0026 Virtual Switch] Removed static route. Interface: , Destination: 5.5.5.0.", + "provider": "event-log", + "timezone": "-05:00", + "type": "change" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "ip": "10.50.36.33" - }, "message": "[Network \u0026 Virtual Switch] Removed static route. Interface: , Destination: 5.5.5.0.", - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-10-30T20:34:22.000-05:00", - "ecs": { - "version": "8.2.0" + "process": { + "name": "qulogd", + "pid": 14629 + }, + "qnap": { + "nas": { + "application": "Network \u0026 Virtual Switch", + "category": "Static Route" + } }, "related": { - "user": [ - "admin.user" - ], "ip": [ "10.50.36.33" - ] + ], + "user": [ + "admin.user" + ] }, - "host": { - "name": "qnap-nas01" + "source": { + "address": "10.50.36.33", + "ip": "10.50.36.33" }, - "qnap": { - "nas": { - "application": "Network \u0026 Virtual Switch", - "category": "Static Route" - } + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin.user" + } + }, + { + "@timestamp": "2022-11-21T15:23:42.000-05:00", + "ecs": { + "version": "8.3.0" }, "event": { - "original": "\u003c30\u003eOct 30 20:34:22 qnap-nas01 qulogd[14629]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Static Route, Content: [Network \u0026 Virtual Switch] Removed static route. Interface: , Destination: 5.5.5.0.", + "action": "created-shared-folder", + "category": [ + "file" + ], + "created": "2022-11-21T15:23:42.000-05:00", + "kind": "event", + "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Shared Folders, Category: General, Content: [Shared Folders] Created shared folder \"abcd\".", "provider": "event-log", "timezone": "-05:00", - "created": "2022-10-30T20:34:22.000-05:00", - "kind": "event", - "type": "change", - "category": [ - "configuration" + "type": [ + "creation" ] }, - "user": { - "name": "admin.user" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14387 + "file": { + "path": "abcd" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "ip": "10.50.36.33" - }, "message": "[Shared Folders] Created shared folder \"abcd\".", - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-11-21T15:23:42.000-05:00", - "file": { - "path": "abcd" - }, - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin.user" - ], - "ip": [ - "10.50.36.33" - ] - }, - "host": { - "name": "qnap-nas01" + "process": { + "name": "qulogd", + "pid": 14387 }, "qnap": { "nas": { @@ -324,64 +323,64 @@ } } }, - "event": { - "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Shared Folders, Category: General, Content: [Shared Folders] Created shared folder \"abcd\".", - "provider": "event-log", - "timezone": "-05:00", - "created": "2022-11-21T15:23:42.000-05:00", - "kind": "event", - "action": "created-shared-folder", - "type": [ - "creation" + "related": { + "ip": [ + "10.50.36.33" ], - "category": [ - "file" + "user": [ + "admin.user" ] }, + "source": { + "address": "10.50.36.33", + "ip": "10.50.36.33" + }, + "tags": [ + "preserve_original_event" + ], "user": { "name": "admin.user" } }, { - "process": { - "name": "qulogd", - "pid": 14387 + "@timestamp": "2022-11-21T15:23:42.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "deleted-shared-folder", + "category": [ + "file" + ], + "created": "2022-11-21T15:23:42.000-05:00", + "kind": "event", + "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Shared Folders, Category: General, Content: [Shared Folders] Deleted shared folder \"abcd\".", + "provider": "event-log", + "timezone": "-05:00", + "type": [ + "deletion" + ] + }, + "file": { + "path": "abcd" + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "ip": "10.50.36.33" - }, "message": "[Shared Folders] Deleted shared folder \"abcd\".", - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-11-21T15:23:42.000-05:00", - "file": { - "path": "abcd" - }, - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin.user" - ], - "ip": [ - "10.50.36.33" - ] - }, - "host": { - "name": "qnap-nas01" + "process": { + "name": "qulogd", + "pid": 14387 }, "qnap": { "nas": { @@ -392,193 +391,195 @@ } } }, - "event": { - "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Shared Folders, Category: General, Content: [Shared Folders] Deleted shared folder \"abcd\".", - "provider": "event-log", - "timezone": "-05:00", - "created": "2022-11-21T15:23:42.000-05:00", - "kind": "event", - "action": "deleted-shared-folder", - "type": [ - "deletion" + "related": { + "ip": [ + "10.50.36.33" ], - "category": [ - "file" + "user": [ + "admin.user" ] }, - "user": { - "name": "admin.user" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14387 - }, - "log": { - "syslog": { - "priority": 30 - } - }, "source": { "address": "10.50.36.33", "ip": "10.50.36.33" }, - "message": "[User Groups] Deleted user group \"test1\".", "tags": [ "preserve_original_event" ], - "observer": { - "type": "nas", - "product": "NAS", - "vendor": "QNAP" - }, + "user": { + "name": "admin.user" + } + }, + { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin.user" - ], - "ip": [ - "10.50.36.33" - ] - }, - "host": { - "name": "qnap-nas01" - }, - "qnap": { - "nas": { - "application": "User Groups", - "category": "General" - } + "version": "8.3.0" }, "event": { + "action": "deleted-user-group", + "category": [ + "iam" + ], + "created": "2022-11-21T15:23:42.000-05:00", + "kind": "event", "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: User Groups, Category: General, Content: [User Groups] Deleted user group \"test1\".", "provider": "event-log", "timezone": "-05:00", - "created": "2022-11-21T15:23:42.000-05:00", - "kind": "event", - "action": "deleted-user-group", "type": [ "group", "deletion" - ], - "category": [ - "iam" ] }, - "user": { - "name": "admin.user" - }, "group": { "name": "test1" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14387 + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "ip": "10.50.36.33" - }, - "message": "[User Groups] Created user group \"test1\".", - "tags": [ - "preserve_original_event" - ], + "message": "[User Groups] Deleted user group \"test1\".", "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-11-21T15:23:42.000-05:00", - "ecs": { - "version": "8.2.0" + "process": { + "name": "qulogd", + "pid": 14387 + }, + "qnap": { + "nas": { + "application": "User Groups", + "category": "General" + } }, "related": { - "user": [ - "admin.user" - ], "ip": [ "10.50.36.33" + ], + "user": [ + "admin.user" ] }, - "host": { - "name": "qnap-nas01" + "source": { + "address": "10.50.36.33", + "ip": "10.50.36.33" }, - "qnap": { - "nas": { - "application": "User Groups", - "category": "General" - } + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin.user" + } + }, + { + "@timestamp": "2022-11-21T15:23:42.000-05:00", + "ecs": { + "version": "8.3.0" }, "event": { + "action": "created-user-group", + "category": [ + "iam" + ], + "created": "2022-11-21T15:23:42.000-05:00", + "kind": "event", "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: User Groups, Category: General, Content: [User Groups] Created user group \"test1\".", "provider": "event-log", "timezone": "-05:00", - "created": "2022-11-21T15:23:42.000-05:00", - "kind": "event", - "action": "created-user-group", "type": [ "group", "creation" - ], - "category": [ - "iam" ] }, - "user": { - "name": "admin.user" - }, "group": { "name": "test1" - } - }, - { - "process": { - "name": "qulogd", - "pid": 14387 + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, + "message": "[User Groups] Created user group \"test1\".", + "observer": { + "product": "NAS", + "type": "nas", + "vendor": "QNAP" + }, + "process": { + "name": "qulogd", + "pid": 14387 + }, + "qnap": { + "nas": { + "application": "User Groups", + "category": "General" + } + }, + "related": { + "ip": [ + "10.50.36.33" + ], + "user": [ + "admin.user" + ] + }, "source": { "address": "10.50.36.33", "ip": "10.50.36.33" }, - "message": "[Users] Changed the password of user \"test\".", "tags": [ "preserve_original_event" ], - "observer": { - "type": "nas", - "product": "NAS", - "vendor": "QNAP" - }, + "user": { + "name": "admin.user" + } + }, + { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, - "related": { - "user": [ - "admin.user" + "event": { + "action": "changed-password", + "category": [ + "iam" ], - "ip": [ - "10.50.36.33" + "created": "2022-11-21T15:23:42.000-05:00", + "kind": "event", + "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Changed the password of user \"test\".", + "outcome": "success", + "provider": "event-log", + "timezone": "-05:00", + "type": [ + "user", + "change" ] }, - "host": { - "name": "qnap-nas01" + "host": { + "name": "qnap-nas01" + }, + "log": { + "syslog": { + "priority": 30 + } + }, + "message": "[Users] Changed the password of user \"test\".", + "observer": { + "product": "NAS", + "type": "nas", + "vendor": "QNAP" + }, + "process": { + "name": "qulogd", + "pid": 14387 }, "qnap": { "nas": { @@ -586,22 +587,21 @@ "category": "General" } }, - "event": { - "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Changed the password of user \"test\".", - "provider": "event-log", - "timezone": "-05:00", - "created": "2022-11-21T15:23:42.000-05:00", - "kind": "event", - "action": "changed-password", - "type": [ - "user", - "change" - ], - "category": [ - "iam" + "related": { + "ip": [ + "10.50.36.33" ], - "outcome": "success" + "user": [ + "admin.user" + ] + }, + "source": { + "address": "10.50.36.33", + "ip": "10.50.36.33" }, + "tags": [ + "preserve_original_event" + ], "user": { "name": "admin.user", "target": { @@ -610,42 +610,43 @@ } }, { - "process": { - "name": "qulogd", - "pid": 14387 + "@timestamp": "2022-11-21T15:23:42.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "edited-account-profile", + "category": [ + "iam" + ], + "created": "2022-11-21T15:23:42.000-05:00", + "kind": "event", + "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Edited the account profile of user \"test\".", + "outcome": "success", + "provider": "event-log", + "timezone": "-05:00", + "type": [ + "user", + "change" + ] + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "ip": "10.50.36.33" - }, "message": "[Users] Edited the account profile of user \"test\".", - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-11-21T15:23:42.000-05:00", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin.user" - ], - "ip": [ - "10.50.36.33" - ] - }, - "host": { - "name": "qnap-nas01" + "process": { + "name": "qulogd", + "pid": 14387 }, "qnap": { "nas": { @@ -653,22 +654,21 @@ "category": "General" } }, - "event": { - "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Edited the account profile of user \"test\".", - "provider": "event-log", - "timezone": "-05:00", - "created": "2022-11-21T15:23:42.000-05:00", - "kind": "event", - "action": "edited-account-profile", - "type": [ - "user", - "change" - ], - "category": [ - "iam" + "related": { + "ip": [ + "10.50.36.33" ], - "outcome": "success" + "user": [ + "admin.user" + ] + }, + "source": { + "address": "10.50.36.33", + "ip": "10.50.36.33" }, + "tags": [ + "preserve_original_event" + ], "user": { "name": "admin.user", "target": { @@ -677,42 +677,42 @@ } }, { - "process": { - "name": "qulogd", - "pid": 14387 + "@timestamp": "2022-11-21T15:23:42.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "created-user", + "category": [ + "iam" + ], + "created": "2022-11-21T15:23:42.000-05:00", + "kind": "event", + "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Created user \"test\".", + "provider": "event-log", + "timezone": "-05:00", + "type": [ + "user", + "creation" + ] + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "ip": "10.50.36.33" - }, "message": "[Users] Created user \"test\".", - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-11-21T15:23:42.000-05:00", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin.user" - ], - "ip": [ - "10.50.36.33" - ] - }, - "host": { - "name": "qnap-nas01" + "process": { + "name": "qulogd", + "pid": 14387 }, "qnap": { "nas": { @@ -720,21 +720,21 @@ "category": "General" } }, - "event": { - "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Created user \"test\".", - "provider": "event-log", - "timezone": "-05:00", - "created": "2022-11-21T15:23:42.000-05:00", - "kind": "event", - "action": "created-user", - "type": [ - "user", - "creation" + "related": { + "ip": [ + "10.50.36.33" ], - "category": [ - "iam" + "user": [ + "admin.user" ] }, + "source": { + "address": "10.50.36.33", + "ip": "10.50.36.33" + }, + "tags": [ + "preserve_original_event" + ], "user": { "name": "admin.user", "target": { @@ -743,42 +743,42 @@ } }, { - "process": { - "name": "qulogd", - "pid": 14387 + "@timestamp": "2022-11-21T15:23:42.000-05:00", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "deleted-user", + "category": [ + "iam" + ], + "created": "2022-11-21T15:23:42.000-05:00", + "kind": "event", + "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Deleted user \"test\".", + "provider": "event-log", + "timezone": "-05:00", + "type": [ + "user", + "deletion" + ] + }, + "host": { + "name": "qnap-nas01" }, "log": { "syslog": { "priority": 30 } }, - "source": { - "address": "10.50.36.33", - "ip": "10.50.36.33" - }, "message": "[Users] Deleted user \"test\".", - "tags": [ - "preserve_original_event" - ], "observer": { - "type": "nas", "product": "NAS", + "type": "nas", "vendor": "QNAP" }, - "@timestamp": "2022-11-21T15:23:42.000-05:00", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "admin.user" - ], - "ip": [ - "10.50.36.33" - ] - }, - "host": { - "name": "qnap-nas01" + "process": { + "name": "qulogd", + "pid": 14387 }, "qnap": { "nas": { @@ -786,21 +786,21 @@ "category": "General" } }, - "event": { - "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Deleted user \"test\".", - "provider": "event-log", - "timezone": "-05:00", - "created": "2022-11-21T15:23:42.000-05:00", - "kind": "event", - "action": "deleted-user", - "type": [ - "user", - "deletion" + "related": { + "ip": [ + "10.50.36.33" ], - "category": [ - "iam" + "user": [ + "admin.user" ] }, + "source": { + "address": "10.50.36.33", + "ip": "10.50.36.33" + }, + "tags": [ + "preserve_original_event" + ], "user": { "name": "admin.user", "target": { diff --git a/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 3949bd87c85..5fe696e434e 100644 --- a/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing QNAP NAS logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/qnap_nas/data_stream/log/sample_event.json b/packages/qnap_nas/data_stream/log/sample_event.json index a5e600f8217..0dee7e02aa8 100644 --- a/packages/qnap_nas/data_stream/log/sample_event.json +++ b/packages/qnap_nas/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/qnap_nas/docs/README.md b/packages/qnap_nas/docs/README.md index 3947f1083aa..7ad02668a5f 100644 --- a/packages/qnap_nas/docs/README.md +++ b/packages/qnap_nas/docs/README.md @@ -26,7 +26,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/qnap_nas/manifest.yml b/packages/qnap_nas/manifest.yml index d92f5de3218..07d040e7b49 100644 --- a/packages/qnap_nas/manifest.yml +++ b/packages/qnap_nas/manifest.yml @@ -1,6 +1,6 @@ name: qnap_nas title: QNAP NAS -version: 1.2.1 +version: "1.3.0" release: ga description: Collect logs from QNAP NAS devices with Elastic Agent. type: integration diff --git a/packages/radware/_dev/build/build.yml b/packages/radware/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/radware/_dev/build/build.yml +++ b/packages/radware/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/radware/changelog.yml b/packages/radware/changelog.yml index 8bfaf111c92..a21363081cc 100644 --- a/packages/radware/changelog.yml +++ b/packages/radware/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.7.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml b/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml index 1cfc7a7e2e0..2f4cae94e39 100644 --- a/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml +++ b/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Radware DefensePro processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/radware/manifest.yml b/packages/radware/manifest.yml index df4b23bad95..f8bd5a71e1f 100644 --- a/packages/radware/manifest.yml +++ b/packages/radware/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: radware title: Radware DefensePro Logs -version: 0.7.0 +version: "0.8.0" description: Collect defensePro logs from Radware devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/santa/_dev/build/build.yml b/packages/santa/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/santa/_dev/build/build.yml +++ b/packages/santa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/santa/changelog.yml b/packages/santa/changelog.yml index 55978f55f42..7a6f7548c21 100644 --- a/packages/santa/changelog.yml +++ b/packages/santa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "3.1.0" changes: - description: Add `process.entity_id` field. diff --git a/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json b/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json index a61ef2c6684..c3344e52d4f 100644 --- a/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json +++ b/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-05-12T11:38:03.923Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "exec", @@ -80,7 +80,7 @@ { "@timestamp": "2022-05-12T11:38:42.781Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "exec", @@ -155,7 +155,7 @@ { "@timestamp": "2022-05-12T11:33:56.696Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "delete", @@ -205,7 +205,7 @@ { "@timestamp": "2022-05-12T11:30:05.248Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "link", @@ -256,7 +256,7 @@ { "@timestamp": "2022-05-12T11:30:16.125Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "rename", @@ -307,7 +307,7 @@ { "@timestamp": "2022-05-12T11:38:05.278Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "write", @@ -357,7 +357,7 @@ { "@timestamp": "2022-05-12T11:32:33.718Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "diskdisappear", @@ -382,7 +382,7 @@ { "@timestamp": "2022-05-12T11:32:44.184Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "diskappear", @@ -409,7 +409,7 @@ { "@timestamp": "2022-05-12T11:33:57.166Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "diskappear", @@ -437,7 +437,7 @@ { "@timestamp": "2022-05-12T11:33:57.235Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "diskappear", @@ -466,7 +466,7 @@ { "@timestamp": "2022-05-12T11:35:31.436Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "diskdisappear", diff --git a/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 54491ba6095..d6cbd8a18c7 100644 --- a/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Google Santa logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/santa/data_stream/log/sample_event.json b/packages/santa/data_stream/log/sample_event.json index b3dcbaecd43..fda47fc7204 100644 --- a/packages/santa/data_stream/log/sample_event.json +++ b/packages/santa/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2c596a05-d358-406e-924c-bf221088f43c", diff --git a/packages/santa/docs/README.md b/packages/santa/docs/README.md index 2e9a94e4b25..649a6b0464c 100644 --- a/packages/santa/docs/README.md +++ b/packages/santa/docs/README.md @@ -35,7 +35,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "2c596a05-d358-406e-924c-bf221088f43c", diff --git a/packages/santa/manifest.yml b/packages/santa/manifest.yml index 94e2bdd37df..420822c5e2b 100644 --- a/packages/santa/manifest.yml +++ b/packages/santa/manifest.yml @@ -1,6 +1,6 @@ name: santa title: Google Santa Logs -version: 3.1.0 +version: "3.2.0" release: ga description: Collect and parse logs from Google Santa instances with Elastic Agent. type: integration diff --git a/packages/sentinel_one/_dev/build/build.yml b/packages/sentinel_one/_dev/build/build.yml index d61527283ec..5661d603a89 100644 --- a/packages/sentinel_one/_dev/build/build.yml +++ b/packages/sentinel_one/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.2 + reference: git@v8.3.0 diff --git a/packages/sentinel_one/changelog.yml b/packages/sentinel_one/changelog.yml index d293eb7aebc..f89b8b8280f 100644 --- a/packages/sentinel_one/changelog.yml +++ b/packages/sentinel_one/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.1.0" changes: - description: Initial Release diff --git a/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json b/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json index c0705a936f5..f4d4067379a 100644 --- a/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json +++ b/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-18T05:14:08.925Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ { "@timestamp": "2022-04-18T05:14:09.240Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -148,7 +148,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -208,7 +208,7 @@ { "@timestamp": "2022-04-06T08:26:45.579Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -299,7 +299,7 @@ { "@timestamp": "2022-04-06T08:26:45.582Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -367,7 +367,7 @@ { "@timestamp": "2022-04-06T08:26:52.843Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -443,7 +443,7 @@ { "@timestamp": "2022-04-06T08:45:43.122Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -526,7 +526,7 @@ { "@timestamp": "2022-04-06T08:45:54.532Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -616,7 +616,7 @@ { "@timestamp": "2022-04-06T08:45:55.309Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -710,7 +710,7 @@ { "@timestamp": "2022-04-06T08:45:56.634Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -803,7 +803,7 @@ { "@timestamp": "2022-04-06T08:45:56.641Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -897,7 +897,7 @@ { "@timestamp": "2022-04-06T08:46:08.135Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -980,7 +980,7 @@ { "@timestamp": "2022-04-06T08:51:09.416Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1039,7 +1039,7 @@ { "@timestamp": "2022-04-06T08:51:09.416Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1110,7 +1110,7 @@ { "@timestamp": "2022-04-06T08:57:37.680Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1211,7 +1211,7 @@ { "@timestamp": "2022-04-06T08:59:41.758Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1274,7 +1274,7 @@ { "@timestamp": "2022-04-06T08:26:45.579Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1365,7 +1365,7 @@ { "@timestamp": "2022-04-05T16:01:56.995Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1421,7 +1421,7 @@ { "@timestamp": "2022-04-06T09:00:33.115Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1504,7 +1504,7 @@ { "@timestamp": "2022-04-13T03:34:10.933Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1584,7 +1584,7 @@ { "@timestamp": "2022-04-18T05:09:27.532Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1645,7 +1645,7 @@ { "@timestamp": "2022-04-18T05:09:27.534Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml index 97183214128..b45a76cfffe 100644 --- a/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing activity logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/activity/sample_event.json b/packages/sentinel_one/data_stream/activity/sample_event.json index 5ce2457ed7d..ffdbf2cc692 100644 --- a/packages/sentinel_one/data_stream/activity/sample_event.json +++ b/packages/sentinel_one/data_stream/activity/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c9eacaa-bd97-4184-b05f-d5d51775e08d", diff --git a/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json b/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json index c2aa6e30b1d..bf6c2364e3d 100644 --- a/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json +++ b/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-07T08:31:47.481Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml index 911dcb4776e..7ad3ae4504d 100644 --- a/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing agent logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/agent/sample_event.json b/packages/sentinel_one/data_stream/agent/sample_event.json index 4ec2ea02201..2fbc357d129 100644 --- a/packages/sentinel_one/data_stream/agent/sample_event.json +++ b/packages/sentinel_one/data_stream/agent/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c9eacaa-bd97-4184-b05f-d5d51775e08d", diff --git a/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json b/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json index f59f5b1c01c..3ca66e2ec07 100644 --- a/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json +++ b/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 830b1753c41..9da76c657f9 100644 --- a/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing alert logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/alert/sample_event.json b/packages/sentinel_one/data_stream/alert/sample_event.json index d6432f36dc0..dddaef6ddb7 100644 --- a/packages/sentinel_one/data_stream/alert/sample_event.json +++ b/packages/sentinel_one/data_stream/alert/sample_event.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c9eacaa-bd97-4184-b05f-d5d51775e08d", diff --git a/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json b/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json index 102be15e280..7b82c881b1b 100644 --- a/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json +++ b/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-05T16:01:57.564Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml index 6afca281ff1..e57f1aca0d1 100644 --- a/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing group logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/group/sample_event.json b/packages/sentinel_one/data_stream/group/sample_event.json index 53add1ec91b..1809d4f35d6 100644 --- a/packages/sentinel_one/data_stream/group/sample_event.json +++ b/packages/sentinel_one/data_stream/group/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c9eacaa-bd97-4184-b05f-d5d51775e08d", diff --git a/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json b/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json index 7511d9bff05..5eccda00070 100644 --- a/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json +++ b/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-06T08:54:17.194Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -242,7 +242,7 @@ { "@timestamp": "2022-04-06T08:57:37.672Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index c9f72398399..3b4cdb12a16 100644 --- a/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing threat logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/threat/sample_event.json b/packages/sentinel_one/data_stream/threat/sample_event.json index 1679d543d90..1406de90edd 100644 --- a/packages/sentinel_one/data_stream/threat/sample_event.json +++ b/packages/sentinel_one/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c9eacaa-bd97-4184-b05f-d5d51775e08d", diff --git a/packages/sentinel_one/docs/README.md b/packages/sentinel_one/docs/README.md index 1e4ff524d5f..6cafa6d1b62 100644 --- a/packages/sentinel_one/docs/README.md +++ b/packages/sentinel_one/docs/README.md @@ -43,7 +43,7 @@ An example event for `activity` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c9eacaa-bd97-4184-b05f-d5d51775e08d", @@ -261,7 +261,7 @@ An example event for `agent` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c9eacaa-bd97-4184-b05f-d5d51775e08d", @@ -629,7 +629,7 @@ An example event for `alert` looks as following: } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c9eacaa-bd97-4184-b05f-d5d51775e08d", @@ -1057,7 +1057,7 @@ An example event for `group` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c9eacaa-bd97-4184-b05f-d5d51775e08d", @@ -1210,7 +1210,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0c9eacaa-bd97-4184-b05f-d5d51775e08d", diff --git a/packages/sentinel_one/manifest.yml b/packages/sentinel_one/manifest.yml index b09ef4e7073..cfb885ba8a9 100644 --- a/packages/sentinel_one/manifest.yml +++ b/packages/sentinel_one/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sentinel_one title: SentinelOne -version: 0.1.0 +version: "0.2.0" license: basic description: Collect logs from SentinelOne with Elastic Agent. type: integration diff --git a/packages/snort/_dev/build/build.yml b/packages/snort/_dev/build/build.yml index 47cbed9fed8..5661d603a89 100644 --- a/packages/snort/_dev/build/build.yml +++ b/packages/snort/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: git@v8.3.0 diff --git a/packages/snort/changelog.yml b/packages/snort/changelog.yml index b5b8bfdddbd..739e04ba39f 100644 --- a/packages/snort/changelog.yml +++ b/packages/snort/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.3.1" changes: - description: Format source.mac and destination.mac as per ECS and add missing mappings for various event.* fields. diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json index 3c594dba257..fe1909d580c 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json @@ -9,7 +9,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -82,7 +82,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -155,7 +155,7 @@ "port": 55475 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -225,7 +225,7 @@ "port": 55333 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -295,7 +295,7 @@ "port": 32414 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -376,7 +376,7 @@ "mac": "00-25-90-3A-05-13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -450,7 +450,7 @@ "mac": "00-50-56-9D-A5-BE" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -548,7 +548,7 @@ "mac": "00-25-90-3A-05-13" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json index 3ac1d85e8c8..ab851d23803 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json @@ -8,7 +8,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -75,7 +75,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -141,7 +141,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -217,7 +217,7 @@ "port": 1900 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -272,7 +272,7 @@ "port": 1051 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -338,7 +338,7 @@ "ip": "192.168.115.10" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -404,7 +404,7 @@ "port": 54757 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -471,7 +471,7 @@ "port": 36312 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -549,7 +549,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -602,7 +602,7 @@ "ip": "10.100.10.190" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json index 6a42235ca78..3061d74ac9c 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json @@ -8,7 +8,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -136,7 +136,7 @@ "port": 36635 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -214,7 +214,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -284,7 +284,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -348,7 +348,7 @@ "ip": "10.100.10.190" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -429,7 +429,7 @@ "port": 56012 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json index 71a1f8a571a..129b720b790 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json @@ -20,7 +20,7 @@ "port": 91 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -104,7 +104,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -187,7 +187,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json index aedac17435a..50e5fb3dc0c 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json @@ -8,7 +8,7 @@ "port": 32414 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -67,7 +67,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -136,7 +136,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml index b7afa7bdf6c..190d95e2534 100644 --- a/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Snort logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/snort/manifest.yml b/packages/snort/manifest.yml index d1e61c02cfd..4aad68f2a55 100644 --- a/packages/snort/manifest.yml +++ b/packages/snort/manifest.yml @@ -1,6 +1,6 @@ name: snort title: Snort -version: "0.3.1" +version: "0.4.0" release: experimental description: Collect logs from Snort with Elastic Agent. type: integration diff --git a/packages/snyk/_dev/build/build.yml b/packages/snyk/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/snyk/_dev/build/build.yml +++ b/packages/snyk/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/snyk/changelog.yml b/packages/snyk/changelog.yml index c520a4c6da2..3df5697f345 100644 --- a/packages/snyk/changelog.yml +++ b/packages/snyk/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.2.1" changes: - description: Add correct field mapping for event.created diff --git a/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json b/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json index b92d12b8709..58da1b65bbe 100644 --- a/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json +++ b/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json @@ -3,113 +3,113 @@ { "@timestamp": "2020-11-17T14:30:13.800Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "user.logged_in", + "original": "{\"groupId\":\"groupid123test-543123-54312sadf-123ad\",\"orgId\":\"orgid123test-5643asd234-asdfasdf\",\"userId\":\"userid123test-234sdfa2-423sdfa-2134\",\"projectId\":null,\"event\":\"user.logged_in\",\"content\":{\"sessionPublicId\":\"sessionId123-t34123-sdfa234-asd\"},\"created\":\"2020-11-17T14:30:13.800Z\"}" }, "snyk": { "audit": { - "org_id": "orgid123test-5643asd234-asdfasdf", "content": { "sessionPublicId": "sessionId123-t34123-sdfa234-asd" - } + }, + "org_id": "orgid123test-5643asd234-asdfasdf" } }, - "event": { - "action": "user.logged_in", - "original": "{\"groupId\":\"groupid123test-543123-54312sadf-123ad\",\"orgId\":\"orgid123test-5643asd234-asdfasdf\",\"userId\":\"userid123test-234sdfa2-423sdfa-2134\",\"projectId\":null,\"event\":\"user.logged_in\",\"content\":{\"sessionPublicId\":\"sessionId123-t34123-sdfa234-asd\"},\"created\":\"2020-11-17T14:30:13.800Z\"}" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "id": "userid123test-234sdfa2-423sdfa-2134", "group": { "id": "groupid123test-543123-54312sadf-123ad" - } - }, - "tags": [ - "preserve_original_event" - ] + }, + "id": "userid123test-234sdfa2-423sdfa-2134" + } }, { "@timestamp": "2020-11-12T13:24:40.317Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "api.access", + "original": "{\"groupId\":\"groupid123test-543123-54312sadf-123ad\",\"orgId\":\"orgid123test-5643asd234-asdfasdf\",\"userId\":\"userid123test-234sdfa2-423sdfa-2134\",\"projectId\":null,\"event\":\"api.access\",\"content\":{\"url\":\"/api/v1/org/orgid123test-5643asd234-asdfasdf/projects\"},\"created\":\"2020-11-12T13:24:40.317Z\"}" }, "snyk": { "audit": { - "org_id": "orgid123test-5643asd234-asdfasdf", "content": { "url": "/api/v1/org/orgid123test-5643asd234-asdfasdf/projects" - } + }, + "org_id": "orgid123test-5643asd234-asdfasdf" } }, - "event": { - "action": "api.access", - "original": "{\"groupId\":\"groupid123test-543123-54312sadf-123ad\",\"orgId\":\"orgid123test-5643asd234-asdfasdf\",\"userId\":\"userid123test-234sdfa2-423sdfa-2134\",\"projectId\":null,\"event\":\"api.access\",\"content\":{\"url\":\"/api/v1/org/orgid123test-5643asd234-asdfasdf/projects\"},\"created\":\"2020-11-12T13:24:40.317Z\"}" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "id": "userid123test-234sdfa2-423sdfa-2134", "group": { "id": "groupid123test-543123-54312sadf-123ad" - } - }, - "tags": [ - "preserve_original_event" - ] + }, + "id": "userid123test-234sdfa2-423sdfa-2134" + } }, { "@timestamp": "2020-11-11T21:00:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "org.user.invite", + "original": "{\"groupId\":\"groupid123test-543123-54312sadf-123ad\",\"orgId\":\"orgid123test-5643asd234-asdfasdf\",\"userId\":\"userid123test-234sdfa2-423sdfa-2134\",\"projectId\":null,\"event\":\"org.user.invite\",\"content\":{\"email\":\"someone@snyk.io\",\"isAdmin\":false},\"created\":\"2020-11-11T21:00:00.000Z\"}" }, "snyk": { "audit": { - "org_id": "orgid123test-5643asd234-asdfasdf", "content": { "email": "someone@snyk.io", "isAdmin": false - } + }, + "org_id": "orgid123test-5643asd234-asdfasdf" } }, - "event": { - "action": "org.user.invite", - "original": "{\"groupId\":\"groupid123test-543123-54312sadf-123ad\",\"orgId\":\"orgid123test-5643asd234-asdfasdf\",\"userId\":\"userid123test-234sdfa2-423sdfa-2134\",\"projectId\":null,\"event\":\"org.user.invite\",\"content\":{\"email\":\"someone@snyk.io\",\"isAdmin\":false},\"created\":\"2020-11-11T21:00:00.000Z\"}" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "id": "userid123test-234sdfa2-423sdfa-2134", "group": { "id": "groupid123test-543123-54312sadf-123ad" - } - }, - "tags": [ - "preserve_original_event" - ] + }, + "id": "userid123test-234sdfa2-423sdfa-2134" + } }, { "@timestamp": "2020-11-15T06:02:45.497Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "action": "org.user.role.edit", + "original": "{\"groupId\":\"groupid123test-543123-54312sadf-123ad\",\"orgId\":\"orgid123test-5643asd234-asdfasdf\",\"userId\":\"userid123test-234sdfa2-423sdfa-2134\",\"projectId\":null,\"event\":\"org.user.role.edit\",\"content\":{\"userPublicId\":\"userid123test-234sdfa2-423sdfa-2134\",\"before\":\"COLLABORATOR\",\"after\":\"ADMIN\"},\"created\":\"2020-11-15T06:02:45.497Z\"}" }, "snyk": { "audit": { - "org_id": "orgid123test-5643asd234-asdfasdf", "content": { + "after": "ADMIN", "before": "COLLABORATOR", - "userPublicId": "userid123test-234sdfa2-423sdfa-2134", - "after": "ADMIN" - } + "userPublicId": "userid123test-234sdfa2-423sdfa-2134" + }, + "org_id": "orgid123test-5643asd234-asdfasdf" } }, - "event": { - "action": "org.user.role.edit", - "original": "{\"groupId\":\"groupid123test-543123-54312sadf-123ad\",\"orgId\":\"orgid123test-5643asd234-asdfasdf\",\"userId\":\"userid123test-234sdfa2-423sdfa-2134\",\"projectId\":null,\"event\":\"org.user.role.edit\",\"content\":{\"userPublicId\":\"userid123test-234sdfa2-423sdfa-2134\",\"before\":\"COLLABORATOR\",\"after\":\"ADMIN\"},\"created\":\"2020-11-15T06:02:45.497Z\"}" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "id": "userid123test-234sdfa2-423sdfa-2134", "group": { "id": "groupid123test-543123-54312sadf-123ad" - } - }, - "tags": [ - "preserve_original_event" - ] + }, + "id": "userid123test-234sdfa2-423sdfa-2134" + } } ] } \ No newline at end of file diff --git a/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 7dc4d2a2e43..4cf5c952758 100644 --- a/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Snyk Audit logs processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 - rename: field: message target_field: event.original diff --git a/packages/snyk/data_stream/audit/sample_event.json b/packages/snyk/data_stream/audit/sample_event.json index d5854f7fa92..754b460e377 100644 --- a/packages/snyk/data_stream/audit/sample_event.json +++ b/packages/snyk/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json b/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json index 8967d3521b8..4ae2371e751 100644 --- a/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json +++ b/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json @@ -2,9 +2,38 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/npm:ejs:20161128\",\"id\":\"npm:ejs:20161128\",\"title\":\"Arbitrary Code Execution\",\"type\":\"vuln\",\"package\":\"ejs\",\"version\":\"0.8.8\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"js\",\"packageManager\":\"npm\",\"semver\":{\"vulnerable\":[\"\u003c2.5.3\"]},\"isIgnored\":false,\"publicationTime\":\"2016-11-28T18:44:12.000Z\",\"disclosureTime\":\"2016-11-27T22:00:00.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[],\"CWE\":[\"CWE-94\"],\"ALTERNATIVE\":[\"SNYK-JS-EJS-10218\"]},\"credit\":[\"Snyk Security Research Team\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[{\"id\":\"patch:npm:ejs:20161128:0\",\"urls\":[\"https://snyk-patches.s3.amazonaws.com/npm/ejs/20161128/ejs_20161128_0_0_3d447c5a335844b25faec04b1132dbc721f9c8f6.patch\"],\"version\":\"\u003c2.5.3 \u003e=2.2.4\",\"comments\":[],\"modificationTime\":\"2019-12-03T11:40:45.851976Z\"}],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":4.05,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-04-07\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" }, "snyk": { + "projects": [ + { + "id": "projectid", + "name": "username/reponame", + "packageManager": "npm", + "source": "github", + "targetFile": "package.json", + "url": "https://snyk.io/org/orgname/project/projectid" + }, + { + "id": "projectid", + "name": "someotheruser/someotherreponame", + "packageManager": "npm", + "source": "github", + "targetFile": "folder1/package.json", + "url": "https://snyk.io/org/orgname/project/projectid" + }, + { + "id": "projectid", + "name": "projectname", + "packageManager": "npm", + "source": "cli", + "targetFile": "package.json", + "url": "https://snyk.io/org/orgname/project/projectid" + } + ], "related": { "projects": [ "username/reponame", @@ -13,109 +42,109 @@ ] }, "vulnerabilities": { - "is_upgradable": false, - "language": "js", - "is_patchable": false, - "title": "Arbitrary Code Execution", - "type": "vuln", - "priority_score": 4.05, - "introduced_date": "2020-04-07", - "semver": { - "vulnerable": [ - "\u003c2.5.3" - ] - }, - "disclosure_time": "2016-11-27T22:00:00.000Z", - "id": "npm:ejs:20161128", - "reachability": "No Info", - "is_pinnable": false, "credit": [ "Snyk Security Research Team" ], - "is_ignored": false, - "package": "ejs", + "cvss3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "disclosure_time": "2016-11-27T22:00:00.000Z", + "exploit_maturity": "no-known-exploit", + "id": "npm:ejs:20161128", "identifiers": { - "cwe": [ - "CWE-94" - ], "alternative": [ "SNYK-JS-EJS-10218" + ], + "cwe": [ + "CWE-94" ] }, + "introduced_date": "2020-04-07", + "is_fixed": false, + "is_ignored": false, + "is_patchable": false, + "is_patched": false, + "is_pinnable": false, + "is_upgradable": false, + "language": "js", + "package": "ejs", + "package_manager": "npm", "patches": [ { + "id": "patch:npm:ejs:20161128:0", + "modificationTime": "2019-12-03T11:40:45.851976Z", "urls": [ "https://snyk-patches.s3.amazonaws.com/npm/ejs/20161128/ejs_20161128_0_0_3d447c5a335844b25faec04b1132dbc721f9c8f6.patch" ], - "id": "patch:npm:ejs:20161128:0", - "version": "\u003c2.5.3 \u003e=2.2.4", - "modificationTime": "2019-12-03T11:40:45.851976Z" + "version": "\u003c2.5.3 \u003e=2.2.4" } ], - "cvss3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "is_patched": false, - "is_fixed": false, - "version": "0.8.8", - "exploit_maturity": "no-known-exploit", - "package_manager": "npm", + "priority_score": 4.05, + "publication_time": "2016-11-28T18:44:12.000Z", + "reachability": "No Info", + "semver": { + "vulnerable": [ + "\u003c2.5.3" + ] + }, + "title": "Arbitrary Code Execution", + "type": "vuln", "unique_severities_list": [ "high" ], - "publication_time": "2016-11-28T18:44:12.000Z" + "version": "0.8.8" + } + }, + "tags": [ + "preserve_original_event" + ], + "vulnerability": { + "category": "Github", + "classification": "CVSS", + "enumeration": "CVE", + "reference": "https://snyk.io/vuln/npm:ejs:20161128", + "scanner": { + "vendor": "Snyk" + }, + "score": { + "base": 8.1, + "version": "3.0" }, + "severity": "high" + } + }, + { + "ecs": { + "version": "8.3.0" + }, + "event": { + "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/npm:ejs:20161128\",\"id\":\"npm:ejs:20161121\",\"title\":\"Arbitrary Code Execution\",\"type\":\"vuln\",\"package\":\"ejs\",\"version\":\"0.8.8\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"js\",\"packageManager\":\"npm\",\"semver\":{\"vulnerable\":[\"\u003c2.5.3\"]},\"isIgnored\":false,\"publicationTime\":\"2016-11-28T18:44:12.000Z\",\"disclosureTime\":\"2016-11-27T22:00:00.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[\"CVE-2017-1000228\"],\"CWE\":[\"CWE-94\"],\"ALTERNATIVE\":[\"SNYK-JS-EJS-10218\"]},\"credit\":[\"Snyk Security Research Team\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[{\"id\":\"patch:npm:ejs:20161128:0\",\"urls\":[\"https://snyk-patches.s3.amazonaws.com/npm/ejs/20161128/ejs_20161128_0_0_3d447c5a335844b25faec04b1132dbc721f9c8f6.patch\"],\"version\":\"\u003c2.5.3 \u003e=2.2.4\",\"comments\":[],\"modificationTime\":\"2019-12-03T11:40:45.851976Z\"}],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":619,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-11-13\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" + }, + "snyk": { "projects": [ { - "name": "username/reponame", "id": "projectid", - "source": "github", + "name": "username/reponame", "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "package.json" + "source": "github", + "targetFile": "package.json", + "url": "https://snyk.io/org/orgname/project/projectid" }, { - "name": "someotheruser/someotherreponame", "id": "projectid", - "source": "github", + "name": "someotheruser/someotherreponame", "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "folder1/package.json" + "source": "github", + "targetFile": "folder1/package.json", + "url": "https://snyk.io/org/orgname/project/projectid" }, { - "name": "projectname", "id": "projectid", - "source": "cli", + "name": "projectname", "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "package.json" + "source": "cli", + "targetFile": "package.json", + "url": "https://snyk.io/org/orgname/project/projectid" } - ] - }, - "vulnerability": { - "severity": "high", - "reference": "https://snyk.io/vuln/npm:ejs:20161128", - "score": { - "version": "3.0", - "base": 8.1 - }, - "scanner": { - "vendor": "Snyk" - }, - "classification": "CVSS", - "category": "Github", - "enumeration": "CVE" - }, - "event": { - "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/npm:ejs:20161128\",\"id\":\"npm:ejs:20161128\",\"title\":\"Arbitrary Code Execution\",\"type\":\"vuln\",\"package\":\"ejs\",\"version\":\"0.8.8\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"js\",\"packageManager\":\"npm\",\"semver\":{\"vulnerable\":[\"\u003c2.5.3\"]},\"isIgnored\":false,\"publicationTime\":\"2016-11-28T18:44:12.000Z\",\"disclosureTime\":\"2016-11-27T22:00:00.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[],\"CWE\":[\"CWE-94\"],\"ALTERNATIVE\":[\"SNYK-JS-EJS-10218\"]},\"credit\":[\"Snyk Security Research Team\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[{\"id\":\"patch:npm:ejs:20161128:0\",\"urls\":[\"https://snyk-patches.s3.amazonaws.com/npm/ejs/20161128/ejs_20161128_0_0_3d447c5a335844b25faec04b1132dbc721f9c8f6.patch\"],\"version\":\"\u003c2.5.3 \u003e=2.2.4\",\"comments\":[],\"modificationTime\":\"2019-12-03T11:40:45.851976Z\"}],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":4.05,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-04-07\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "ecs": { - "version": "8.2.0" - }, - "snyk": { + ], "related": { "projects": [ "username/reponame", @@ -124,112 +153,112 @@ ] }, "vulnerabilities": { - "is_upgradable": false, - "language": "js", - "is_patchable": false, - "title": "Arbitrary Code Execution", - "type": "vuln", - "priority_score": 619, - "introduced_date": "2020-11-13", - "semver": { - "vulnerable": [ - "\u003c2.5.3" - ] - }, - "disclosure_time": "2016-11-27T22:00:00.000Z", - "id": "npm:ejs:20161121", - "reachability": "No Info", - "is_pinnable": false, "credit": [ "Snyk Security Research Team" ], - "is_ignored": false, - "package": "ejs", + "cvss3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "disclosure_time": "2016-11-27T22:00:00.000Z", + "exploit_maturity": "no-known-exploit", + "id": "npm:ejs:20161121", "identifiers": { - "cwe": [ - "CWE-94" - ], "alternative": [ "SNYK-JS-EJS-10218" + ], + "cwe": [ + "CWE-94" ] }, + "introduced_date": "2020-11-13", + "is_fixed": false, + "is_ignored": false, + "is_patchable": false, + "is_patched": false, + "is_pinnable": false, + "is_upgradable": false, + "language": "js", + "package": "ejs", + "package_manager": "npm", "patches": [ { + "id": "patch:npm:ejs:20161128:0", + "modificationTime": "2019-12-03T11:40:45.851976Z", "urls": [ "https://snyk-patches.s3.amazonaws.com/npm/ejs/20161128/ejs_20161128_0_0_3d447c5a335844b25faec04b1132dbc721f9c8f6.patch" ], - "id": "patch:npm:ejs:20161128:0", - "version": "\u003c2.5.3 \u003e=2.2.4", - "modificationTime": "2019-12-03T11:40:45.851976Z" + "version": "\u003c2.5.3 \u003e=2.2.4" } ], - "cvss3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "is_patched": false, - "is_fixed": false, - "version": "0.8.8", - "exploit_maturity": "no-known-exploit", - "package_manager": "npm", + "priority_score": 619, + "publication_time": "2016-11-28T18:44:12.000Z", + "reachability": "No Info", + "semver": { + "vulnerable": [ + "\u003c2.5.3" + ] + }, + "title": "Arbitrary Code Execution", + "type": "vuln", "unique_severities_list": [ "high" ], - "publication_time": "2016-11-28T18:44:12.000Z" + "version": "0.8.8" + } + }, + "tags": [ + "preserve_original_event" + ], + "vulnerability": { + "category": "Github", + "classification": "CVSS", + "enumeration": "CVE", + "id": [ + "CVE-2017-1000228" + ], + "reference": "https://snyk.io/vuln/npm:ejs:20161128", + "scanner": { + "vendor": "Snyk" + }, + "score": { + "base": 8.1, + "version": "3.0" }, + "severity": "high" + } + }, + { + "ecs": { + "version": "8.3.0" + }, + "event": { + "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488\",\"id\":\"SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488\",\"title\":\"Insecure Randomness\",\"type\":\"vuln\",\"package\":\"github.com/satori/go.uuid\",\"version\":\"#000000000000\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"golang\",\"packageManager\":\"golang\",\"semver\":{\"vulnerable\":[\"=1.2.0\"],\"hashesRange\":[\"\u003e=0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c \u003cd91630c8510268e75203009fe7daf2b8e1d60c45\"],\"vulnerableHashes\":[\"c596ec57260fd2ad47b2ae6809d6890a2f99c3b2\",\"36e9d2ebbde5e3f13ab2e25625fd453271d6522e\",\"f6920249aa08fc2a2c2e8274ea9648d0bb1e9364\",\"0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c\"]},\"isIgnored\":false,\"publicationTime\":\"2018-10-24T08:56:41.000Z\",\"disclosureTime\":\"2018-03-23T08:57:24.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[],\"CWE\":[\"CWE-338\"]},\"credit\":[\"josselin-c\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":405,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-11-17\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" + }, + "snyk": { "projects": [ { - "name": "username/reponame", "id": "projectid", - "source": "github", + "name": "username/reponame", "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "package.json" + "source": "github", + "targetFile": "package.json", + "url": "https://snyk.io/org/orgname/project/projectid" }, { - "name": "someotheruser/someotherreponame", "id": "projectid", - "source": "github", + "name": "someotheruser/someotherreponame", "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "folder1/package.json" + "source": "github", + "targetFile": "folder1/package.json", + "url": "https://snyk.io/org/orgname/project/projectid" }, { - "name": "projectname", "id": "projectid", - "source": "cli", + "name": "projectname", "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "package.json" + "source": "cli", + "targetFile": "package.json", + "url": "https://snyk.io/org/orgname/project/projectid" } - ] - }, - "vulnerability": { - "severity": "high", - "reference": "https://snyk.io/vuln/npm:ejs:20161128", - "score": { - "version": "3.0", - "base": 8.1 - }, - "scanner": { - "vendor": "Snyk" - }, - "id": [ - "CVE-2017-1000228" ], - "classification": "CVSS", - "category": "Github", - "enumeration": "CVE" - }, - "event": { - "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/npm:ejs:20161128\",\"id\":\"npm:ejs:20161121\",\"title\":\"Arbitrary Code Execution\",\"type\":\"vuln\",\"package\":\"ejs\",\"version\":\"0.8.8\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"js\",\"packageManager\":\"npm\",\"semver\":{\"vulnerable\":[\"\u003c2.5.3\"]},\"isIgnored\":false,\"publicationTime\":\"2016-11-28T18:44:12.000Z\",\"disclosureTime\":\"2016-11-27T22:00:00.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[\"CVE-2017-1000228\"],\"CWE\":[\"CWE-94\"],\"ALTERNATIVE\":[\"SNYK-JS-EJS-10218\"]},\"credit\":[\"Snyk Security Research Team\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[{\"id\":\"patch:npm:ejs:20161128:0\",\"urls\":[\"https://snyk-patches.s3.amazonaws.com/npm/ejs/20161128/ejs_20161128_0_0_3d447c5a335844b25faec04b1132dbc721f9c8f6.patch\"],\"version\":\"\u003c2.5.3 \u003e=2.2.4\",\"comments\":[],\"modificationTime\":\"2019-12-03T11:40:45.851976Z\"}],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":619,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-11-13\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "ecs": { - "version": "8.2.0" - }, - "snyk": { "related": { "projects": [ "username/reponame", @@ -238,28 +267,31 @@ ] }, "vulnerabilities": { - "package": "github.com/satori/go.uuid", - "is_upgradable": false, + "credit": [ + "josselin-c" + ], + "cvss3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "disclosure_time": "2018-03-23T08:57:24.000Z", + "exploit_maturity": "no-known-exploit", + "id": "SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488", "identifiers": { "cwe": [ "CWE-338" ] }, - "language": "golang", - "cvss3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "introduced_date": "2020-11-17", + "is_fixed": false, + "is_ignored": false, "is_patchable": false, - "title": "Insecure Randomness", - "type": "vuln", "is_patched": false, - "is_fixed": false, - "version": "#000000000000", - "exploit_maturity": "no-known-exploit", - "priority_score": 405, + "is_pinnable": false, + "is_upgradable": false, + "language": "golang", + "package": "github.com/satori/go.uuid", "package_manager": "golang", - "unique_severities_list": [ - "high" - ], - "introduced_date": "2020-11-17", + "priority_score": 405, + "publication_time": "2018-10-24T08:56:41.000Z", + "reachability": "No Info", "semver": { "hashesRange": [ "\u003e=0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c \u003cd91630c8510268e75203009fe7daf2b8e1d60c45" @@ -274,69 +306,66 @@ "0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c" ] }, - "disclosure_time": "2018-03-23T08:57:24.000Z", - "id": "SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488", - "reachability": "No Info", - "is_pinnable": false, - "credit": [ - "josselin-c" + "title": "Insecure Randomness", + "type": "vuln", + "unique_severities_list": [ + "high" ], - "is_ignored": false, - "publication_time": "2018-10-24T08:56:41.000Z" + "version": "#000000000000" + } + }, + "tags": [ + "preserve_original_event" + ], + "vulnerability": { + "category": "Github", + "classification": "CVSS", + "enumeration": "CVE", + "reference": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488", + "scanner": { + "vendor": "Snyk" }, + "score": { + "base": 8.1, + "version": "3.0" + }, + "severity": "high" + } + }, + { + "ecs": { + "version": "8.3.0" + }, + "event": { + "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236\",\"id\":\"SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236\",\"title\":\"Denial of Service (DoS)\",\"type\":\"vuln\",\"package\":\"github.com/go-yaml/yaml\",\"version\":\"2.1.0\",\"severity\":\"medium\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"medium\"],\"language\":\"golang\",\"packageManager\":\"golang\",\"semver\":{\"vulnerable\":[\"\u003c2.2.8\"],\"hashesRange\":[\"53403b58ad1b561927d19068c655246f2db79d48\"],\"vulnerableHashes\":[\"dd8f49ae7840d1fc6810d53ee7b05356da92f81f\",\"d4766d1dff71f8a135a57e1fcff946c8c1a140ab\",\"2aba0a492be00f1eb4d95483b08930ebe4968b64\",\"3b0eedc5a476efc2b2e025eff55b2fd08fa32abd\",\"2f2fd02e5a54a7d4f5e5d3494b170b0cb9275c92\",\"7ad95dd0798a40da1ccdff6dff35fd177b5edf40\",\"f7716cbe52baa25d2e9b0d0da546fcf909fc16b4\",\"1ff37a7d30b085dc643dee7adb18759e3511661a\",\"eca94c41d994ae2215d455ce578ae6e2dc6ee516\",\"b0c168ac0cf9493da1f9bb76c34b26ffef940b4a\",\"77373ee937410eceadc4dc64b1100d897ed593d0\",\"025607cd2e381e6e08a56ffec46ac79e23ca2d88\",\"7d17c9173a3d25ebba15cedb25b5205bdfb1eac8\",\"ca3d523f32f3b33fb3265bfeb8e11003a8670e3d\",\"85db785e81ed62ffae7a145404fc0f022335378c\",\"a72a87d92dad7563e31c2c007e8d67f93d67f221\",\"1be3d31502d6eabc0dd7ce5b0daab022e14a5538\",\"90376f16b6d74c4e2fff21dd24397bec3dc62dd5\",\"bb263360b83253468e534d974aabeddd6c22f887\",\"d466437aa4adc35830964cffc5b5f262c63ddcb4\",\"d6c23fbaf16f72995b58492627e65801cfb9a8dd\",\"e4d366fc3c7938e2958e662b4258c7a89e1f0e3e\",\"60a2abf4e00318875a661c29b36df7a68e484bf4\",\"f4d271a8a289b41fa88b802c430fefde4e018bba\",\"10c59a7d91867c206737dcd482fe68906a1484ca\",\"d0b6f3facf302fb1bf969a12bad68ce720b3c025\",\"4d6bb54d8acc91e147763cea066cff0b89437e90\",\"1244d3ce02e3e1c16820ada0bae506b6c479f106\",\"49fdd64ad429d146bacf7106dd73078e889be2e8\",\"8e626dec39b5836cef636d885e33479debcf0cb1\",\"4914593b9558e85597f08346c798aea8f6fb899f\",\"031c922227a592b2b562a1833438308381f9a8bf\",\"b51f82a2e3cbedab685908bd64d61d0a1b781754\",\"c75e52ecee48db6de9aa73d00a360d43abf3e7ac\",\"857a0b2759f87f47aaebad6dd319cf4f887eb6dc\",\"5887bc194be84805c8283e9d9a66102bf9571fca\",\"a528d0ef484d32e416d7b9c4a249d1fa7111be6e\",\"5b18502a28c65dfd209ea5aebb405fb6fc07f7e1\",\"5d6f7e02b7cdad63b06ab3877915532cd30073b4\",\"9c272e25743608d6d3287141522eb4506b2dac45\",\"125a562d7bf105e062ed2adfb2d37e6f11c209bd\",\"87e4a22b684220ccca96de3f2e651b2380a55f9e\",\"d56ec34a3ded0bb58c82198664664ccb81eec91b\",\"b754a4fe6ad8db932e083a2d85ae2199b3516bef\",\"04092268b2c5e87e6373229049c827b833af4edb\",\"f59f5e67022f3c186e20af01b1993b86ac74f0dc\",\"52d5976e4791cf8c96a9de7569098e3752677412\",\"770b8dae4cf00919e5eafffbd8d58186294b61b5\",\"71e7ede9d48a2e096f6d5d0516c763513a471bd1\",\"b01920c75e30179201b01633db246038b0226ce9\",\"ef0aede23c8c624e127a9a59183ee8915e48a3c9\",\"1632dd8118ce1efece66b7f53bb167956d5d8b4e\",\"05299e459464264cd87a230b62d1aca93725c51b\",\"d00346f943c9d2c43424c8a3840f5ca58817750d\",\"49c95bdc21843256fb6c4e0d370a05f24a0bf213\",\"088598405c86d37e951287d094d691e221654a00\",\"c11897f0ba79d8a35d8a124ff0d76e13d9dccb9b\",\"711419034010345c604724ef87ec3db91ffe0936\",\"3e6d767784b037b90a14701b6c9f0643f05db963\",\"a83829b6f1293c91addabc89d0571c246397bbf4\",\"ee2f4956ea46791a74a31142105f03c0d5f9492b\",\"7b079234548be56f14c6e342d4660aa8d54865b7\",\"b7fbda9990042cd5456fdf187480c25fdd776f92\",\"a6dc653f939ab0e6a554873806c41add1140d90c\",\"687eda924018599a7c4518013c369f0bfb7eb0e1\",\"fa9662d290d59b79f2ef7e1f72c885560efe512d\",\"e47eca576e8f3a433de0ba77f1923e7c7f959667\",\"e90bcf783f7abddaa0ee0994a09e536498744e49\",\"fdc1ab46101a842d9e914408bd481f6647d5f9c1\",\"f0766b44ca7999dc9af38a050ddf6db79d05bf3b\",\"cdd36ee8d333aa740c1c0bceae0da74969b2c60b\",\"7701d177ce02b7bd38c4ebd2ba4a7783080505ae\",\"2c1be0d7f7ff8305cf666e89152e9753c8b39004\",\"97203c6e4fc7347bfef3bd6d4913e90bd46c7ecb\",\"7c97801ccf41d5273de9e22c8b2af6860c7703a2\",\"7002636de42c9ef59a2921bb4f78744cabe8bfe3\",\"0725b7707fdeeb6894c403d0f5a2a20e1dc7454d\",\"1dd72ac3928693b9db2533639dfc2a5f831697eb\",\"73a1567027eea2fab2b057a193036f844736f7da\",\"7539b1dee2c790ab2d1aa5e254ef877f5552ff97\",\"920b7d819b42f26f4796e4a43f518090a7a6331f\",\"1f64d6156d11335c3f22d9330b0ad14fc1e789ce\",\"1b9791953ba4027efaeb728c7355e542a203be5e\",\"1ed59511881fdb008c1e618e9f219ce0704e658e\",\"c325d146e464fb9567e780ddfa2dad3a99323075\",\"0ee36981cbf495d5eb6aeb540a3afc25c61d1a96\",\"c4a9fb418357aceb801272d73efd518f183700fa\",\"a347d2466e459933f4fb25f8026d995977436ccf\",\"f221b8435cfb71e54062f6c6e99e9ade30b124d5\",\"5206f6dd03423b3a5462a2a4286a4efae8abe347\",\"a1c4bcb6c278a41992e2f4f0f29a44b4146daa5c\",\"4ca689e686c2caf4dda3a62936c097d6dfb56877\",\"119a11e4378a0410c69c42d82f51331a6da7a97c\",\"c7da9dcff86f24fcfdc15e1f9fa39dfc19784616\",\"f29dde21846f6357ee4421013b59eefd65c069b0\",\"5515099aacaeb9ff3ab7492f0803327bb19fc512\",\"1c9241b56a03383c77e1c33d86ea6ca4a927153e\",\"86f5ed62f8a0ee96bd888d2efdfd6d4fb100a4eb\",\"1f2a25ba9402c70a7806e84531ef763943739072\",\"1418a9bc452f9cf4efa70307cafcb10743e64a56\",\"65b1927d8262617ca3d25f296fdde1e8c48f813d\",\"2bf60357b89cbc6044dde700cf63bab94a615bf7\",\"c6314f5b627e2a1c1846d89cd775de6b2808d37e\",\"50e1b1b1332ea40fff2a9b13bfbccbbecd526f00\",\"50f7813e6b19e58334360ab011dfbaece5b1501f\",\"a311394a2a9276454d3f92d26838c3ae3d99cdf3\",\"79f5ef7c40ae7a4ee6bcd26d324bf50491b431e5\",\"731788bc8b082f8c81c63ca0abd5950c7a68a2f1\",\"6491ec31f7b0d27492e3046c86de94838dcb523c\",\"41168bb7ed2fc849bc36727a2b902bd8f447bfc2\",\"bc27649cd5454055cf20fdb9ef556c214d3f9aa0\",\"d6b53382672776035ad8ef0404681f8a4a16bb95\",\"8eba062837dc10754db7cbafcbedbfbc985ca172\",\"837b0877fcd6b2c8ba83d126917267695ff16ad8\",\"72c33f6840f49f9ed7d1faef7562b3266640fdf4\",\"26b882523374125854702734c30b0ce6a1a18d7b\",\"e90048704a8adb0b81b2e15ebafd1a35fa110903\",\"4fc5987536ef307a24ca299aee7ae301cde3d221\",\"4341420a144323d3f148ece677a20da6e077cfd2\",\"5c8bfe59213b6e9a5eb50debebc396e99a9fa174\",\"200c098a06472243b50aeda4510220a90c4e7dbe\",\"de3643d77b438c6f0f69f350c437639a300b5e73\",\"9a4310b1caff4cca3780580195a916ca060d08f7\",\"91eb945ac02153399ac9f69e34751f1a176254c3\",\"4cdd993908b57c3b87bef0695e5ca989151ad55f\",\"7ddc4634ce2d8ca5c03846918ae1df6aa40ee464\",\"ec232d2920a84930b077414b60b5985e076ae228\",\"2c8612dfee1362e7e482c66c5feb892a94d53255\",\"d670f9405373e636a5a2765eea47fac0c9bc91a4\",\"e9bfed595636e952566e5cb857c22b918f2530a2\",\"c1cd2254a6dd314c9d73c338c12688c9325d85c6\",\"df747160af0ebfcc572951e4168d4b1bc91a47f5\",\"a65e08b08285cef29253c50ffd92469bf6e26a29\",\"e6da37e746419537560c1e95e429f42b33f6d0e3\",\"eea198a9c5cc6e02bfcd130a932051088a9f0950\",\"6675ed2a9028caf87bb5915503c08a595e57b77d\",\"562080bfe963d41a6870a4c500918f6361a0b61f\",\"8171f560dedcb162dd3d2c925015679e84bac269\",\"c78cd3ebd83777ac093137fbb55c33a9d3f65819\",\"e4ac4c457c23b390e7fd75ddf746c5a69aa8cfd5\",\"93d787c44dc828e1c67fa275cb66eb86bb2929f8\",\"7cdd87a79f79db641dae55776224443026d28928\",\"406cad6bb47dd7d9a123d005fb8ff766f6463051\",\"523c7d9470684b02d902e8d986cd9eea66884755\",\"9ca8abd6882a6e741166e6ec946a73f3a64df65a\",\"885e19c0dda1f4e4e22837474879f8f3d36fb449\",\"e8976af76e3d35c48f8b2c9540cca3e92995fbc6\",\"addb3a024ff5763c8facbe4767fe530d602cfedc\",\"c7f6f9c6e6c14027a46eb91241427dba67604f39\",\"0a6d1b02c16e372ceea8f17f3b1833b918954bf1\",\"835086a6b6aa65939515e30b5d6c2eba43d7c075\",\"7b8fd2dbef04521fdd8d670ef4c77be691845aa2\",\"3eb2270747cdd89e3f095cb24e8dd4ccf2a098f6\",\"1d653a737648051ca638423377052c2f5c10c050\",\"14d1c4659ec7b9ee26f5d705f3c2bb56cb6cbee4\",\"c544d0342172409bd9c8f7c45d9fb21971c8aee9\",\"6941443daa441371720e9ef8f3554c3958cfb071\",\"f8db564a0a4a5f6d04f66522493597f18e5ab4ae\",\"7c634f6a68c1076d3cfdc56930db26e86f7876d7\",\"f7e23311052d3dda728ce15788fb3727898afa17\",\"8691640bc70f3d96128a809341d850b550a3abb9\",\"b9b22c434500d7639936fbed673fc0ef23ce88f6\",\"d6385b38675d8d03521c9290f4f3d7bff08664c0\",\"4c78c975fe7c825c6d1466c42be594d1d6f3aba6\",\"54c736c86c9bcc793fb4bd6f203604cd738dc0e9\",\"722ff6b958a31d4ca3405db35a72648a6077a6bb\",\"2afc2e57e051513a3f5f67e74857696a8558d67b\",\"283fbcdd1e64975730a38609f8802ef983a43cb9\",\"ab5d55c35f3919fe06e9daedce5a32f4aab23777\",\"e2fbf5b72a6a12abd15be9b37656a0a136fc32f8\",\"399c3345e0f76f583d830cd7da27518bbb00c91a\",\"b6679148d27038e59d7818facc4d100e677a64ae\",\"43a0256bb22b0c2e1803ac6e28f55e5989a60523\",\"f5f5cc19d1f681884684426c96adadef47a3b55c\",\"787afde64d7b36591050440c4a14c2288b373de6\",\"7b8349ac747c6a24702b762d2c4fd9266cf4f1d6\",\"0e4404da71227dcc02fb1deee803d93e86d08f72\",\"a95acef3719e5e9f7614cc90a119dee4699291eb\",\"3ba0e99ffa727bd7eb782b7a5d1aafcb989b0899\",\"5edc3ded41385ca1b9a80339d2a070e4d0a17cb6\",\"2c9db3558be789ef3896b03ed3f354b822c304b9\",\"a833012353d046b1f12c82db87d01c86570b24d7\",\"77b516425597da3c093a666c11608112e91604de\",\"1ade51a028efa6990b524e0b01237dbd9123957d\",\"9e27074feeaed4b0ae4e5e71187eff80c0f0bf35\",\"cd515839285fe1a31b92193360172d59f818c9b8\",\"9f33a69b86c3c76c52e41d12d83e233065bfcca9\",\"36babc3691687601732d9e2571b698be4116469a\",\"51d6538a90f86fe93ac480b35f37b2be17fef232\",\"31c299268d302dd0aa9a0dcf765a3d58971ac83f\",\"3e92d6a11b92fa4612d66712704844bdc0c48aed\",\"9211cbc02789a32acf5e90c23a42f040ac3ec3f8\",\"0cb32393ebcfc65467398e5daadfb63b2184caea\",\"0f9a5c380d77a8b2888a78c3d3a14db15949b1fa\",\"82377a97b299347cd15cc1be13e1c8d04e33efbb\",\"fe9486c37432968838e1798b2317dc1aa10b586b\",\"77b384eced7745af978888311ea3c67e57c7ed96\",\"fc7f19eff1782a0beae3065097c776183e7d01d0\",\"dbd6d0229d1f1e1c3055cd82efb81f60a27d1103\",\"25c4ec802a7d637f88d584ab26798e94ad14c13b\",\"5e76f7cf8cb1fc353b84b96c72a36c4984cbd005\",\"a5844a8f8f489bad96ab6da62cfa21ee1f5d9e6b\",\"41c132e8ac051886e4eb06e7c3d58ced63d58057\",\"4f03e946c120a8f146f43bee6f392f9bb5d0a677\",\"287cf08546ab5e7e37d55a84f7ed3fd1db036de5\",\"1092c5d94f266e0f94e485a24f7010da877eeba0\",\"910de082618d0d8ccac6443a6e7a72cc8bcd5227\",\"feb4ca79644e8e7e39c06095246ee54b1282c118\",\"3c68098bffba683534584be69216dac3a2b2305a\",\"3323b7713e656f16fbd0eec27c60370b6237f4e3\",\"f3293401ceedf2a32a1c22cb062b274dba6be798\",\"43607cc2a1772b23faf366c24b8e33541187b64d\",\"add015b1c64e144664b73d5eacfeb6aeace2e45c\",\"3e69410288aeb97d31353af8e063b798d40feb3f\",\"39e59aa7e15898a87148f0f4891a085c83b9b0fc\",\"a3f3340b5840cee44f372bddb5880fcbc419b46a\",\"05d405925260878bd750ea7d96c746c2d726b349\",\"65622dcbf4c25328cd440d1b322c6530abe83337\",\"8ca81d591dc2242f9c4b7a907533f0b7f93802b5\",\"3d8cfc3754fba03b8f1a0d44ea4e6e870cf86c57\",\"eb3733d160e74a9c7e442f435eb3bea458e1d19f\",\"d0fefed9b627fbe0c1597ac29ed5f48ff2eb9064\",\"dcd83b31fd165d8cc8677fce58f889dca3e06f35\",\"7f97868eec74b32b0982dd158a51a446d1da7eb5\",\"925f818e2c358746b3a14bf3e5614db14208037f\",\"c95af922eae69f190717a0b7148960af8c55a072\",\"0516c53462e633a479f3826e1d3557033413eeb8\",\"53087c11c10b453af4f2eb47471434eae75526f9\",\"5420a8b6744d3b0345ab293f6fcba19c978f1183\",\"fb03f24d58ac0c7a3d85edc1b91dfcfea4329883\",\"08434a82b8376f585898a97654ce18065d14cb97\",\"a5b47d31c556af34a302ce5d659e6fea44d90de0\",\"838f4ea96166350b9185bf3d2cbf786d34127ca2\",\"f2d2788ce5b1741745c0d1a853e856b5b77376b2\",\"284796d39ddb313ec0ae04898de280d41fe32479\",\"970885f01c8bc1fecb7ab1c8ce8e7609bda45530\",\"4f3d34e492b8930c50204a216d960e7da0dc5f63\",\"9f389a1f0b1d442eba00213e7aa09ccd878d18b0\",\"1b2e8c1531abbfe7dcd3de8ff4483326af275bc8\",\"14227de293ca979cf205cd88769fe71ed96a97e2\",\"e72f93569ef83aca933836c2fb9185faeeced236\",\"3b4ad1db5b2a649883ff3782f5f9f6fb52be71af\",\"a0ae8d516398f3724bb3db614ab47f0e4f643f2e\",\"f7a330473f18ddc052fce1f71a2b2d1231860f71\",\"81205292aba40f8868069e2f18d90043d3e724a6\",\"059398de19c863a04c55315526d6c226de540aa1\",\"e6ec13e5a80029d7ebcbc2c90d16ce5ff1fa6c84\",\"8173ecbc8953a159ae0fa2fad94adf3553b0bf8e\",\"b7dfe2d918fda477aa5b42519294b5ada3c991fa\",\"b6b591a3c0ec0452719f4d4555a3e084fd9f12fb\",\"ba29208cca8f239f2cea685183f79df8e4defc29\",\"422f540d2e1f1b41b6184903cd1eb69c777df1bb\",\"914e67f109a574665d15c0d179cdc796abefb176\",\"1bf6a7ce154075e61134f8a68dd50902c3027a10\",\"2628b30e544c309ac3d0c8cd7e78a785400cd41f\",\"0846a25da24891a7b3c725bc190493b5f7525db8\",\"4cadac2bc790baeffa0a7fa19689223966a64c24\",\"b3031338ac8e006cbd668f67c36c24d2c5e64b6d\",\"cd8b52f8269e0feb286dfeef29f8fe4d5b397e0b\",\"205b70273c7999d96b32db43ab54337690817184\",\"62e345dcf33dd13810ceba10407c30a7db6a0958\",\"53feefa2559fb8dfa8d81baad31be332c97d6c77\",\"e720624475f3807e3dc6477e7af6feb09da0b848\",\"bd61a856f807e525beaee41959452c88c83d46cf\",\"f90ceb4f409096b60e2e9076b38b304b8246e5fa\",\"3c0d4d4f56c36fcfd2da00ff26c40046512b4208\",\"1f1f61830e4c9f1eff03047c9d1d11e576853bc4\",\"f96735bc0fa70a12e9f41277b2d909e0c477ee30\",\"e334f8522ac9fe2b381c329b3159a328eeb14f76\",\"18e5f12b39cb93b31a249fb7115b9bbf6162aeeb\",\"b3472531944cd769419f297322dc285a0fc0d6cc\",\"3e542fbf7c84c0bf22f51ad07899cf80f8658caa\",\"00efe9c47819ca58089c4bd5d1d8463248e23228\",\"670d4cfef0544295bc27a114dbac37980d83185a\",\"8ed39f36d6f36299d2ce5f9b35a05d048500f777\",\"bb4e33bf68bf89cad44d386192cbed201f35b241\",\"bef53efd0c76e49e6de55ead051f886bea7e9420\",\"9eade332f0ceebc6b7c9e24893574cad4c51722b\"]},\"isIgnored\":false,\"publicationTime\":\"2020-04-02T11:29:49.000Z\",\"disclosureTime\":\"2020-03-26T11:30:05.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[\"CVE-2019-11254\"],\"CWE\":[\"CWE-1050\"]},\"credit\":[\"Unknown\"],\"CVSSv3\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"cvssScore\":\"6.5\",\"patches\":[],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":325,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-04-29\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" + }, + "snyk": { "projects": [ { - "name": "username/reponame", "id": "projectid", - "source": "github", + "name": "username/reponame", "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "package.json" + "source": "github", + "targetFile": "package.json", + "url": "https://snyk.io/org/orgname/project/projectid" }, { - "name": "someotheruser/someotherreponame", "id": "projectid", - "source": "github", + "name": "someotheruser/someotherreponame", "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "folder1/package.json" + "source": "github", + "targetFile": "folder1/package.json", + "url": "https://snyk.io/org/orgname/project/projectid" }, { - "name": "projectname", "id": "projectid", - "source": "cli", + "name": "projectname", "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "package.json" + "source": "cli", + "targetFile": "package.json", + "url": "https://snyk.io/org/orgname/project/projectid" } - ] - }, - "vulnerability": { - "severity": "high", - "reference": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488", - "score": { - "version": "3.0", - "base": 8.1 - }, - "scanner": { - "vendor": "Snyk" - }, - "classification": "CVSS", - "category": "Github", - "enumeration": "CVE" - }, - "event": { - "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488\",\"id\":\"SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488\",\"title\":\"Insecure Randomness\",\"type\":\"vuln\",\"package\":\"github.com/satori/go.uuid\",\"version\":\"#000000000000\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"golang\",\"packageManager\":\"golang\",\"semver\":{\"vulnerable\":[\"=1.2.0\"],\"hashesRange\":[\"\u003e=0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c \u003cd91630c8510268e75203009fe7daf2b8e1d60c45\"],\"vulnerableHashes\":[\"c596ec57260fd2ad47b2ae6809d6890a2f99c3b2\",\"36e9d2ebbde5e3f13ab2e25625fd453271d6522e\",\"f6920249aa08fc2a2c2e8274ea9648d0bb1e9364\",\"0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c\"]},\"isIgnored\":false,\"publicationTime\":\"2018-10-24T08:56:41.000Z\",\"disclosureTime\":\"2018-03-23T08:57:24.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[],\"CWE\":[\"CWE-338\"]},\"credit\":[\"josselin-c\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":405,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-11-17\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "ecs": { - "version": "8.2.0" - }, - "snyk": { + ], "related": { "projects": [ "username/reponame", @@ -345,28 +374,31 @@ ] }, "vulnerabilities": { - "package": "github.com/go-yaml/yaml", - "is_upgradable": false, + "credit": [ + "Unknown" + ], + "cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "disclosure_time": "2020-03-26T11:30:05.000Z", + "exploit_maturity": "no-known-exploit", + "id": "SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236", "identifiers": { "cwe": [ "CWE-1050" ] }, - "language": "golang", - "cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "introduced_date": "2020-04-29", + "is_fixed": false, + "is_ignored": false, "is_patchable": false, - "title": "Denial of Service (DoS)", - "type": "vuln", "is_patched": false, - "is_fixed": false, - "version": "2.1.0", - "exploit_maturity": "no-known-exploit", - "priority_score": 325, + "is_pinnable": false, + "is_upgradable": false, + "language": "golang", + "package": "github.com/go-yaml/yaml", "package_manager": "golang", - "unique_severities_list": [ - "medium" - ], - "introduced_date": "2020-04-29", + "priority_score": 325, + "publication_time": "2020-04-02T11:29:49.000Z", + "reachability": "No Info", "semver": { "hashesRange": [ "53403b58ad1b561927d19068c655246f2db79d48" @@ -655,66 +687,34 @@ "9eade332f0ceebc6b7c9e24893574cad4c51722b" ] }, - "disclosure_time": "2020-03-26T11:30:05.000Z", - "id": "SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236", - "reachability": "No Info", - "is_pinnable": false, - "credit": [ - "Unknown" + "title": "Denial of Service (DoS)", + "type": "vuln", + "unique_severities_list": [ + "medium" ], - "is_ignored": false, - "publication_time": "2020-04-02T11:29:49.000Z" - }, - "projects": [ - { - "name": "username/reponame", - "id": "projectid", - "source": "github", - "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "package.json" - }, - { - "name": "someotheruser/someotherreponame", - "id": "projectid", - "source": "github", - "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "folder1/package.json" - }, - { - "name": "projectname", - "id": "projectid", - "source": "cli", - "packageManager": "npm", - "url": "https://snyk.io/org/orgname/project/projectid", - "targetFile": "package.json" - } - ] + "version": "2.1.0" + } }, + "tags": [ + "preserve_original_event" + ], "vulnerability": { - "severity": "medium", + "category": "Github", + "classification": "CVSS", + "enumeration": "CVE", + "id": [ + "CVE-2019-11254" + ], "reference": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236", - "score": { - "version": "3.0", - "base": 6.5 - }, "scanner": { "vendor": "Snyk" }, - "id": [ - "CVE-2019-11254" - ], - "classification": "CVSS", - "category": "Github", - "enumeration": "CVE" - }, - "event": { - "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236\",\"id\":\"SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236\",\"title\":\"Denial of Service (DoS)\",\"type\":\"vuln\",\"package\":\"github.com/go-yaml/yaml\",\"version\":\"2.1.0\",\"severity\":\"medium\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"medium\"],\"language\":\"golang\",\"packageManager\":\"golang\",\"semver\":{\"vulnerable\":[\"\u003c2.2.8\"],\"hashesRange\":[\"53403b58ad1b561927d19068c655246f2db79d48\"],\"vulnerableHashes\":[\"dd8f49ae7840d1fc6810d53ee7b05356da92f81f\",\"d4766d1dff71f8a135a57e1fcff946c8c1a140ab\",\"2aba0a492be00f1eb4d95483b08930ebe4968b64\",\"3b0eedc5a476efc2b2e025eff55b2fd08fa32abd\",\"2f2fd02e5a54a7d4f5e5d3494b170b0cb9275c92\",\"7ad95dd0798a40da1ccdff6dff35fd177b5edf40\",\"f7716cbe52baa25d2e9b0d0da546fcf909fc16b4\",\"1ff37a7d30b085dc643dee7adb18759e3511661a\",\"eca94c41d994ae2215d455ce578ae6e2dc6ee516\",\"b0c168ac0cf9493da1f9bb76c34b26ffef940b4a\",\"77373ee937410eceadc4dc64b1100d897ed593d0\",\"025607cd2e381e6e08a56ffec46ac79e23ca2d88\",\"7d17c9173a3d25ebba15cedb25b5205bdfb1eac8\",\"ca3d523f32f3b33fb3265bfeb8e11003a8670e3d\",\"85db785e81ed62ffae7a145404fc0f022335378c\",\"a72a87d92dad7563e31c2c007e8d67f93d67f221\",\"1be3d31502d6eabc0dd7ce5b0daab022e14a5538\",\"90376f16b6d74c4e2fff21dd24397bec3dc62dd5\",\"bb263360b83253468e534d974aabeddd6c22f887\",\"d466437aa4adc35830964cffc5b5f262c63ddcb4\",\"d6c23fbaf16f72995b58492627e65801cfb9a8dd\",\"e4d366fc3c7938e2958e662b4258c7a89e1f0e3e\",\"60a2abf4e00318875a661c29b36df7a68e484bf4\",\"f4d271a8a289b41fa88b802c430fefde4e018bba\",\"10c59a7d91867c206737dcd482fe68906a1484ca\",\"d0b6f3facf302fb1bf969a12bad68ce720b3c025\",\"4d6bb54d8acc91e147763cea066cff0b89437e90\",\"1244d3ce02e3e1c16820ada0bae506b6c479f106\",\"49fdd64ad429d146bacf7106dd73078e889be2e8\",\"8e626dec39b5836cef636d885e33479debcf0cb1\",\"4914593b9558e85597f08346c798aea8f6fb899f\",\"031c922227a592b2b562a1833438308381f9a8bf\",\"b51f82a2e3cbedab685908bd64d61d0a1b781754\",\"c75e52ecee48db6de9aa73d00a360d43abf3e7ac\",\"857a0b2759f87f47aaebad6dd319cf4f887eb6dc\",\"5887bc194be84805c8283e9d9a66102bf9571fca\",\"a528d0ef484d32e416d7b9c4a249d1fa7111be6e\",\"5b18502a28c65dfd209ea5aebb405fb6fc07f7e1\",\"5d6f7e02b7cdad63b06ab3877915532cd30073b4\",\"9c272e25743608d6d3287141522eb4506b2dac45\",\"125a562d7bf105e062ed2adfb2d37e6f11c209bd\",\"87e4a22b684220ccca96de3f2e651b2380a55f9e\",\"d56ec34a3ded0bb58c82198664664ccb81eec91b\",\"b754a4fe6ad8db932e083a2d85ae2199b3516bef\",\"04092268b2c5e87e6373229049c827b833af4edb\",\"f59f5e67022f3c186e20af01b1993b86ac74f0dc\",\"52d5976e4791cf8c96a9de7569098e3752677412\",\"770b8dae4cf00919e5eafffbd8d58186294b61b5\",\"71e7ede9d48a2e096f6d5d0516c763513a471bd1\",\"b01920c75e30179201b01633db246038b0226ce9\",\"ef0aede23c8c624e127a9a59183ee8915e48a3c9\",\"1632dd8118ce1efece66b7f53bb167956d5d8b4e\",\"05299e459464264cd87a230b62d1aca93725c51b\",\"d00346f943c9d2c43424c8a3840f5ca58817750d\",\"49c95bdc21843256fb6c4e0d370a05f24a0bf213\",\"088598405c86d37e951287d094d691e221654a00\",\"c11897f0ba79d8a35d8a124ff0d76e13d9dccb9b\",\"711419034010345c604724ef87ec3db91ffe0936\",\"3e6d767784b037b90a14701b6c9f0643f05db963\",\"a83829b6f1293c91addabc89d0571c246397bbf4\",\"ee2f4956ea46791a74a31142105f03c0d5f9492b\",\"7b079234548be56f14c6e342d4660aa8d54865b7\",\"b7fbda9990042cd5456fdf187480c25fdd776f92\",\"a6dc653f939ab0e6a554873806c41add1140d90c\",\"687eda924018599a7c4518013c369f0bfb7eb0e1\",\"fa9662d290d59b79f2ef7e1f72c885560efe512d\",\"e47eca576e8f3a433de0ba77f1923e7c7f959667\",\"e90bcf783f7abddaa0ee0994a09e536498744e49\",\"fdc1ab46101a842d9e914408bd481f6647d5f9c1\",\"f0766b44ca7999dc9af38a050ddf6db79d05bf3b\",\"cdd36ee8d333aa740c1c0bceae0da74969b2c60b\",\"7701d177ce02b7bd38c4ebd2ba4a7783080505ae\",\"2c1be0d7f7ff8305cf666e89152e9753c8b39004\",\"97203c6e4fc7347bfef3bd6d4913e90bd46c7ecb\",\"7c97801ccf41d5273de9e22c8b2af6860c7703a2\",\"7002636de42c9ef59a2921bb4f78744cabe8bfe3\",\"0725b7707fdeeb6894c403d0f5a2a20e1dc7454d\",\"1dd72ac3928693b9db2533639dfc2a5f831697eb\",\"73a1567027eea2fab2b057a193036f844736f7da\",\"7539b1dee2c790ab2d1aa5e254ef877f5552ff97\",\"920b7d819b42f26f4796e4a43f518090a7a6331f\",\"1f64d6156d11335c3f22d9330b0ad14fc1e789ce\",\"1b9791953ba4027efaeb728c7355e542a203be5e\",\"1ed59511881fdb008c1e618e9f219ce0704e658e\",\"c325d146e464fb9567e780ddfa2dad3a99323075\",\"0ee36981cbf495d5eb6aeb540a3afc25c61d1a96\",\"c4a9fb418357aceb801272d73efd518f183700fa\",\"a347d2466e459933f4fb25f8026d995977436ccf\",\"f221b8435cfb71e54062f6c6e99e9ade30b124d5\",\"5206f6dd03423b3a5462a2a4286a4efae8abe347\",\"a1c4bcb6c278a41992e2f4f0f29a44b4146daa5c\",\"4ca689e686c2caf4dda3a62936c097d6dfb56877\",\"119a11e4378a0410c69c42d82f51331a6da7a97c\",\"c7da9dcff86f24fcfdc15e1f9fa39dfc19784616\",\"f29dde21846f6357ee4421013b59eefd65c069b0\",\"5515099aacaeb9ff3ab7492f0803327bb19fc512\",\"1c9241b56a03383c77e1c33d86ea6ca4a927153e\",\"86f5ed62f8a0ee96bd888d2efdfd6d4fb100a4eb\",\"1f2a25ba9402c70a7806e84531ef763943739072\",\"1418a9bc452f9cf4efa70307cafcb10743e64a56\",\"65b1927d8262617ca3d25f296fdde1e8c48f813d\",\"2bf60357b89cbc6044dde700cf63bab94a615bf7\",\"c6314f5b627e2a1c1846d89cd775de6b2808d37e\",\"50e1b1b1332ea40fff2a9b13bfbccbbecd526f00\",\"50f7813e6b19e58334360ab011dfbaece5b1501f\",\"a311394a2a9276454d3f92d26838c3ae3d99cdf3\",\"79f5ef7c40ae7a4ee6bcd26d324bf50491b431e5\",\"731788bc8b082f8c81c63ca0abd5950c7a68a2f1\",\"6491ec31f7b0d27492e3046c86de94838dcb523c\",\"41168bb7ed2fc849bc36727a2b902bd8f447bfc2\",\"bc27649cd5454055cf20fdb9ef556c214d3f9aa0\",\"d6b53382672776035ad8ef0404681f8a4a16bb95\",\"8eba062837dc10754db7cbafcbedbfbc985ca172\",\"837b0877fcd6b2c8ba83d126917267695ff16ad8\",\"72c33f6840f49f9ed7d1faef7562b3266640fdf4\",\"26b882523374125854702734c30b0ce6a1a18d7b\",\"e90048704a8adb0b81b2e15ebafd1a35fa110903\",\"4fc5987536ef307a24ca299aee7ae301cde3d221\",\"4341420a144323d3f148ece677a20da6e077cfd2\",\"5c8bfe59213b6e9a5eb50debebc396e99a9fa174\",\"200c098a06472243b50aeda4510220a90c4e7dbe\",\"de3643d77b438c6f0f69f350c437639a300b5e73\",\"9a4310b1caff4cca3780580195a916ca060d08f7\",\"91eb945ac02153399ac9f69e34751f1a176254c3\",\"4cdd993908b57c3b87bef0695e5ca989151ad55f\",\"7ddc4634ce2d8ca5c03846918ae1df6aa40ee464\",\"ec232d2920a84930b077414b60b5985e076ae228\",\"2c8612dfee1362e7e482c66c5feb892a94d53255\",\"d670f9405373e636a5a2765eea47fac0c9bc91a4\",\"e9bfed595636e952566e5cb857c22b918f2530a2\",\"c1cd2254a6dd314c9d73c338c12688c9325d85c6\",\"df747160af0ebfcc572951e4168d4b1bc91a47f5\",\"a65e08b08285cef29253c50ffd92469bf6e26a29\",\"e6da37e746419537560c1e95e429f42b33f6d0e3\",\"eea198a9c5cc6e02bfcd130a932051088a9f0950\",\"6675ed2a9028caf87bb5915503c08a595e57b77d\",\"562080bfe963d41a6870a4c500918f6361a0b61f\",\"8171f560dedcb162dd3d2c925015679e84bac269\",\"c78cd3ebd83777ac093137fbb55c33a9d3f65819\",\"e4ac4c457c23b390e7fd75ddf746c5a69aa8cfd5\",\"93d787c44dc828e1c67fa275cb66eb86bb2929f8\",\"7cdd87a79f79db641dae55776224443026d28928\",\"406cad6bb47dd7d9a123d005fb8ff766f6463051\",\"523c7d9470684b02d902e8d986cd9eea66884755\",\"9ca8abd6882a6e741166e6ec946a73f3a64df65a\",\"885e19c0dda1f4e4e22837474879f8f3d36fb449\",\"e8976af76e3d35c48f8b2c9540cca3e92995fbc6\",\"addb3a024ff5763c8facbe4767fe530d602cfedc\",\"c7f6f9c6e6c14027a46eb91241427dba67604f39\",\"0a6d1b02c16e372ceea8f17f3b1833b918954bf1\",\"835086a6b6aa65939515e30b5d6c2eba43d7c075\",\"7b8fd2dbef04521fdd8d670ef4c77be691845aa2\",\"3eb2270747cdd89e3f095cb24e8dd4ccf2a098f6\",\"1d653a737648051ca638423377052c2f5c10c050\",\"14d1c4659ec7b9ee26f5d705f3c2bb56cb6cbee4\",\"c544d0342172409bd9c8f7c45d9fb21971c8aee9\",\"6941443daa441371720e9ef8f3554c3958cfb071\",\"f8db564a0a4a5f6d04f66522493597f18e5ab4ae\",\"7c634f6a68c1076d3cfdc56930db26e86f7876d7\",\"f7e23311052d3dda728ce15788fb3727898afa17\",\"8691640bc70f3d96128a809341d850b550a3abb9\",\"b9b22c434500d7639936fbed673fc0ef23ce88f6\",\"d6385b38675d8d03521c9290f4f3d7bff08664c0\",\"4c78c975fe7c825c6d1466c42be594d1d6f3aba6\",\"54c736c86c9bcc793fb4bd6f203604cd738dc0e9\",\"722ff6b958a31d4ca3405db35a72648a6077a6bb\",\"2afc2e57e051513a3f5f67e74857696a8558d67b\",\"283fbcdd1e64975730a38609f8802ef983a43cb9\",\"ab5d55c35f3919fe06e9daedce5a32f4aab23777\",\"e2fbf5b72a6a12abd15be9b37656a0a136fc32f8\",\"399c3345e0f76f583d830cd7da27518bbb00c91a\",\"b6679148d27038e59d7818facc4d100e677a64ae\",\"43a0256bb22b0c2e1803ac6e28f55e5989a60523\",\"f5f5cc19d1f681884684426c96adadef47a3b55c\",\"787afde64d7b36591050440c4a14c2288b373de6\",\"7b8349ac747c6a24702b762d2c4fd9266cf4f1d6\",\"0e4404da71227dcc02fb1deee803d93e86d08f72\",\"a95acef3719e5e9f7614cc90a119dee4699291eb\",\"3ba0e99ffa727bd7eb782b7a5d1aafcb989b0899\",\"5edc3ded41385ca1b9a80339d2a070e4d0a17cb6\",\"2c9db3558be789ef3896b03ed3f354b822c304b9\",\"a833012353d046b1f12c82db87d01c86570b24d7\",\"77b516425597da3c093a666c11608112e91604de\",\"1ade51a028efa6990b524e0b01237dbd9123957d\",\"9e27074feeaed4b0ae4e5e71187eff80c0f0bf35\",\"cd515839285fe1a31b92193360172d59f818c9b8\",\"9f33a69b86c3c76c52e41d12d83e233065bfcca9\",\"36babc3691687601732d9e2571b698be4116469a\",\"51d6538a90f86fe93ac480b35f37b2be17fef232\",\"31c299268d302dd0aa9a0dcf765a3d58971ac83f\",\"3e92d6a11b92fa4612d66712704844bdc0c48aed\",\"9211cbc02789a32acf5e90c23a42f040ac3ec3f8\",\"0cb32393ebcfc65467398e5daadfb63b2184caea\",\"0f9a5c380d77a8b2888a78c3d3a14db15949b1fa\",\"82377a97b299347cd15cc1be13e1c8d04e33efbb\",\"fe9486c37432968838e1798b2317dc1aa10b586b\",\"77b384eced7745af978888311ea3c67e57c7ed96\",\"fc7f19eff1782a0beae3065097c776183e7d01d0\",\"dbd6d0229d1f1e1c3055cd82efb81f60a27d1103\",\"25c4ec802a7d637f88d584ab26798e94ad14c13b\",\"5e76f7cf8cb1fc353b84b96c72a36c4984cbd005\",\"a5844a8f8f489bad96ab6da62cfa21ee1f5d9e6b\",\"41c132e8ac051886e4eb06e7c3d58ced63d58057\",\"4f03e946c120a8f146f43bee6f392f9bb5d0a677\",\"287cf08546ab5e7e37d55a84f7ed3fd1db036de5\",\"1092c5d94f266e0f94e485a24f7010da877eeba0\",\"910de082618d0d8ccac6443a6e7a72cc8bcd5227\",\"feb4ca79644e8e7e39c06095246ee54b1282c118\",\"3c68098bffba683534584be69216dac3a2b2305a\",\"3323b7713e656f16fbd0eec27c60370b6237f4e3\",\"f3293401ceedf2a32a1c22cb062b274dba6be798\",\"43607cc2a1772b23faf366c24b8e33541187b64d\",\"add015b1c64e144664b73d5eacfeb6aeace2e45c\",\"3e69410288aeb97d31353af8e063b798d40feb3f\",\"39e59aa7e15898a87148f0f4891a085c83b9b0fc\",\"a3f3340b5840cee44f372bddb5880fcbc419b46a\",\"05d405925260878bd750ea7d96c746c2d726b349\",\"65622dcbf4c25328cd440d1b322c6530abe83337\",\"8ca81d591dc2242f9c4b7a907533f0b7f93802b5\",\"3d8cfc3754fba03b8f1a0d44ea4e6e870cf86c57\",\"eb3733d160e74a9c7e442f435eb3bea458e1d19f\",\"d0fefed9b627fbe0c1597ac29ed5f48ff2eb9064\",\"dcd83b31fd165d8cc8677fce58f889dca3e06f35\",\"7f97868eec74b32b0982dd158a51a446d1da7eb5\",\"925f818e2c358746b3a14bf3e5614db14208037f\",\"c95af922eae69f190717a0b7148960af8c55a072\",\"0516c53462e633a479f3826e1d3557033413eeb8\",\"53087c11c10b453af4f2eb47471434eae75526f9\",\"5420a8b6744d3b0345ab293f6fcba19c978f1183\",\"fb03f24d58ac0c7a3d85edc1b91dfcfea4329883\",\"08434a82b8376f585898a97654ce18065d14cb97\",\"a5b47d31c556af34a302ce5d659e6fea44d90de0\",\"838f4ea96166350b9185bf3d2cbf786d34127ca2\",\"f2d2788ce5b1741745c0d1a853e856b5b77376b2\",\"284796d39ddb313ec0ae04898de280d41fe32479\",\"970885f01c8bc1fecb7ab1c8ce8e7609bda45530\",\"4f3d34e492b8930c50204a216d960e7da0dc5f63\",\"9f389a1f0b1d442eba00213e7aa09ccd878d18b0\",\"1b2e8c1531abbfe7dcd3de8ff4483326af275bc8\",\"14227de293ca979cf205cd88769fe71ed96a97e2\",\"e72f93569ef83aca933836c2fb9185faeeced236\",\"3b4ad1db5b2a649883ff3782f5f9f6fb52be71af\",\"a0ae8d516398f3724bb3db614ab47f0e4f643f2e\",\"f7a330473f18ddc052fce1f71a2b2d1231860f71\",\"81205292aba40f8868069e2f18d90043d3e724a6\",\"059398de19c863a04c55315526d6c226de540aa1\",\"e6ec13e5a80029d7ebcbc2c90d16ce5ff1fa6c84\",\"8173ecbc8953a159ae0fa2fad94adf3553b0bf8e\",\"b7dfe2d918fda477aa5b42519294b5ada3c991fa\",\"b6b591a3c0ec0452719f4d4555a3e084fd9f12fb\",\"ba29208cca8f239f2cea685183f79df8e4defc29\",\"422f540d2e1f1b41b6184903cd1eb69c777df1bb\",\"914e67f109a574665d15c0d179cdc796abefb176\",\"1bf6a7ce154075e61134f8a68dd50902c3027a10\",\"2628b30e544c309ac3d0c8cd7e78a785400cd41f\",\"0846a25da24891a7b3c725bc190493b5f7525db8\",\"4cadac2bc790baeffa0a7fa19689223966a64c24\",\"b3031338ac8e006cbd668f67c36c24d2c5e64b6d\",\"cd8b52f8269e0feb286dfeef29f8fe4d5b397e0b\",\"205b70273c7999d96b32db43ab54337690817184\",\"62e345dcf33dd13810ceba10407c30a7db6a0958\",\"53feefa2559fb8dfa8d81baad31be332c97d6c77\",\"e720624475f3807e3dc6477e7af6feb09da0b848\",\"bd61a856f807e525beaee41959452c88c83d46cf\",\"f90ceb4f409096b60e2e9076b38b304b8246e5fa\",\"3c0d4d4f56c36fcfd2da00ff26c40046512b4208\",\"1f1f61830e4c9f1eff03047c9d1d11e576853bc4\",\"f96735bc0fa70a12e9f41277b2d909e0c477ee30\",\"e334f8522ac9fe2b381c329b3159a328eeb14f76\",\"18e5f12b39cb93b31a249fb7115b9bbf6162aeeb\",\"b3472531944cd769419f297322dc285a0fc0d6cc\",\"3e542fbf7c84c0bf22f51ad07899cf80f8658caa\",\"00efe9c47819ca58089c4bd5d1d8463248e23228\",\"670d4cfef0544295bc27a114dbac37980d83185a\",\"8ed39f36d6f36299d2ce5f9b35a05d048500f777\",\"bb4e33bf68bf89cad44d386192cbed201f35b241\",\"bef53efd0c76e49e6de55ead051f886bea7e9420\",\"9eade332f0ceebc6b7c9e24893574cad4c51722b\"]},\"isIgnored\":false,\"publicationTime\":\"2020-04-02T11:29:49.000Z\",\"disclosureTime\":\"2020-03-26T11:30:05.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[\"CVE-2019-11254\"],\"CWE\":[\"CWE-1050\"]},\"credit\":[\"Unknown\"],\"CVSSv3\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"cvssScore\":\"6.5\",\"patches\":[],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":325,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-04-29\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" - }, - "tags": [ - "preserve_original_event" - ] + "score": { + "base": 6.5, + "version": "3.0" + }, + "severity": "medium" + } } ] } \ No newline at end of file diff --git a/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml b/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml index 964bf43d670..c4ee018fb05 100644 --- a/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml +++ b/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Snyk vulnerability logs processors: - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 - rename: field: message target_field: event.original diff --git a/packages/snyk/data_stream/vulnerabilities/sample_event.json b/packages/snyk/data_stream/vulnerabilities/sample_event.json index 4666a589646..311a3bcaca3 100644 --- a/packages/snyk/data_stream/vulnerabilities/sample_event.json +++ b/packages/snyk/data_stream/vulnerabilities/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/snyk/docs/README.md b/packages/snyk/docs/README.md index 93fc4dd8694..cfe34e1d71f 100644 --- a/packages/snyk/docs/README.md +++ b/packages/snyk/docs/README.md @@ -28,7 +28,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", @@ -137,7 +137,7 @@ An example event for `vulnerabilities` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/snyk/manifest.yml b/packages/snyk/manifest.yml index a1eeaea0799..9fd23b75750 100644 --- a/packages/snyk/manifest.yml +++ b/packages/snyk/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: snyk title: "Snyk" -version: 1.2.1 +version: "1.3.0" license: basic description: "Collect logs from Snyk API with Elastic Agent." type: integration diff --git a/packages/sonicwall_firewall/_dev/build/build.yml b/packages/sonicwall_firewall/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/sonicwall_firewall/_dev/build/build.yml +++ b/packages/sonicwall_firewall/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/sonicwall_firewall/changelog.yml b/packages/sonicwall_firewall/changelog.yml index 36db47da9fa..3e01087a9ea 100644 --- a/packages/sonicwall_firewall/changelog.yml +++ b/packages/sonicwall_firewall/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.1.1" changes: - description: Fix handling of NAT fields diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json index b09322feecc..125302c1d55 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json @@ -19,7 +19,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -91,7 +91,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -183,7 +183,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "97", @@ -260,7 +260,7 @@ "port": 161 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "1220", @@ -303,7 +303,7 @@ "port": 4444 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "session-start", @@ -379,7 +379,7 @@ "port": 45071 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "attack-detected", @@ -457,7 +457,7 @@ "port": 35878 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "attack-detected", @@ -544,7 +544,7 @@ "port": 10617 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "866", @@ -620,7 +620,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "867", @@ -694,7 +694,7 @@ "port": 56432 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "internal-log-failure", @@ -770,7 +770,7 @@ "port": 22402 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "attack-detected", @@ -840,7 +840,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "1231", @@ -904,7 +904,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "326", @@ -965,7 +965,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "1232", @@ -1013,7 +1013,7 @@ { "@timestamp": "2022-04-27T10:24:35.000+02:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "586", @@ -1055,7 +1055,7 @@ { "@timestamp": "2022-04-27T10:24:35.000+02:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "307", @@ -1099,7 +1099,7 @@ "ip": "172.16.1.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "584", @@ -1146,7 +1146,7 @@ { "@timestamp": "2022-04-28T06:38:51.000+02:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "1371", @@ -1184,7 +1184,7 @@ "port": 37462 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "1370", @@ -1253,7 +1253,7 @@ "port": 12137 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "attack-detected", @@ -1331,7 +1331,7 @@ "port": 61017 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "attack-detected", @@ -1420,7 +1420,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "436", @@ -1467,7 +1467,7 @@ { "@timestamp": "2022-04-27T23:04:26.000+02:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "585", @@ -1513,7 +1513,7 @@ "port": 81 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "attack-blocked", @@ -1585,7 +1585,7 @@ "port": 4444 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "session-end", @@ -1661,7 +1661,7 @@ "port": 4444 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "session-end", @@ -1725,7 +1725,7 @@ "port": 4444 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login-success", @@ -1801,7 +1801,7 @@ "port": 4444 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "logout", @@ -1874,7 +1874,7 @@ "ip": "172.16.0.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "435", @@ -1921,7 +1921,7 @@ { "@timestamp": "2022-04-29T03:46:56.000+02:00", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "internal-log-failure", @@ -1976,7 +1976,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "1230", @@ -2028,7 +2028,7 @@ "port": 4444 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login-failure", diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json index f2867174c22..fda90beaff0 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json @@ -7,7 +7,7 @@ "port": 50000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -84,7 +84,7 @@ "port": 50000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login-failure", @@ -158,7 +158,7 @@ "port": 50000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -236,7 +236,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -306,7 +306,7 @@ "port": 1026 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -380,7 +380,7 @@ "port": 41850 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -466,7 +466,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -533,7 +533,7 @@ "port": 50000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -610,7 +610,7 @@ "port": 50000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "login-failure", @@ -684,7 +684,7 @@ "port": 50000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -761,7 +761,7 @@ "port": 6822 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-dropped", @@ -840,7 +840,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -917,7 +917,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "346", @@ -983,7 +983,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -1048,7 +1048,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "483", @@ -1102,7 +1102,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -1169,7 +1169,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -1236,7 +1236,7 @@ "port": 50000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -1317,7 +1317,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -1393,7 +1393,7 @@ "port": 3582 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -1458,7 +1458,7 @@ "ip": "192.168.5.10" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -1515,7 +1515,7 @@ "ip": "::1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -1592,7 +1592,7 @@ "mac": "00-53-00-00-00-0C" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "original": "id=firewall sn=XXXXXXX time=\"2015-11-21 14:30:38\" fw=10.0.0.1 pri=5 msg=\"Unhandled link-local or multicast IPv6 packet dropped\" srcV6=fe80::d4db:99b9:6f20:f6bd dstV6=ff02::c srcMac=00:53:ff:ff:55:55 dstMac=00:53:00:00:00:0c proto=udp/65535", @@ -1647,7 +1647,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "1388", @@ -1709,7 +1709,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-info", @@ -1791,7 +1791,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -1890,7 +1890,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -1996,7 +1996,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "97", @@ -2102,7 +2102,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "97", @@ -2210,7 +2210,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "97", @@ -2313,7 +2313,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "97", @@ -2422,7 +2422,7 @@ "port": 8800 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -2505,7 +2505,7 @@ "port": 1850 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "attack-detected", @@ -2603,7 +2603,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "97", @@ -2707,7 +2707,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "attack-blocked", @@ -2797,7 +2797,7 @@ "port": 4433 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -2895,7 +2895,7 @@ "port": 4433 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -2984,7 +2984,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json index 8493751e57c..de23704f004 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json @@ -11,7 +11,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-forwarded", @@ -87,7 +87,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-forwarded", @@ -166,7 +166,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-forwarded", @@ -242,7 +242,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-forwarded", diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json index 4b506d140f8..21efba39ff3 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json @@ -9,7 +9,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -111,7 +111,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -213,7 +213,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -313,7 +313,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -407,7 +407,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -506,7 +506,7 @@ "port": 64889 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -607,7 +607,7 @@ "port": 64889 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -695,7 +695,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "config-change", @@ -780,7 +780,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "config-change", @@ -867,7 +867,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -973,7 +973,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -1079,7 +1079,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -1175,7 +1175,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -1272,7 +1272,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -1363,7 +1363,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -1460,7 +1460,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -1551,7 +1551,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -1648,7 +1648,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -1752,7 +1752,7 @@ "port": 64891 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -1853,7 +1853,7 @@ "port": 64891 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -1954,7 +1954,7 @@ "port": 64890 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -2055,7 +2055,7 @@ "port": 64890 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -2156,7 +2156,7 @@ "port": 64892 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -2257,7 +2257,7 @@ "port": 64892 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -2345,7 +2345,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -2442,7 +2442,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -2535,7 +2535,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -2641,7 +2641,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -2758,7 +2758,7 @@ "port": 64893 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -2859,7 +2859,7 @@ "port": 64893 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -2949,7 +2949,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -3055,7 +3055,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -3159,7 +3159,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -3256,7 +3256,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -3360,7 +3360,7 @@ "port": 64894 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -3461,7 +3461,7 @@ "port": 64894 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -3549,7 +3549,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -3646,7 +3646,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -3750,7 +3750,7 @@ "port": 64895 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -3851,7 +3851,7 @@ "port": 64895 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -3941,7 +3941,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -4047,7 +4047,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -4153,7 +4153,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -4249,7 +4249,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -4346,7 +4346,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -4437,7 +4437,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -4534,7 +4534,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -4638,7 +4638,7 @@ "port": 64896 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -4739,7 +4739,7 @@ "port": 64896 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -4840,7 +4840,7 @@ "port": 64897 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -4941,7 +4941,7 @@ "port": 64897 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -5029,7 +5029,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -5126,7 +5126,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -5230,7 +5230,7 @@ "port": 64898 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -5331,7 +5331,7 @@ "port": 64898 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -5419,7 +5419,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -5516,7 +5516,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -5609,7 +5609,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -5715,7 +5715,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -5832,7 +5832,7 @@ "port": 64899 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -5933,7 +5933,7 @@ "port": 64899 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -6023,7 +6023,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -6129,7 +6129,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -6233,7 +6233,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -6330,7 +6330,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -6434,7 +6434,7 @@ "port": 64901 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -6535,7 +6535,7 @@ "port": 64901 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -6623,7 +6623,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -6720,7 +6720,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -6811,7 +6811,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -6908,7 +6908,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -7012,7 +7012,7 @@ "port": 64903 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -7113,7 +7113,7 @@ "port": 64903 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -7214,7 +7214,7 @@ "port": 64902 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -7315,7 +7315,7 @@ "port": 64902 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -7403,7 +7403,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -7500,7 +7500,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -7604,7 +7604,7 @@ "port": 64904 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -7705,7 +7705,7 @@ "port": 64904 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -7793,7 +7793,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -7890,7 +7890,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -7983,7 +7983,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -8089,7 +8089,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -8195,7 +8195,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -8312,7 +8312,7 @@ "port": 64905 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -8413,7 +8413,7 @@ "port": 64905 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -8503,7 +8503,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -8607,7 +8607,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -8697,7 +8697,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -8783,7 +8783,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -8889,7 +8889,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -8983,7 +8983,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -9077,7 +9077,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -9171,7 +9171,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -9268,7 +9268,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -9365,7 +9365,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -9456,7 +9456,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -9553,7 +9553,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -9657,7 +9657,7 @@ "port": 64906 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -9758,7 +9758,7 @@ "port": 64906 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -9859,7 +9859,7 @@ "port": 64907 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -9960,7 +9960,7 @@ "port": 64907 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -10048,7 +10048,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -10145,7 +10145,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -10249,7 +10249,7 @@ "port": 64908 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -10350,7 +10350,7 @@ "port": 64908 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -10438,7 +10438,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -10535,7 +10535,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -10628,7 +10628,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -10734,7 +10734,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -10851,7 +10851,7 @@ "port": 64909 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -10952,7 +10952,7 @@ "port": 64909 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -11042,7 +11042,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -11148,7 +11148,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -11246,7 +11246,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -11350,7 +11350,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -11447,7 +11447,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -11551,7 +11551,7 @@ "port": 64910 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -11652,7 +11652,7 @@ "port": 64910 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -11742,7 +11742,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -11850,7 +11850,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -11935,7 +11935,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-forwarded", @@ -12012,7 +12012,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -12097,7 +12097,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-forwarded", @@ -12172,7 +12172,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -12268,7 +12268,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -12365,7 +12365,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -12456,7 +12456,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -12553,7 +12553,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -12657,7 +12657,7 @@ "port": 64913 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -12758,7 +12758,7 @@ "port": 64913 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -12859,7 +12859,7 @@ "port": 64912 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -12960,7 +12960,7 @@ "port": 64912 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -13055,7 +13055,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -13145,7 +13145,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -13228,7 +13228,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -13325,7 +13325,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -13416,7 +13416,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-start", @@ -13513,7 +13513,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "packet-management", @@ -13617,7 +13617,7 @@ "port": 64914 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -13718,7 +13718,7 @@ "port": 64914 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -13808,7 +13808,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -13914,7 +13914,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", @@ -14031,7 +14031,7 @@ "port": 64915 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -14132,7 +14132,7 @@ "port": 64915 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-denied", @@ -14222,7 +14222,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "connection-end", diff --git a/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 63d59111601..71a8e24cabc 100644 --- a/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing SonicWall firewall logs processors: - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: observer.vendor diff --git a/packages/sonicwall_firewall/data_stream/log/sample_event.json b/packages/sonicwall_firewall/data_stream/log/sample_event.json index eba948c3f47..f6dd2c97f7f 100644 --- a/packages/sonicwall_firewall/data_stream/log/sample_event.json +++ b/packages/sonicwall_firewall/data_stream/log/sample_event.json @@ -30,7 +30,7 @@ "port": 64889 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "08a5caf6-a717-4f5f-90e2-0f4eb7c59b00", diff --git a/packages/sonicwall_firewall/docs/README.md b/packages/sonicwall_firewall/docs/README.md index 9d152b95bb8..7bd2bbf63fa 100644 --- a/packages/sonicwall_firewall/docs/README.md +++ b/packages/sonicwall_firewall/docs/README.md @@ -109,7 +109,7 @@ An example event for `log` looks as following: "port": 64889 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "08a5caf6-a717-4f5f-90e2-0f4eb7c59b00", diff --git a/packages/sonicwall_firewall/manifest.yml b/packages/sonicwall_firewall/manifest.yml index 82e3b862bc9..88fd29a2c3a 100644 --- a/packages/sonicwall_firewall/manifest.yml +++ b/packages/sonicwall_firewall/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sonicwall_firewall title: "SonicWall Firewall" -version: 0.1.1 +version: "0.2.0" license: basic release: beta description: "Integration for SonicWall firewall logs" diff --git a/packages/sophos/_dev/build/build.yml b/packages/sophos/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/sophos/_dev/build/build.yml +++ b/packages/sophos/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/sophos/changelog.yml b/packages/sophos/changelog.yml index 31177383db5..6ea9f0c2f93 100644 --- a/packages/sophos/changelog.yml +++ b/packages/sophos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.2.2" changes: - description: Update Readme to include links to Sophos's documentation. Also used the latest product name for Astaro diff --git a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json index e3c857c956e..438561e0c93 100644 --- a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:1:29-06:09:59 localhost.localdomain smtpd[905]: MASTER[nnumqua]: QR globally disabled, status one set to 'disabled'", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:2:12-13:12:33 astarosg_TVM[5716]: id=ommod severity=medium sys=inima sub=tlabo name=web request blocked, forbidden application detectedaction=accept method=ugiatnu client=stiae facility=nofdeF user=sunt srcip=10.57.170.140 dstip=10.213.231.72 version=1.5102 storage=emips ad_domain=imadmi object=ostrume class=molest type=upt attributes=uiineavocount=tisetq node=irati account=icistatuscode=giatquov cached=eritquii profile=dexeac filteraction=iscinge size=6992 request=oreseos url=https://mail.example.net/tati/utaliqu.html?iquaUten=santium#iciatisu referer=https://www5.example.org/eporroqu/uat.txt?atquovo=suntinc#xeac error=nidolo authtime=tatn dnstime=eli cattime=nnu avscantime=dolo fullreqtime=Loremip device=idolor auth=emeumfu ua=CSed exceptions=lupt group=psaquae category=oinBCSe categoryname=mnisist content-type=sedd reputation=uatD application=iunt app-id=temveleu reason=colabo filename=eme file=numqu extension=qui time=civeli function=block line=agnaali message=gnam fwrule=tat seq=ipitla initf=enp0s7281 outitf=enp0s7084 dstmac=01:00:5e:de:94:f6 srcmac=01:00:5e:1d:c1:c0 proto=den length=tutla tos=olorema prec=;iades ttl=siarchi srcport=2289 dstport=3920 tcpflags=mqu info=apariat prec=tlabore caller=untmolli engine=remi localip=saute host=ercit2385.internal.home extra=run server=10.47.202.102 cookie=quirat set-cookie=llu", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:2:26-20:15:08 eirure7587.internal.localhost reverseproxy: [mpori] [aaliquaU:medium] [pid 3905:lpaqui] (22)No form context found: [client sitame] No form context found when parsing iadese tag, referer: https://api.example.com/utla/utei.htm?oei=tlabori#oin", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:3:12-03:17:42 data4478.api.lan confd: id=iquipex severity=very-high sys=uradip sub=wri name=bor client=occa facility=stquidol user=itquiin srcip=10.106.239.55 version=1.3129 storage=atevel object=nsecte class=itame type=eumfug attributes=litcount=asun node=estia account=eaq", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:3:26-10:20:16 ctetura3009.www5.corp reverseproxy: [lita] [adeseru:medium] [pid 7692:eaq] amest configured -- corp normal operations", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:4:9-17:22:51 localhost smtpd[1411]: MASTER[inculpa]: QR globally disabled, status one set to 'disabled'", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:4:24-00:25:25 httpproxy[176]: [nse] disk_cache_zap (non) paquioff", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:5:8-07:27:59 ptasnu6684.mail.lan reverseproxy: [orumSe] [boree:low] [pid 945:rQuisau] AH01915: Init: (10.18.13.211:205) You configured ofdeFini(irat) on the onev(aturauto) port!", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:5:22-14:30:33 ssecillu7166.internal.lan barnyard: Initializing daemon mode", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:6:5-21:33:08 ore5643.api.lan reverseproxy: [metco] [acom:high] [pid 2164:nim] ModSecurity: utaliqu compiled version=\"rsi\"; loaded version=\"taliqui\"", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:6:20-04:35:42 ciun39.localdomain reverseproxy: [iatqu] [inBCSedu:high] [pid 4006:rorsit] AH00098: pid file tionemu overwritten -- Unclean shutdown of previous Apache run?", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:7:4-11:38:16 atatnon6064.www.invalid reverseproxy: [magnid] [adol:low] [pid 1263:roide] AH00291: long lost child came home! (pid tem)", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:7:18-18:40:50 gitse2463.www5.invalid aua: id=tvolup severity=low sys=sci sub=col name=web request blocked srcip=10.42.252.243 user=agnaaliq caller=est engine=mquisno", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:8:2-01:43:25 httpproxy[2078]: [mol] sc_server_cmd (umdolors) decrypt failed", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:8:16-08:45:59 oriosam6277.mail.localdomain frox: Listening on 10.169.5.162:6676", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:8:30-15:48:33 ptate3830.internal.localhost reverseproxy: [quamqua] [ntut:high] [pid 5996:meum] AH02572: Failed to configure at least one certificate and key for mini:Loremip", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:9:13-22:51:07 nvo6105.invalid reverseproxy: [amquaer] [aqui:medium] [pid 3340:lpa] AH00020: Configuration Failed, isn", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:9:28-05:53:42 afcd[2492]: Classifier configuration reloaded successfully", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:10:12-12:56:16 edic2758.api.domain confd: id=olabori severity=medium sys=atatnon sub=lica name=secil client=uisnos facility=olores user=scipit srcip=10.54.169.175 version=1.5889 storage=onorumet object=ptatema class=eavolup type=ipsumq attributes=evitcount=tno node=iss account=taspe", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:10:26-19:58:50 aua[32]: id=mmo severity=high sys=tlaboru sub=aeabillo name=checking if admin is enabled srcip=10.26.228.145 user=eruntmo caller=nimve engine=usanti", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:11:10-03:01:24 sshd[2051]: Server listening on 10.59.215.207 port 6195.", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:11:24-10:03:59 ectobeat3157.mail.local reverseproxy: [uasiarch] [Malor:low] [pid 170:cillumdo] AH02312: Fatal error initialising mod_ssl, ditau.", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:12:8-17:06:33 ident2323.internal.corp reverseproxy: [hend] [remagna:high] [pid 873:aparia] AH01909: 10.144.21.112:90:epteurs server certificate does NOT include an ID which matches the server name", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2016:12:23-00:09:07 ttenb4581.www.host httpproxy: [rem] main (exer) shutdown finished, exiting", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:1:6-07:11:41 lapari5763.api.invalid frox: Listening on 10.103.2.48:4713", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:1:20-14:14:16 elites4713.www.localhost ulogd: id=serr severity=very-high sys=olore sub=onemul name=portscan detected action=deny fwrule=remeum seq=etur initf=lo6086 outitf=lo272 dstmac=01:00:5e:51:b9:4d srcmac=01:00:5e:15:3a:74 srcip=10.161.51.135 dstip=10.52.190.18 proto=isni length=quid tos=aUten prec=Duis ttl=uisq srcport=7807 dstport=165 tcpflags=accus info=CSed code=tiu type=wri", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:2:3-21:16:50 sam1795.invalid reverseproxy: [lorese] [olupta:low] [pid 3338:iqui] AH02312: Fatal error initialising mod_ssl, animide.", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:2:18-04:19:24 confd[10]: id=arch severity=high sys=data sub=ugits name=ittenb client=tobeatae facility=ntut user=llum srcip=10.232.108.32 version=1.5240 storage=idolo object=mqu class=mquido type=ende attributes=ntmollitcount=tisu node=ionofdeF account=rsp", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:3:4-11:21:59 nostrum6305.internal.localhost astarosg_TVM: id=llitani severity=high sys=itametco sub=etcons name=web request blocked, forbidden url detectedaction=allow method=iuntN client=utfugi facility=ursintoc user=tio srcip=10.89.41.97 dstip=10.231.116.175 version=1.5146 storage=lup ad_domain=mipsamv object=exeacomm class=sequines type=cto attributes=cusacount=nderi node=tem account=tcustatuscode=eumiu cached=nim profile=pteurs filteraction=ercitati size=835 request=ptat url=https://mail.example.net/velillu/ecatcupi.txt?rsitamet=leumiur#ssequamn referer=https://example.com/taliqui/idi.txt?undeomn=ape#itaspe error=ari authtime=umtot dnstime=onemulla cattime=atquo avscantime=borio fullreqtime=equatD device=uidol auth=inculpa ua=ruredol exceptions=iadeseru group=loremagn category=acons categoryname=nimadmi content-type=lapa reputation=emoenimi application=iquipex app-id=mqu reason=onorume filename=abill file=ametcon extension=ofdeFini time=tasnu function=deny line=tionev message=uasiarch fwrule=velites seq=uredolor initf=lo1543 outitf=lo6683 dstmac=01:00:5e:8c:f2:06 srcmac=01:00:5e:6f:71:02 proto=plica length=asiarc tos=lor prec=;nvolupt ttl=dquia srcport=5334 dstport=1525 tcpflags=umfugiat info=quisnos prec=utf caller=dolor engine=dexe localip=nemul host=Duis583.api.local extra=eavolupt server=10.17.51.153 cookie=aperiame set-cookie=stenat", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:3:18-18:24:33 xeaco7887.www.localdomain aua: id=hite severity=very-high sys=ugitsed sub=dminimve name=Packet accepted srcip=10.137.165.144 user=uptate caller=tot engine=reme", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:4:2-01:27:07 reverseproxy[5430]: ARGS:userPermissions: [\\\\x22dashletAccessAlertingRecentAlertsPanel\\\\x22,\\\\x22dashletAccessAlerterTopAlertsDashlet\\\\x22,\\\\x22accessViewRules\\\\x22,\\\\x22deployLiveResources\\\\x22,\\\\x22vi...\"] [severity [hostname \"iscivel3512.invalid\"] [uri \"atcupi\"] [unique_id \"eriti\"]", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:4:16-08:29:41 sockd[6181]: dante/server 1.202 running", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:4:30-15:32:16 dolor5799.home afcd: Classifier configuration reloaded successfully", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:5:14-22:34:50 oreseosq1859.api.lan reverseproxy: [mmodic] [essequam:low] [pid 6691:ficiade] [client uiinea] [uianonn] virus daemon connection problem found in request https://www5.example.com/dantium/ors.htm?sinto=edi#eumiure, referer: https://example.com/adeser/mSe.gif?aute=rchite#rcit", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:5:29-05:37:24 confd-sync[6908]: id=smoditem severity=very-high sys=tev sub=oNemoeni name=luptatem", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:6:12-12:39:58 autodit272.www.localhost reverseproxy: [oriss] [imadmin:very-high] [pid 1121:urve] ModSecurity: sBonoru compiled version=\"everi\"; loaded version=\"squ\"", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:6:26-19:42:33 rporis6787.www5.localdomain reverseproxy: [quasiarc] [pta:low] [pid 3705:liqu] [client ipsu] AH01114: siarch: failed to make connection to backend: 10.148.21.7", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:7:11-02:45:07 reprehe5661.www.lan reverseproxy: rManage\\\\x22,\\\\x22manageLiveSystemSettings\\\\x22,\\\\x22accessViewJobs\\\\x22,\\\\x22exportList\\\\...\"] [ver \"olor\"] [maturity \"corpo\"] [accuracy \"commod\"] iumd [hostname \"ntore4333.api.invalid\"] [uri \"sitv\"] [unique_id \"equam\"]", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:7:25-09:47:41 exim[2384]: aeca-ugitse-ameiu utei:caecat:lumquid oluptat sequatD163.internal.example [10.151.206.38]:5794 lits", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:8:8-16:50:15 elillu5777.www5.lan pluto: \"elaudant\"[olup] 10.230.4.70 #ncu: starting keying attempt quaturve of an unlimited number", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:8:22-23:52:50 ecatcup3022.mail.invalid xl2tpd: Inherited by nproide", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:9:6-06:55:24 qui7797.www.host ipsec_starter: Starting strongSwan umet IPsec [starter]...", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:9:20-13:57:58 nofdeFin2037.mail.example reverseproxy: [quatD] [nevol:high] [pid 3994:Sectio] [client tiumdol] [laud] cannot read reply: Operation now in progress (115), referer: https://example.org/tquov/natu.jpg?uianonnu=por#nve", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:10:4-21:00:32 sockd[7264]: dante/server 1.3714 running", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:10:19-04:03:07 eFinib2403.api.example reverseproxy: [utaliq] [sun:high] [pid 4074:uredol] [client quatD] [enimad] ecatcu while reading reply from cssd, referer: https://mail.example.org/urautod/eveli.html?rese=nonproi#doconse", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:11:2-11:05:41 confd[4939]: id=acons severity=high sys=adipisc sub=omnisist name=orroqui client=sci facility=psamvolu user=itsedqui srcip=10.244.96.61 version=1.2707 storage=onevol object=ese class=reprehen type=Exce attributes=toccacount=tinvolu node=ecatc account=iumt", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:11:16-18:08:15 named[1900]: reloading eddoei iono", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:12:1-01:10:49 obeatae2042.www.domain reverseproxy: [dquian] [isaute:low] [pid 1853:utfugit] (70007)The ula specified has expired: [client quaUteni] AH01110: error reading response", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:12:15-08:13:24 aerat1267.www5.example pop3proxy: Master started", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2017:12:29-15:15:58 writt2238.internal.localdomain reverseproxy: [uaer] [aed:low] [pid 478:ain] [client scingeli] [uatDuis] mod_avscan_check_file_single_part() called with parameter filename=imip", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:1:12-22:18:32 siutaliq4937.api.lan reverseproxy: [siutaliq] [urvel:very-high] [pid 7721:ntium] [imadmi] Hostname in dquiac request (liquide) does not match the server name (uatD)", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:1:27-05:21:06 URID[7596]: T=BCSedut ------ 1 - [exit] accept: ametco", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:2:10-12:23:41 astarosg_TVM[1090]: id=udex severity=low sys=iam sub=animi name=UDP flood detectedaction=allow method=nsectetu client=spici facility=untutl user=hen srcip=10.214.167.164 dstip=10.76.98.53 version=1.3726 storage=uovolup ad_domain=expl object=animi class=mdoloree type=mullamco attributes=tnulcount=ons node=radip account=amremapstatuscode=dolorsit cached=atisund profile=isnostru filteraction=quepo size=5693 request=nisi url=https://api.example.org/iono/secillum.txt?apariat=tse#enbyCi referer=https://example.com/eetdol/aut.jpg?pitlab=tutlabor#imadmi error=nculp authtime=quamnihi dnstime=nimadmi cattime=mquiado avscantime=agn fullreqtime=dip device=urmag auth=nim ua=laboreet exceptions=tutlabo group=incid category=der categoryname=totamrem content-type=eaqu reputation=itani application=mni app-id=runtmol reason=uaer filename=nor file=saut extension=olest time=volu function=block line=osam message=ncid fwrule=loremagn seq=uisau initf=lo1255 outitf=eth965 dstmac=01:00:5e:2f:c3:3e srcmac=01:00:5e:65:2d:fe proto=ictasun length=iumto tos=ciun prec=;prehe ttl=essec srcport=4562 dstport=2390 tcpflags=uaera info=nsequa prec=yCicero caller=orporis engine=oluptate localip=tesseq host=tenbyCi4371.www5.localdomain extra=spernatu server=10.98.126.206 cookie=tion set-cookie=tNeque", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:2:24-19:26:15 ulogd[6722]: id=persp severity=medium sys=orev sub=lapa name=Packet logged action=allow fwrule=adminim seq=isiutali initf=lo7088 outitf=eth6357 dstmac=01:00:5e:9a:fe:91 srcmac=01:00:5e:78:1a:5a srcip=10.203.157.250 dstip=10.32.236.117 proto=turm length=quamei tos=nvento prec=nama ttl=ema srcport=6585 dstport=5550 tcpflags=xeacomm info=oriosa code=erspici type=oreeu", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:3:11-02:28:49 ectob5542.www5.corp reverseproxy: [agni] [ivelit:high] [pid 7755:uovol] AH00959: ap_proxy_connect_backend disabling worker for (10.231.77.26) for volups", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:3:25-09:31:24 iusmo901.www.home httpd: id=scivelit severity=high sys=untut sub=siu name=Authentication successfulaction=allow method=icons client=hende facility=umdol user=Sedutper srcip=10.2.24.156 dstip=10.113.78.101 version=1.2707 storage=amqua ad_domain=nsequatu object=aboNemoe class=mqu type=tse attributes=ntiumdcount=ueip node=amvo account=dolorsistatuscode=acc cached=quinesc profile=ulpaq filteraction=usa size=5474 request=tob url=https://www.example.org/imipsamv/doeiu.jpg?nderit=ficia#tru referer=https://mail.example.org/natuser/olupt.txt?ipsumqu=nsec#smo error=avolup authtime=litse dnstime=archit cattime=nde avscantime=tNequepo fullreqtime=byCicer device=imvenia auth=ipit ua=tdolorem exceptions=nderitin group=mquiado category=ssequa categoryname=nisist content-type=temvele reputation=ofd application=quam app-id=umdol reason=porincid filename=tisetqu file=pici extension=erit time=ehenderi function=block line=fugiatqu message=Duisaute fwrule=uptat seq=hende initf=lo3680 outitf=lo4358 dstmac=01:00:5e:0a:8f:6c srcmac=01:00:5e:34:8c:d2 proto=mnis length=ainci tos=aturve prec=;tiumdol ttl=mporain srcport=6938 dstport=6939 tcpflags=dut info=aecons prec=tionemu caller=edictasu engine=quipexea localip=orsit host=tenima5715.api.example extra=snisiut server=10.92.93.236 cookie=amr set-cookie=mfug port=7174 query=exerc uid=ntoccae", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:4:8-16:33:58 astarosg_TVM[6463]: id=user severity=low sys=sequamn sub=adeseru name=File extension warned and proceededaction=accept method=mquisn client=ulamcol facility=nulamcol user=atatno srcip=10.180.169.49 dstip=10.206.69.71 version=1.3155 storage=risni ad_domain=ccaecat object=dtemp class=onproid type=ica attributes=mnisiscount=edolor node=nonnumqu account=iscivelistatuscode=urve cached=sundeomn profile=tasu filteraction=equunt size=3144 request=ilmo url=https://mail.example.net/isqua/deF.html?iameaq=orainci#adm referer=https://api.example.org/mremap/ate.htm?tlabor=cidunt#ria error=tessec authtime=cupida dnstime=ciade cattime=busBonor avscantime=enima fullreqtime=emseq device=osamni auth=umetMa ua=equatDui exceptions=its group=setquas category=nti categoryname=osamnis content-type=atisetqu reputation=ciduntut application=atisu app-id=edutpe reason=architec filename=incul file=tevelit extension=emse time=eipsaqua function=cancel line=suntincu message=lore fwrule=equatu seq=enbyCi initf=enp0s566 outitf=lo2179 dstmac=01:00:5e:2c:9d:65 srcmac=01:00:5e:1a:03:f5 proto=orema length=iusmo tos=uunturm prec=;mSect ttl=avolupta srcport=3308 dstport=1402 tcpflags=dolo info=tsed prec=corpori caller=cillumd engine=umdol localip=turmagn host=mni4032.lan extra=amrem server=10.202.65.2 cookie=queporr set-cookie=oide", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:4:22-23:36:32 iscing6960.api.invalid reverseproxy: [emipsu] [incidu:very-high] [pid 5350:itation] SSL Library Error: error:itasper:failure", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:5:7-06:39:06 httpd[793]: [ruredo:success] [pid nculpaq:mides] [client iconseq] ModSecurity: Warning. nidolo [file \"runtmoll\"] [line \"tuserror\"] [id \"utlabo\"] [rev \"scip\"] [msg \"imvenia\"] [severity \"low\"] [ver \"1.6420\"] [maturity \"nisi\"] [accuracy \"seq\"] [tag \"ors\"] [hostname \"olupta3647.host\"] [uri \"uaUteni\"] [unique_id \"gitsedqu\"]amqu", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:5:21-13:41:41 named[6633]: FORMERR resolving 'iavolu7814.www5.localhost': 10.194.12.83#elit", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:6:4-20:44:15 astarosg_TVM[5792]: id=elitess severity=low sys=amqua sub=mavenia name=checking if admin is enabledaction=cancel method=doc client=teurs facility=eturadi user=eturadip srcip=10.33.138.154 dstip=10.254.28.41 version=1.4256 storage=volupta ad_domain=dolor object=dolorsit class=tfugits type=lor attributes=oremcount=utper node=ueips account=umqustatuscode=ntexpli cached=siuta profile=porincid filteraction=itame size=1026 request=fugiat url=https://www5.example.org/etcons/aecatc.jpg?ditem=tut#oditautf referer=https://internal.example.org/eddoei/iatqu.htm?itessec=dat#tdol error=emul authtime=ariatu dnstime=luptate cattime=umdolore avscantime=iutaliq fullreqtime=oriosamn device=oluptate auth=tcu ua=mmodo exceptions=rauto group=lup category=orem categoryname=tutl content-type=iusmo reputation=uiavolu application=eri app-id=pis reason=riosam filename=isa file=nonnum extension=Nemoenim time=itati function=cancel line=nes message=atvolupt fwrule=umwritt seq=uae initf=enp0s3792 outitf=lo2114 dstmac=01:00:5e:24:b8:9f srcmac=01:00:5e:a1:a3:9f proto=bil length=itten tos=icer prec=;dolo ttl=siutaliq srcport=1455 dstport=6937 tcpflags=pexeaco info=ercitati prec=dexea caller=tasnul engine=onu localip=orisnisi host=obea2960.mail.corp extra=dolor server=10.45.12.53 cookie=etdo set-cookie=edictas", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:6:19-03:46:49 frox[7744]: Listening on 10.99.134.49:2274", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:7:3-10:49:23 olli5982.www.test reverseproxy: [asp] [uatDui:medium] [pid 212:unde] [client raut] [suscip] virus daemon error found in request ectetu, referer: https://example.com/ariat/ptatemU.txt?cusan=ueipsaq#upid", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:7:17-17:51:58 nsecte3644.internal.test reverseproxy: [tutla] [isund:high] [pid 3136:uidex] [client uptate] Invalid signature, cookie: JSESSIONID", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:8:1-00:54:32 confd[4157]: id=onseq severity=very-high sys=siutaliq sub=aliqu name=serro client=ctet facility=umiurere user=antium srcip=10.32.85.21 version=1.7852 storage=eaco object=onp class=ectetur type=ione attributes=utlaborecount=nci node=acommodi account=etconsec", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:8:15-07:57:06 econseq7119.www.home sshd: error: Could not get shadow information for NOUSER", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:8:29-14:59:40 ant2543.www5.lan reverseproxy: [uaturve] [lapa:high] [pid 3669:idu] [client sed] [utem] cannot read reply: Operation now in progress (115), referer: https://example.com/oremagn/ehenderi.htm?mdolo=ionul#oeiusmo", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:9:12-22:02:15 pluto[7138]: | sent accept notification olore with seqno = urEx", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:9:27-05:04:49 httpd[6562]: id=iurere severity=medium sys=erc sub=atu name=http accessaction=accept method=odte client=uis facility=sedquia user=reetd srcip=10.210.175.52 dstip=10.87.14.186 version=1.7641 storage=tasu ad_domain=mquae object=CSedu class=atae type=aeconseq attributes=boNemocount=duntutla node=mqu account=inimastatuscode=emipsum cached=venia profile=Loremi filteraction=uisnostr size=849 request=vol url=https://internal.example.com/ritat/dipi.jpg?aliquide=aliqui#agnaaliq referer=https://api.example.org/Bonorume/emeumfu.txt?iuntNequ=ender#quid error=mipsa authtime=teturad dnstime=nimide cattime=spernat avscantime=nevolu fullreqtime=itectobe device=rroq auth=itessequ ua=uunt exceptions=pic group=unt category=emUt categoryname=eiru content-type=sauteir reputation=pic application=caecatc app-id=iarc reason=emquia filename=duntutl file=idi extension=reetdo time=pidatatn function=cancel line=ncul message=mcorpor fwrule=ofd seq=lapariat initf=eth65 outitf=lo3615 dstmac=01:00:5e:b3:e3:90 srcmac=01:00:5e:0e:b3:8e proto=consequ length=min tos=riame prec=;gnaal ttl=nti srcport=1125 dstport=605 tcpflags=utlab info=colabo prec=ditem caller=did engine=BCS localip=idex host=nisiuta4810.api.test extra=apa server=10.85.200.58 cookie=esse set-cookie=idexeac port=2294 query=iatquovo uid=rExce", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:10:11-12:07:23 itametc1599.api.test ulogd: id=itaedi severity=low sys=ore sub=ips name=Authentication successful action=block fwrule=iamqu seq=aboN initf=eth2679 outitf=enp0s1164 dstmac=01:00:5e:c3:8a:24 srcmac=01:00:5e:5a:9d:a9 srcip=10.133.45.45 dstip=10.115.166.48 proto=utaliq length=icer tos=essequ prec=oeiu ttl=nsequa srcport=4180 dstport=4884 tcpflags=squa info=etM code=eve type=iru", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:10:25-19:09:57 tiumt5462.mail.localhost sshd: Invalid user admin from runt", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:11:9-02:12:32 vol1450.internal.host sshd: Server listening on 10.71.184.162 port 3506.", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:11:23-09:15:06 ipsec_starter[178]: IP address or index of physical interface changed -\u003e reinit of ipsec interface", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:12:7-16:17:40 rporissu573.api.test reverseproxy: [exercita] [emaperi:very-high] [pid 5943:ddoei] AH02312: Fatal error initialising mod_ssl, nihi.", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2018:12:21-23:20:14 nostru774.corp URID: T=tatnonp ------ 1 - [exit] allow: natuserr", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:1:5-06:22:49 ipsec_starter[6226]: IP address or index of physical interface changed -\u003e reinit of ipsec interface", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:1:19-13:25:23 httpd[5037]: [iadese:unknown] [pid isundeo:emq] [client rehender] ModSecurity: Warning. uat [file \"apa\"] [line \"tani\"] [id \"per\"] [rev \"ngelitse\"] [msg \"olorsita\"] [severity \"medium\"] [ver \"1.7102\"] [maturity \"apariat\"] [accuracy \"iuntNequ\"] [tag \"rExc\"] [hostname \"lorsita2216.www5.example\"] [uri \"turvelil\"] [unique_id \"velitsed\"]rau", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:2:2-20:27:57 sum2208.host reverseproxy: [eir] [nia:medium] [pid 4346:mco] [client ritinvol] [quioffi] mod_avscan_check_file_single_part() called with parameter filename=quamquae", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:2:17-03:30:32 ore6843.local reverseproxy: [usmodite] [aveniam:medium] [pid 5126:xplicab] [client taev] No signature found, cookie: dictasu", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:3:3-10:33:06 Sedu1610.mail.corp reverseproxy: [audant] [porr:medium] [pid 7442:tation] [client uunturma] AH01114: cons: failed to make connection to backend: 10.177.35.133", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:3:17-17:35:40 corpo6737.example reverseproxy: [officiad] [aliquide:very-high] [pid 6600:errorsi] [client raincidu] [orincidi] cannot connect: failure (111)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:4:1-00:38:14 pop3proxy[6854]: Master started", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:4:15-07:40:49 eratvol314.www.home pop3proxy: Master started", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:4:29-14:43:23 utemvele1838.mail.test reverseproxy: [xplicabo] [aco:high] [pid 2389:ratione] [client nrepr] ModSecurity: Warning. uipex [file \"alorumw\"] [line \"nibus\"] [id \"eiusmo\"] [msg \"rci\"] [hostname \"seosquir715.local\"] [uri \"ercitati\"] [unique_id \"uiration\"]", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:5:13-21:45:57 ulapari2656.local reverseproxy: [itessec] [non:very-high] [pid 2237:licaboN] [client nvol] [moenimip] cannot connect: failure (111)", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:5:28-04:48:31 reverseproxy[4278]: [ritat] [iscinge:very-high] [pid 4264:rroquisq] [client tnonpro] [nimv] erunt while reading reply from cssd, referer: https://example.org/etcon/ipitlab.gif?utlabore=suscipi#tlabor", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:6:11-11:51:06 URID[7418]: T=xer ------ 1 - [exit] cancel: onemul", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:6:25-18:53:40 pluto[7201]: | handling event ips for 10.165.217.56 \"econse\" #otamr", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:7:10-01:56:14 stla2856.host reverseproxy: [onpro] [adolo:very-high] [pid 7766:siste] ModSecurity for Apache/nisiut (ostr) configured.", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:7:24-08:58:48 peri6748.www5.domain reverseproxy: [cingeli] [esseq:high] [pid 2404:aquae] AH00098: pid file otamrema overwritten -- Unclean shutdown of previous Apache run?", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:8:7-16:01:23 tnon5442.internal.test reverseproxy: [ive] [tquido:very-high] [pid 6108:taliquip] AH00295: caught accept, ectetu", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:8:21-23:03:57 ariatu2606.www.host reverseproxy: [quamestq] [umquid:very-high] [pid 7690:rem] [client its] [inv] not all the file sent to the client: rin, referer: https://example.org/tation/tutlabo.jpg?amvo=ullamco#tati", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:9:5-06:06:31 imv1805.api.host ulogd: id=oenim severity=very-high sys=iaturExc sub=orsit name=ICMP flood detected action=cancel fwrule=eos seq=quameius initf=lo4665 outitf=lo3422 dstmac=01:00:5e:d6:f3:bc srcmac=01:00:5e:87:02:08 srcip=10.96.243.231 dstip=10.248.62.55 proto=ugiat length=quiin tos=apar prec=eleumiur ttl=chite srcport=5632 dstport=4206 tcpflags=tevelit info=etc code=lorem type=temvele", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:9:19-13:09:05 rita600.www5.localdomain reverseproxy: [ini] [elite:high] [pid 7650:mnisiut] AH00959: ap_proxy_connect_backend disabling worker for (10.132.101.158) for cipitlabs", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:10:3-20:11:40 sshd[2014]: Did not receive identification string from rroq", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:10:18-03:14:14 admini1122.www.local reverseproxy: [ritte] [umwritte:very-high] [pid 1817:atu] (13)failure: [client vol] AH01095: prefetch request body failed to 10.96.193.132:5342 (orumwr) from bori ()", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:11:1-10:16:48 confd[2475]: id=utaliqu severity=low sys=xplicabo sub=quamni name=dol client=sisten facility=remeumf user=acommod srcip=10.96.200.83 version=1.7416 storage=sper object=asia class=roident type=olorem attributes=teursintcount=evelites node=nostr account=lapariat", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:11:15-17:19:22 emvel4391.localhost sshd: Did not receive identification string from quelaud", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:11:30-00:21:57 confd-sync[5454]: id=smodite severity=high sys=utpersp sub=rnatu name=ico", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "2019:12:14-07:24:31 untinc5531.www5.test sshd: error: Could not get shadow information for NOUSER", "tags": [ diff --git a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json index f983d64c2a3..c6c71826d49 100644 --- a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json +++ b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json @@ -20,7 +20,7 @@ "port": 51130 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml b/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml index 0ccb6ce73ab..81468fe556d 100644 --- a/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Sophos UTM (formerly Astaro Security Gateway). processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - gsub: field: destination.mac ignore_missing: true diff --git a/packages/sophos/data_stream/utm/sample_event.json b/packages/sophos/data_stream/utm/sample_event.json index 0808f72f59b..5dbfab0f643 100644 --- a/packages/sophos/data_stream/utm/sample_event.json +++ b/packages/sophos/data_stream/utm/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "9a015053-a5c0-4959-99ab-2b6556a2a396", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log-expected.json index cdef7a397ab..e91fefc56db 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -221,7 +221,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -324,7 +324,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -429,7 +429,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -534,7 +534,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -639,7 +639,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -847,7 +847,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -943,7 +943,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Dos", @@ -1028,7 +1028,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1132,7 +1132,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1236,7 +1236,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1342,7 +1342,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1445,7 +1445,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1546,7 +1546,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1649,7 +1649,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1752,7 +1752,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1853,7 +1853,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log-expected.json index 67387f728ec..36f2afb5c27 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log-expected.json @@ -8,7 +8,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Virus", @@ -97,7 +97,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log-expected.json index 1ac2f969c48..8b5cba80bd7 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -117,7 +117,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log-expected.json index 2982c294b8e..2b83d2489a3 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log-expected.json @@ -23,7 +23,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Virus", @@ -119,7 +119,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Virus", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log-expected.json index affebaca3e1..31f8a80942c 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log-expected.json @@ -19,7 +19,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "alert", @@ -105,7 +105,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log-expected.json index ba8b2c98ff7..c12b93bd904 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-01-31T18:13:38.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -76,7 +76,7 @@ { "@timestamp": "2017-03-15T14:33:37.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -145,7 +145,7 @@ { "@timestamp": "2017-03-15T17:23:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log-expected.json index edf07082e4c..9327ac4590f 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log-expected.json @@ -20,7 +20,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -115,7 +115,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -218,7 +218,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -326,7 +326,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -434,7 +434,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -543,7 +543,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -651,7 +651,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "warned", @@ -757,7 +757,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log-expected.json index a376ec7bcf2..86f0d35b1f5 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "alert", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log-expected.json index fdb41327d9d..20ac71618ce 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log-expected.json @@ -24,7 +24,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -169,7 +169,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -286,7 +286,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -388,7 +388,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -505,7 +505,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -608,7 +608,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -716,7 +716,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -810,7 +810,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -902,7 +902,7 @@ "port": 137 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -1002,7 +1002,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -1102,7 +1102,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -1203,7 +1203,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -1298,7 +1298,7 @@ "port": 547 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -1412,7 +1412,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -1507,7 +1507,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -1595,7 +1595,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log-expected.json index 2a1d0ecc27f..72acbc9bc88 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log-expected.json @@ -7,7 +7,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "detect", @@ -89,7 +89,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -171,7 +171,7 @@ "port": 111 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "detect", @@ -253,7 +253,7 @@ "port": 40575 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log-expected.json index 31453e52bcc..6561b4d887b 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2016-12-02T18:27:55.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Allowed", @@ -63,7 +63,7 @@ "domain": "floater.baldrys.ca" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Allowed", @@ -145,7 +145,7 @@ "domain": "ta-web-static.qa.astaro.de" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Denied", @@ -229,7 +229,7 @@ "domain": "floater.baldrys.ca" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Pending", @@ -312,7 +312,7 @@ "domain": "floater.baldrys.ca" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Pending", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log-expected.json index 0269dfce7a1..963d0a949b5 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18031", @@ -49,7 +49,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18031", @@ -96,7 +96,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18031", @@ -147,7 +147,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18031", @@ -194,7 +194,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18031", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log-expected.json index c92b42e813a..2e1512f31c5 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-02-01T14:17:35.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18011", @@ -50,7 +50,7 @@ { "@timestamp": "2017-02-01T14:19:47.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18011", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json index f775a98750e..617daa24601 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json @@ -10,7 +10,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -117,7 +117,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -243,7 +243,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -371,7 +371,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -487,7 +487,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -592,7 +592,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -697,7 +697,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -802,7 +802,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -902,7 +902,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Dos", @@ -987,7 +987,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1091,7 +1091,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1206,7 +1206,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Virus", @@ -1327,7 +1327,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Virus", @@ -1451,7 +1451,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1580,7 +1580,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1697,7 +1697,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1803,7 +1803,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "email": { "from": { @@ -1906,7 +1906,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Virus", @@ -1994,7 +1994,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Allowed", @@ -2088,7 +2088,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -2181,7 +2181,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -2285,7 +2285,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -2389,7 +2389,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "alert", @@ -2477,7 +2477,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2582,7 +2582,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -2691,7 +2691,7 @@ "port": 5228 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -2797,7 +2797,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2912,7 +2912,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -3029,7 +3029,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3139,7 +3139,7 @@ { "@timestamp": "2016-12-02T18:50:20.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "alert", @@ -3220,7 +3220,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "warned", @@ -3326,7 +3326,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3418,7 +3418,7 @@ { "@timestamp": "2020-05-18T14:38:57.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -3518,7 +3518,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18055", @@ -3591,7 +3591,7 @@ { "@timestamp": "2020-05-18T14:38:59.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18057", @@ -3637,7 +3637,7 @@ { "@timestamp": "2020-05-18T14:39:00.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -3718,7 +3718,7 @@ { "@timestamp": "2020-05-18T14:39:01.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -3772,7 +3772,7 @@ { "@timestamp": "2020-05-18T14:39:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "60022", @@ -3819,7 +3819,7 @@ { "@timestamp": "2020-05-18T14:39:03.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -3903,7 +3903,7 @@ "bytes": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "17824", @@ -3961,7 +3961,7 @@ { "@timestamp": "2020-05-18T14:39:05.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -4039,7 +4039,7 @@ { "@timestamp": "2020-05-18T14:39:06.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18017", @@ -4086,7 +4086,7 @@ { "@timestamp": "2020-05-18T14:39:07.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "17502", @@ -4144,7 +4144,7 @@ { "@timestamp": "2020-05-18T14:39:08.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "17507", @@ -4214,7 +4214,7 @@ { "@timestamp": "2020-05-18T14:39:09.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "17818", @@ -4261,7 +4261,7 @@ { "@timestamp": "2020-05-18T14:39:10.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "17923", @@ -4309,7 +4309,7 @@ "bytes": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -4388,7 +4388,7 @@ "bytes": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18014", @@ -4445,7 +4445,7 @@ "bytes": 31488 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18015", @@ -4502,7 +4502,7 @@ "bytes": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18016", @@ -4556,7 +4556,7 @@ { "@timestamp": "2018-06-06T11:12:10.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "17815", @@ -4624,7 +4624,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4767,7 +4767,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4910,7 +4910,7 @@ "port": 4980 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -5027,7 +5027,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -5153,7 +5153,7 @@ "port": 18 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -5265,7 +5265,7 @@ "port": 1109 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -5392,7 +5392,7 @@ "port": 64465 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -5506,7 +5506,7 @@ "port": 56267 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -5618,7 +5618,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5754,7 +5754,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5868,7 +5868,7 @@ "port": 88 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -6006,7 +6006,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -6100,7 +6100,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -6192,7 +6192,7 @@ "port": 137 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -6292,7 +6292,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -6392,7 +6392,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -6499,7 +6499,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -6594,7 +6594,7 @@ "port": 547 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -6693,7 +6693,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -6806,7 +6806,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -6916,7 +6916,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -7021,7 +7021,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -7126,7 +7126,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -7219,7 +7219,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "detect", @@ -7301,7 +7301,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", @@ -7379,7 +7379,7 @@ { "@timestamp": "2017-01-31T14:52:11.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Allowed", @@ -7436,7 +7436,7 @@ { "@timestamp": "2017-01-31T14:52:11.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Denied", @@ -7514,7 +7514,7 @@ { "@timestamp": "2017-01-31T15:28:25.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Allowed", @@ -7574,7 +7574,7 @@ "ip": "10.198.241.50" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Pending", @@ -7658,7 +7658,7 @@ "ip": "10.198.241.50" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Denied", @@ -7743,7 +7743,7 @@ "domain": "sophostest.com" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Denied", @@ -7846,7 +7846,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -7950,7 +7950,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -8043,7 +8043,7 @@ "ip": "10.198.233.48" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -8132,7 +8132,7 @@ "ip": "10.198.233.48" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -8236,7 +8236,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -8324,7 +8324,7 @@ { "@timestamp": "2017-02-01T14:17:35.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18011", @@ -8371,7 +8371,7 @@ { "@timestamp": "2017-02-01T14:19:47.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "18011", @@ -8444,7 +8444,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -8582,7 +8582,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json index 7f64175ef71..d908a6057df 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json @@ -7,7 +7,7 @@ "port": 22083 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -106,7 +106,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -220,7 +220,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -334,7 +334,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -448,7 +448,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -568,7 +568,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -683,7 +683,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -797,7 +797,7 @@ "port": 8089 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -919,7 +919,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1033,7 +1033,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1154,7 +1154,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1276,7 +1276,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1390,7 +1390,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1489,7 +1489,7 @@ "port": 8089 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1603,7 +1603,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1717,7 +1717,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1831,7 +1831,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1944,7 +1944,7 @@ "port": 4000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -2043,7 +2043,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2163,7 +2163,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2277,7 +2277,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2396,7 +2396,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2515,7 +2515,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2629,7 +2629,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2749,7 +2749,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2863,7 +2863,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2980,7 +2980,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3095,7 +3095,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3191,7 +3191,7 @@ "port": 8089 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3305,7 +3305,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3419,7 +3419,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3533,7 +3533,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3647,7 +3647,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3762,7 +3762,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3876,7 +3876,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3991,7 +3991,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4111,7 +4111,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4225,7 +4225,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4339,7 +4339,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4453,7 +4453,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4567,7 +4567,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4681,7 +4681,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4795,7 +4795,7 @@ "port": 8089 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4917,7 +4917,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5031,7 +5031,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5145,7 +5145,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5259,7 +5259,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5374,7 +5374,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5494,7 +5494,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5608,7 +5608,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json index e4075405771..c86f142b2c1 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-16T02:52:23.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "60020", @@ -55,7 +55,7 @@ { "@timestamp": "2021-11-16T02:57:56.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "60020", @@ -107,7 +107,7 @@ { "@timestamp": "2021-11-16T03:04:08.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "code": "60020", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json index 73ce66c56e2..a73771c70d1 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json @@ -26,7 +26,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -144,7 +144,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -262,7 +262,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -381,7 +381,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -505,7 +505,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -606,7 +606,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -707,7 +707,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -826,7 +826,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -950,7 +950,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -1051,7 +1051,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1151,7 +1151,7 @@ "port": 22083 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1251,7 +1251,7 @@ "port": 22083 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1368,7 +1368,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -1471,7 +1471,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1595,7 +1595,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1714,7 +1714,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1838,7 +1838,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -1958,7 +1958,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2082,7 +2082,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "denied", @@ -2185,7 +2185,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2292,7 +2292,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2414,7 +2414,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2531,7 +2531,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2651,7 +2651,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2758,7 +2758,7 @@ "port": 9988 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2871,7 +2871,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -2988,7 +2988,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3107,7 +3107,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3234,7 +3234,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3364,7 +3364,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3488,7 +3488,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3607,7 +3607,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3714,7 +3714,7 @@ "port": 8089 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3834,7 +3834,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -3962,7 +3962,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4081,7 +4081,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4207,7 +4207,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4331,7 +4331,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4450,7 +4450,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4575,7 +4575,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4694,7 +4694,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4818,7 +4818,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -4935,7 +4935,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5053,7 +5053,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5173,7 +5173,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5302,7 +5302,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5419,7 +5419,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5538,7 +5538,7 @@ "packets": 2 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5663,7 +5663,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", @@ -5785,7 +5785,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml index f17e9346404..9bdb6080444 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Sophos XG firewall logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.original diff --git a/packages/sophos/data_stream/xg/sample_event.json b/packages/sophos/data_stream/xg/sample_event.json index 3d6e8025ff3..ddf5f486457 100644 --- a/packages/sophos/data_stream/xg/sample_event.json +++ b/packages/sophos/data_stream/xg/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "dee3c982-4bd2-4c06-b207-fe0ce9ef19c5", diff --git a/packages/sophos/docs/README.md b/packages/sophos/docs/README.md index 2c688f303f4..5200f72e4b6 100644 --- a/packages/sophos/docs/README.md +++ b/packages/sophos/docs/README.md @@ -862,7 +862,7 @@ An example event for `xg` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "dee3c982-4bd2-4c06-b207-fe0ce9ef19c5", diff --git a/packages/sophos/manifest.yml b/packages/sophos/manifest.yml index edc91b80221..513b95bfb23 100644 --- a/packages/sophos/manifest.yml +++ b/packages/sophos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sophos title: Sophos Logs -version: 2.2.2 +version: "2.3.0" description: Collect and parse logs from Sophos Products with Elastic Agent. categories: ["security"] release: ga diff --git a/packages/squid/_dev/build/build.yml b/packages/squid/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/squid/_dev/build/build.yml +++ b/packages/squid/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/squid/changelog.yml b/packages/squid/changelog.yml index 6170e02fe30..2dc953acdce 100644 --- a/packages/squid/changelog.yml +++ b/packages/squid/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json b/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json index c0c6c543bbe..b5ac0ea4448 100644 --- a/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json +++ b/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689312.049 5006 10.105.21.199 TCP_MISS/200 19763 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689320.327 2864 10.105.21.199 TCP_MISS/200 10182 GET http://www.goonernews.com/ badeyek DIRECT/207.58.145.61 text/html", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689320.343 1357 10.105.21.199 TCP_REFRESH_HIT/304 214 GET http://www.goonernews.com/styles.css badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689321.315 1 10.105.21.199 TCP_HIT/200 1464 GET http://www.goonernews.com/styles.css badeyek NONE/- text/css", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689322.780 1464 10.105.21.199 TCP_HIT/200 5626 GET http://www.google-analytics.com/urchin.js badeyek NONE/- text/javascript", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689323.718 3856 10.105.21.199 TCP_MISS/200 30169 GET http://www.goonernews.com/ badeyek DIRECT/207.58.145.61 text/html", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689324.156 1372 10.105.21.199 TCP_MISS/200 399 GET http://www.google-analytics.com/__utm.gif? badeyek DIRECT/66.102.9.147 image/gif", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689324.266 1457 10.105.21.199 TCP_REFRESH_HIT/304 215 GET http://www.goonernews.com/graphics/newslogo.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689324.281 1465 10.105.21.199 TCP_REFRESH_HIT/304 215 GET http://www.goonernews.com/shop/arsenal_shop_ad.jpg badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689325.734 1452 10.105.21.199 TCP_REFRESH_HIT/304 214 GET http://www.goonernews.com/flags/FUS.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689325.736 2 10.105.21.199 TCP_HIT/200 1353 GET http://www.goonernews.com/flags/FGB.gif badeyek NONE/- image/gif", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689325.953 2603 10.105.21.199 TCP_MISS/200 1013 GET http://as.casalemedia.com/s? badeyek DIRECT/209.85.16.38 text/html", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689326.703 4459 10.105.21.199 TCP_MISS/200 1845 CONNECT us.bc.yahoo.com:443 badeyek DIRECT/68.142.213.132 -", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689327.312 1356 10.105.21.199 TCP_MISS/302 729 GET http://impgb.tradedoubler.com/imp/img/16349696/992098 badeyek DIRECT/217.212.240.172 text/html", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689327.751 3484 10.105.21.199 TCP_MISS/200 1577 GET http://4.adbrite.com/mb/text_group.php? badeyek DIRECT/206.169.136.22 text/html", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689327.803 9 10.105.21.199 TCP_HIT/200 1353 GET http://www.goonernews.com/flags/FFR.gif badeyek NONE/- image/gif", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689329.234 1431 10.105.21.199 TCP_REFRESH_HIT/304 214 GET http://www.goonernews.com/flags/FAU.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689329.280 1414 10.105.21.199 TCP_REFRESH_HIT/304 213 GET http://www.goonernews.com/graphics/spacer.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689330.920 1686 10.105.21.199 TCP_MISS/200 1784 GET http://4.adbrite.com/mb/text_group.php? badeyek DIRECT/64.127.126.178 text/html", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689331.313 3997 10.105.21.199 TCP_MISS/302 851 GET http://ff.connextra.com/Ladbrokes/selector/image? badeyek DIRECT/213.160.98.161 -", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689335.275 3962 10.105.21.199 TCP_MISS/200 30904 GET http://dd.connextra.com/servlet/controller? badeyek DIRECT/213.160.98.160 image/gif", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689337.481 4 10.105.47.218 TCP_DENIED/407 1661 GET http://hi5.com/ - NONE/- text/html", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689342.757 3657 10.105.21.199 TCP_MISS/200 12569 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689343.106 1 10.105.33.214 TCP_DENIED/407 1752 GET http://update.messenger.yahoo.com/msgrcli7.html - NONE/- text/html", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689343.782 1371 10.105.33.214 TCP_MISS/200 484 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689344.736 4969 10.105.47.218 TCP_MISS/200 29359 GET http://hi5.com/ nazsoau DIRECT/204.13.51.238 text/html", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689344.798 1631 10.105.47.218 TCP_MISS/200 5930 GET http://hi5.com/friend/styles/homepage.css nazsoau DIRECT/204.13.51.238 text/css", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689345.641 1810 10.105.33.214 TCP_MISS/200 1645 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689346.267 880 10.105.37.58 TCP_DENIED/407 1812 GET http://rms.adobe.com/read/0600/win_/ENU/read0600win_ENUadbe0000.xml - NONE/- text/html", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689347.190 10 10.105.47.218 TCP_IMS_HIT/304 217 GET http://images.hi5.com/styles/style.css nazsoau NONE/- text/css", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689347.307 116 10.105.47.218 TCP_IMS_HIT/304 217 GET http://images.hi5.com/friend/styles/buttons_en_us.css nazsoau NONE/- text/css", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689347.751 6160 10.105.47.218 TCP_MISS/200 27799 GET http://hi5.com/ nazsoau DIRECT/204.13.51.238 text/html", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689349.064 1758 10.105.47.218 TCP_MISS/200 4470 GET http://hi5.com/friend/styles/headernav.css nazsoau DIRECT/204.13.51.238 text/css", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689350.829 1393 10.105.33.214 TCP_MISS/200 382 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689353.439 3667 10.105.33.214 TCP_MISS/200 24095 GET http://insider.msg.yahoo.com/? adeolaegbedokun DIRECT/68.142.194.14 text/html", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689353.939 4899 10.105.33.214 TCP_MISS/200 22964 GET http://radio.launch.yahoo.com/radio/play/playmessenger.asp adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689354.877 1349 10.105.33.214 TCP_MISS/200 646 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689355.517 1578 10.105.33.214 TCP_MISS/200 699 GET http://address.yahoo.com/yab/us? adeolaegbedokun DIRECT/209.191.93.51 text/xml", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689356.907 6741 10.105.21.199 TCP_MISS/302 734 GET http://fxfeeds.mozilla.org/rss20.xml badeyek DIRECT/63.245.209.21 text/html", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689357.267 6424 10.105.33.214 TCP_MISS/200 31400 GET http://insider.msg.yahoo.com/ycontent/? adeolaegbedokun DIRECT/68.142.231.252 text/xml", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689357.720 2831 10.105.33.214 TCP_MISS/200 21152 GET http://insider.msg.yahoo.com/ycontent/? adeolaegbedokun DIRECT/68.142.194.14 text/xml", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689358.173 1 10.105.37.17 TCP_DENIED/407 1667 CONNECT us.mcafee.com:443 - NONE/- text/html", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689358.174 0 10.105.37.17 TCP_DENIED/407 1767 POST http://us.mcafee.com/apps/agent/submgr/appinstru.asp - NONE/- text/html", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689358.174 0 10.105.37.17 TCP_DENIED/407 1761 POST http://us.mcafee.com/apps/agent/submgr/appsync.asp - NONE/- text/html", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689358.226 0 10.105.37.17 TCP_DENIED/407 1667 CONNECT us.mcafee.com:443 - NONE/- text/html", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689358.486 711 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/btn_stations.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689358.683 0 10.105.37.17 TCP_DENIED/407 1667 CONNECT us.mcafee.com:443 - NONE/- text/html", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689359.199 713 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/btn_stations_over.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689359.269 1982 10.105.33.214 TCP_MISS/200 362 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689359.924 725 10.105.33.214 TCP_REFRESH_HIT/304 511 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_left.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689360.611 687 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/launchcast_radio.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689360.980 1 10.105.47.191 TCP_DENIED/407 1767 POST http://us.mcafee.com/apps/agent/submgr/appinstru.asp - NONE/- text/html", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689361.188 1 10.105.47.191 TCP_DENIED/407 1761 POST http://us.mcafee.com/apps/agent/submgr/appsync.asp - NONE/- text/html", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689361.393 783 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_right.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689361.564 2242 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_center.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689362.220 827 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_controls_off.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689362.315 751 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/common_radio/resources/images/t.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689362.318 3 10.105.33.214 TCP_IMS_HIT/304 218 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/btn_off_state_station.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689362.332 13 10.105.33.214 TCP_IMS_HIT/304 218 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_controls_fill.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689362.341 8 10.105.33.214 TCP_HIT/200 2263 GET http://us.i1.yimg.com/us.yimg.com/i/us/toolbar50x50.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689363.423 6517 10.105.21.199 TCP_REFRESH_MISS/200 17396 GET http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml badeyek DIRECT/212.58.226.33 application/xml", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689364.361 2140 10.105.33.214 TCP_MISS/200 407 GET http://insider.msg.yahoo.com/ycontent/beacon.php adeolaegbedokun DIRECT/68.142.231.252 image/gif", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689364.402 7 10.105.33.214 TCP_IMS_HIT/304 219 GET http://us.ent1.yimg.com/images.launch.yahoo.com/000/032/457/32457654.jpg adeolaegbedokun NONE/- image/jpeg", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689364.411 8 10.105.33.214 TCP_HIT/200 10593 GET http://us.news1.yimg.com/us.yimg.com/p/ap/20060906/thumb.71d29ded334347c48ac88433d033c9a9.pakistan_bin_laden_nyol440.jpg adeolaegbedokun NONE/- image/jpeg", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689365.312 2420 10.105.33.214 TCP_MISS/302 1270 POST http://radio.launch.yahoo.com/radio/play/authplay.asp adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689366.377 1966 10.105.33.214 TCP_MISS/200 10519 GET http://us.news1.yimg.com/us.yimg.com/p/ap/20060908/thumb.443f57762d7349669f609fbf0c97a5f1.academy_awards_host_cacp101.jpg adeolaegbedokun DIRECT/213.160.98.159 image/jpeg", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689368.080 1703 10.105.33.214 TCP_MISS/200 515 GET http://radio.music.yahoo.com/radio/player/ymsgr/initstationfeed.asp? adeolaegbedokun DIRECT/68.142.219.132 text/xml", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689368.370 3057 10.105.33.214 TCP_MISS/200 14411 GET http://radio.music.yahoo.com/radio/player/ymsgr/initstationfeed.asp? adeolaegbedokun DIRECT/68.142.219.132 text/xml", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689368.889 808 10.105.33.214 TCP_MISS/200 1627 GET http://radio.launch.yahoo.com/radio/play/authplay.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689369.097 1226 10.105.37.65 TCP_DENIED/407 1728 GET http://natrocket.kmip.net:5288/iesocks? - NONE/- text/html", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689369.702 0 10.105.37.65 TCP_DENIED/407 1725 GET http://natrocket.kmip.net:5288/return? - NONE/- text/html", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689370.125 1202 10.105.33.214 TCP_MISS/200 13124 GET http://us.news1.yimg.com/us.yimg.com/p/ap/20060907/thumb.1caf18e56db54eafb16da58356eb3382.amazon_com_online_video_watw101.jpg adeolaegbedokun DIRECT/213.160.98.159 image/jpeg", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689370.862 736 10.105.33.214 TCP_MISS/302 912 GET http://radio.launch.yahoo.com/radio/clientdata/515/starter.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689371.690 828 10.105.33.214 TCP_MISS/200 1450 GET http://radio.launch.yahoo.com/radio/player/default.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689371.987 3617 10.105.33.214 TCP_MISS/200 30432 GET http://us.a2.yimg.com/us.yimg.com/a/ya/yahoo_messenger/081106_lrec_msgr_interophitchhiker.swf? adeolaegbedokun DIRECT/213.160.98.152 application/x-shockwave-flash", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689373.315 1626 10.105.33.214 TCP_MISS/200 14643 GET http://radio.launch.yahoo.com/radio/player/stickwall.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689374.065 2078 10.105.33.214 TCP_MISS/200 425 GET http://us.bc.yahoo.com/b? adeolaegbedokun DIRECT/68.142.213.132 image/gif", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689376.221 2130 10.105.33.214 TCP_MISS/200 407 GET http://insider.msg.yahoo.com/ycontent/beacon.php;_ylc=X1MDNTcwMzAyODMEX3IDMgRldnQDdDAEaW50bAN1cwR2ZXIDNywwLDIsMTIw? adeolaegbedokun DIRECT/68.142.194.14 image/gif", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689377.171 3412 10.105.33.214 TCP_MISS/200 1476 CONNECT pclick.internal.yahoo.com:443 adeolaegbedokun DIRECT/216.109.124.55 -", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689377.191 11 10.105.33.214 TCP_IMS_HIT/304 233 GET http://a1568.g.akamai.net/7/1568/1600/20051025184124/radio.launch.yahoo.com/radioapi/includes/js/compVersionedJS/rapiBridge_1_4.js adeolaegbedokun NONE/- application/x-javascript", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689377.424 1159 10.105.33.214 TCP_MISS/304 236 GET http://a1568.g.akamai.net/7/1568/1600/20040405222754/radio.launch.yahoo.com/radio/clientdata/515/other.css adeolaegbedokun DIRECT/213.160.98.159 text/css", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689378.221 797 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_left.gif adeolaegbedokun DIRECT/213.160.98.159 image/gif", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689378.473 3288 10.105.21.199 TCP_MISS/200 2681 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689378.909 1405 10.105.33.214 TCP_MISS/304 136 GET http://a1568.g.akamai.net/7/1568/1600/20050829181418/radio.launch.yahoo.com/radio/common_radio/resources/images/noaccess_msgr_uk.gif adeolaegbedokun DIRECT/213.160.98.167 -", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689378.924 702 10.105.33.214 TCP_MISS/304 237 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_right.gif adeolaegbedokun DIRECT/213.160.98.159 image/gif", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689378.929 4 10.105.33.214 TCP_IMS_HIT/304 218 GET http://a1568.g.akamai.net/7/1568/1600/20040405222807/radio.launch.yahoo.com/radio/common_radio/resources/images/t.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689379.472 563 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_controls_off.gif adeolaegbedokun DIRECT/213.160.98.167 image/gif", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689379.488 560 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222756/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_center.gif adeolaegbedokun DIRECT/213.160.98.159 image/gif", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689380.159 685 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_controls_fill.gif adeolaegbedokun DIRECT/213.160.98.167 image/gif", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689381.267 1 10.105.37.180 TCP_DENIED/407 1728 GET http://www.google.com/supported_domains - NONE/- text/html", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689381.659 0 10.105.47.191 TCP_DENIED/407 1782 GET http://us.mcafee.com/apps/agent/en-us/agent5/chknews.asp? - NONE/- text/html", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689381.660 2171 10.105.33.214 TCP_MISS/200 449 GET http://launch.adserver.yahoo.com/l? adeolaegbedokun DIRECT/216.109.125.112 image/gif", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689382.173 3700 10.105.21.199 TCP_MISS/200 11746 GET http://uk.f250.mail.yahoo.com/dc/launch? badeyek DIRECT/217.12.10.96 text/html", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689382.622 1 10.105.37.180 TCP_DENIED/407 1670 CONNECT login.live.com:443 - NONE/- text/html", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689384.316 2828 10.105.21.199 TCP_SWAPFAIL_MISS/200 633 GET http://us.js2.yimg.com/us.js.yimg.com/lib/pim/r/dclient/d/js/uk/77cf3e56414f974dfd8616f56f0f632c_1.js badeyek DIRECT/213.160.98.169 application/x-javascript", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689385.714 1397 10.105.21.199 TCP_HIT/200 1742 GET http://us.js1.yimg.com/us.yimg.com/lib/hdr/ygma5.css badeyek NONE/- text/css", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689387.690 1977 10.105.21.199 TCP_MISS/200 14561 GET http://us.js2.yimg.com/us.js.yimg.com/lib/pim/r/dclient/d/js/uk/f7fc76100697c9c2d25dd0ec35e563b0_1.js badeyek DIRECT/213.160.98.169 application/x-javascript", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689387.771 80 10.105.21.199 TCP_HIT/200 68733 GET http://us.js1.yimg.com/us.yimg.com/lib/pim/r/medici/13_15/mail/ac.js badeyek NONE/- application/x-javascript", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689387.830 1 10.105.21.199 TCP_HIT/200 898 GET http://us.js2.yimg.com/us.js.yimg.com/lib/common/utils/2/yahoo_2.0.0-b4.js badeyek NONE/- application/x-javascript", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "1157689387.832 60 10.105.21.199 TCP_HIT/200 26803 GET http://us.i1.yimg.com/us.yimg.com/i/us/pim/dclient/d/img/liam_ball_1.gif badeyek NONE/- image/gif", "tags": [ diff --git a/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 983a8171be0..d1d2eec40e4 100644 --- a/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.251.224.219 7337 [29/Jan/2016:6:09:59 nto] \"PROPFIND https://example.org/exercita/der.htm?odoco=ria#min ite\" 10.234.224.44 etdo tation \"quasiarc\" liqua ciade 5699 \"https://example.net/umq/ntium.gif?nes=eab#aliqu\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" deny", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.102.123.34 7178 [12/Feb/2016:1:12:33 nostrud] \"PURGE https://www.example.org/enderitq/sperna.txt?billoi=oreetdol#nidolor tatemU\" 10.70.36.222 estlabo doeiu \"nia\" olupt volup 208 \"https://example.com/eosquir/orsi.txt?itessequ=vol#luptat\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" deny", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.15.135.248 7269 [26/Feb/2016:8:15:08 mquia] \"OPTIONS https://internal.example.com/aqu/utper.jpg?eFinib=omm#iin proident\" 10.142.172.64 lupt tia \"oloremqu\" temvel iatu 5493 \"https://example.net/dolo/meumfug.gif?roinBCS=ufugiatn#tionulam\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.44.134.153 5162 [12/Mar/2016:3:17:42 nci] \"GET https://api.example.org/ceroinBC/ratvolup.gif?iatu=ionofde#con uia\" quiavo 1156 \"https://mail.example.com/consec/taliquip.html?radip=tNequ#gelit\" \"Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61\" allow 10.81.122.126 taev 160.145000", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.160.95.56 1980 [26/Mar/2016:10:20:16 aqui] \"PUT https://api.example.org/isetq/estqui.gif?magn=equuntu#eos enimad\" 10.171.175.51 boreet onev \"tenima\" laboreet aquaeabi 5738 \"https://api.example.net/veleumi/tia.gif?ude=maveniam#uian\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.175.107.139 4243 [09/Apr/2016:5:22:51 antium] \"HEAD https://www.example.org/inesci/rsitvolu.txt?pori=occ#ect reetdolo\" 10.12.195.60 uiano mrema \"autfu\" natura aboris 2946 \"https://api.example.com/ssitaspe/gitsedqu.jpg?iutal=dexe#urerep\" \"Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" accept", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.198.136.50 6875 [24/Apr/2016:12:25:25 llam] \"DELETE https://www5.example.com/ari/eataevit.txt?iam=mqua#atat quunt\" 10.207.249.121 iciade tsed \"orai\" mUt usmodte 1296 \"https://www.example.org/ametcons/porainc.jpg?temsequ=emquiavo#nonnu\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" allow", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.34.9.93 124 [08/May/2016:7:27:59 onse] \"PROPFIND https://example.org/tatno/imav.htm?ofdeF=tion#orsitame quiratio\" 10.116.120.216 qua umdo \"sed\" apariat mol 1510 \"https://internal.example.net/turveli/toccae.htm?erc=taliqu#temUten\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" accept", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.90.131.186 6343 [22/May/2016:2:30:33 nimadmin] \"HEAD https://example.org/uaera/sitas.txt?aedic=atquovo#iumto aboreetd\" 10.30.216.41 enim saute \"vel\" quu undeo 5794 \"https://mail.example.net/atuse/ddoeiu.gif?idolore=onse#liq\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" accept", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.8.88.110 7618 [05/Jun/2016:9:33:08 ionul] \"CONNECT https://mail.example.org/edquiano/loru.htm?end=enia#nsequu cup\" 10.203.172.203 idestla Nemoeni \"uradi\" aborumSe luptat 6884 \"https://www5.example.org/strude/ctetura.htm?ittenbyC=aperi#lor\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.71.34.9 267 [20/Jun/2016:4:35:42 dolore] \"UNLOCK https://www.example.org/iqui/etc.txt?tatiset=eprehen#xercitat lpa\" 10.158.185.163 rudexerc aliq \"rsitam\" quam adm 987 \"https://www.example.org/ritatis/oloremi.txt?icab=mwr#fugi\" \"Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g\" allow", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.210.74.24 6423 [04/Jul/2016:11:38:16 untut] \"OPTIONS https://internal.example.net/ommod/sequatur.txt?tlabo=suntexp#ugiatnu stiae\" 10.201.76.240 amqu uines \"nsec\" onse emips 2655 \"https://example.net/tion/eataev.htm?uiineavo=tisetq#irati\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" accept", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.114.138.121 1939 [18/Jul/2016:6:40:50 tati] \"COPY https://api.example.org/oriosamn/deFinibu.gif?iciatisu=rehender#eporroqu uat\" 10.206.136.206 suntinc xeac \"nidolo\" tatn eli 6462 \"https://www.example.net/pida/nse.html?emeumfu=CSed#lupt\" \"Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" deny", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.200.199.166 3727 [02/Aug/2016:1:43:25 amvolup] \"COPY https://mail.example.org/rehend/tio.html?numqu=qui#civeli lum\" 10.134.161.118 tat ipitla \"quae\" maccusa uptat 3458 \"https://www.example.com/xerci/aqu.htm?olorema=iades#siarchi\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" block", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.122.46.71 2807 [16/Aug/2016:8:45:59 ihilm] \"NONE https://www.example.org/eav/ionevo.txt?siar=orev#iamquis quirat\" 10.76.3.41 isc aturve \"emulla\" mpori aaliquaU 2989 \"https://www5.example.com/ern/psaquae.html?nsectet=utla#utei\" \"Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.164.250.63 2530 [30/Aug/2016:3:48:33 eritqu] \"PROPFIND https://internal.example.net/wri/bor.jpg?hitect=dol#leumiu namali\" 10.249.213.83 nsecte itame \"eumfug\" lit asun 1250 \"https://api.example.com/oluptate/onseq.html?labore=texp#tMalor\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" accept", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.61.242.75 2591 [13/Sep/2016:10:51:07 dantiumt] \"HEAD https://api.example.net/equat/doloreme.htm?ione=ihilmole#eriamea amre\" 10.236.248.65 pisciv iquidex \"radipisc\" tmo fficiade 3280 \"https://www5.example.net/uioffi/oru.jpg?one=etMalor#ipi\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.13.59.31 5685 [28/Sep/2016:5:53:42 sperna] \"PUT https://www5.example.com/estia/tper.gif?volupt=osqui#xerc iutali\" 10.214.7.83 liquide etdol \"uela\" boN eprehend 2462 \"https://internal.example.net/lamcolab/ati.jpg?gel=lorsitam#mpo\" \"Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.89.201.140 2447 [12/Oct/2016:12:56:16 uamei] \"GET https://internal.example.net/sin/rvel.htm?nimid=itatione#isnis uptasn\" 10.49.92.179 osamn isnisiu \"bore\" tsu tcons 3128 \"https://api.example.org/lorinre/olorsita.gif?idata=rumwritt#magnid\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.235.7.92 5787 [26/Oct/2016:7:58:50 nsecte] \"PURGE https://api.example.org/abo/veniamqu.gif?aliquide=ofde#equat derit\" 10.90.86.89 piscin lapar \"laboree\" tfu udan 5516 \"https://mail.example.net/xeacomm/mveleu.htm?utlabor=rau#idex\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" deny", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.14.211.43 4762 [10/Nov/2016:3:01:24 eiu] \"PROPFIND https://api.example.org/autfu/gnaaliq.jpg?olupta=litse#icabo itatio\" 10.14.48.16 sintoc volupt \"siste\" uiinea Utenima 1612 \"https://www5.example.net/ptatem/Nequepor.html?ugiatnu=ciati#nto\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.47.25.230 5491 [24/Nov/2016:10:03:59 ese] \"CONNECT https://internal.example.net/ptatemq/luptatev.html?Nequepo=ipsumd#ntocc uteirure\" 10.93.123.174 evelit reetdolo \"smo\" etcons iusmodi 1563 \"https://example.com/uiac/epte.gif?itam=aper#santiumd\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" block", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.7.46.36 837 [08/Dec/2016:5:06:33 nonn] \"MKOL https://www5.example.net/quiavol/rrorsi.gif?iatisu=sec#cons sBon\" 10.233.48.103 leumiur tlab \"aperiame\" isc ullamcor 584 \"https://www5.example.com/tateve/itinvol.txt?tenatus=cipitlab#ipsumd\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.93.220.10 2805 [23/Dec/2016:12:09:07 com] \"PROPATCH https://api.example.net/orain/tiumt.jpg?litessec=itas#edquia sequatu\" 10.27.58.92 amvo qui \"tasn\" Nemoenim squirati 63 \"https://mail.example.com/nbyCic/utlabor.html?iciade=ntiumt#iquipe\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.213.144.249 4427 [06/Jan/2017:7:11:41 taedicta] \"PURGE https://www.example.net/str/idolore.txt?eetdolo=cteturad#untut uamni\" 10.135.217.12 metMalo ntexplic \"archite\" loreme untu 5676 \"https://example.net/con/nisist.gif?ium=esciuntN#idunt\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.13.226.57 3275 [20/Jan/2017:2:14:16 runtm] \"PURGE https://mail.example.net/velitse/oditem.html?torever=oremi#mestq temUt\" 10.233.239.112 npr mquelau \"iadolor\" amcol adeser 3780 \"https://internal.example.com/tqu/reprehen.gif?quam=quid#fugiat\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" cancel", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.161.203.252 301 [03/Feb/2017:9:16:50 emquia] \"CONNECT https://internal.example.org/isnisi/ritatise.gif?tamet=quatur#uisa eFi\" 10.21.169.127 rpori ice \"oles\" edic seq 2835 \"https://example.com/tatn/dolorsit.jpg?billo=labo#oNemoeni\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.17.215.111 148 [18/Feb/2017:4:19:24 ratv] \"LOCK https://www.example.net/ianon/tsed.htm?ameiusm=proide#ano piscinge\" 10.69.139.26 ditemp edqui \"nre\" veli volupta 7124 \"https://api.example.com/ersp/enderi.jpg?adi=umwrit#uptate\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" block", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.10.213.83 7206 [04/Mar/2017:11:21:59 nisi] \"COPY https://www5.example.org/ncididun/umSe.jpg?ise=itau#apariat vitaedi\" 10.104.80.189 dolore onsecte \"nBCSedut\" ugiat onulam 1542 \"https://mail.example.org/oditautf/quatu.jpg?lumdolor=nonp#labo\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.125.131.91 3480 [18/Mar/2017:6:24:33 urv] \"UNLOCK https://example.org/uatur/adminimv.gif?exeacom=roidents#tem dol\" 10.116.230.217 mvele isis \"uasiar\" utlab emUteni 7122 \"https://api.example.org/lor/velillu.html?dolorem=tvolu#nreprehe\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" block", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.26.96.202 2751 [02/Apr/2017:1:27:07 rautodi] \"ICP_QUERY https://api.example.com/ven/rQu.html?doloreme=dun#reprehe tincu\" 10.119.90.128 lor oraincid \"intocc\" amcorp ntsunt 4826 \"https://mail.example.com/olo/psumqu.txt?fdeF=iquidexe#diconse\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" cancel", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.0.98.205 126 [16/Apr/2017:8:29:41 edquiac] \"HEAD https://api.example.net/eseru/quamest.html?qua=rsita#ate ipsamvo\" 10.76.110.144 tdol upt \"mex\" tatem untutlab 3386 \"https://mail.example.com/plicab/oremq.html?uisaute=imide#poriss\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" deny", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.224.11.165 1646 [30/Apr/2017:3:32:16 nof] \"MOVE https://internal.example.org/mvolu/conse.txt?aincidu=nimadmin#isiu licabo\" 10.135.46.242 lupta xeaco \"nvolupt\" oremi elites 1940 \"https://www.example.org/boNemoe/onsequ.html?amvolupt=onevolu#mnis\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" deny", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.27.44.4 4686 [14/May/2017:10:34:50 sequatD] \"TRACE https://internal.example.org/isciv/rroqu.html?uisa=tametco#ilmol eri\" 10.154.53.249 tae autodit \"elit\" cidunt plica 7398 \"https://internal.example.org/emqu/nderi.html?accusant=onse#admin\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" accept", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.93.39.140 4275 [29/May/2017:5:37:24 ute] \"COPY https://www5.example.net/uaeratv/isa.txt?periam=dqu#pid rExc\" 10.150.245.88 orisn reetd \"prehen\" ntutlabo iusmodte 1738 \"https://example.org/isc/Nequepor.txt?rem=idid#tesse\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" cancel", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.61.92.2 6595 [12/Jun/2017:12:39:58 maliquam] \"UNLOCK https://www5.example.com/orroq/vitaedic.txt?orisni=ons#remagn ecillu\" 10.73.207.70 llamco atu \"untincul\" ssecil commodi 3023 \"https://mail.example.net/tate/onevo.htm?emvele=isnost#olorem\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" block", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.84.32.178 5271 [26/Jun/2017:7:42:33 aliq] \"GET https://example.net/mven/olorsit.gif?oremag=illu#ruredo mac\" temUt 2741 \"https://internal.example.com/uamnihi/risnis.html?scingeli=isn#sBono\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" allow 10.50.124.116 numquam 104.719000", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.173.222.131 918 [11/Jul/2017:2:45:07 ori] \"TRACE https://www5.example.net/rum/eataevi.html?ulla=iqu#oin hil\" 10.211.234.224 uiadol Duisa \"lupta\" aUt boNem 5564 \"https://api.example.org/maveni/onevo.htm?liquaUte=alorum#obeataev\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.11.83.126 6581 [25/Jul/2017:9:47:41 naaliq] \"PROPFIND https://mail.example.net/osquir/mod.txt?fugitse=imad#tinvolup tsed\" 10.0.157.225 itam atu \"lloin\" remipsum tempor 1282 \"https://www5.example.net/incidid/rure.htm?edquian=loremeu#aturve\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" deny", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.228.77.21 6889 [08/Aug/2017:4:50:15 lamc] \"PUT https://api.example.com/asper/umq.txt?itasper=uae#mve uia\" 10.92.237.93 mad onse \"redol\" gnaa mod 5107 \"https://www5.example.com/toditaut/voluptat.htm?strumex=eprehend#asnu\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.102.215.23 3665 [22/Aug/2017:11:52:50 esseq] \"POST https://www5.example.net/quatD/isqua.jpg?oloreseo=iruredol#veniamqu licaboN\" 10.20.28.92 econs ntexpl \"dunt\" litsedq nderiti 409 \"https://api.example.com/Cic/olorema.txt?iscive=quasiar#aeab\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" allow", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.45.28.159 5627 [06/Sep/2017:6:55:24 ree] \"NONE https://api.example.net/ation/luptas.html?iatqu=lorsi#repreh plic\" 10.17.87.79 tetur tionula \"ritqu\" ecatcupi uamei 4595 \"https://www5.example.com/onse/olorem.gif?duntutla=ntium#iration\" \"Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.177.238.45 5137 [20/Sep/2017:1:57:58 ssusci] \"DELETE https://internal.example.com/mpo/unte.jpg?ueipsa=scipitl#eumi quasiarc\" 10.189.94.51 tetura rsp \"oluptat\" metco acom 5704 \"https://api.example.com/tem/exeacomm.txt?taliqui=mides#ciun\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" allow", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.46.77.76 5169 [04/Oct/2017:9:00:32 anim] \"GET https://www.example.org/uov/quaeab.jpg?moles=dipiscin#olup aco\" 10.101.85.169 natu liquid \"enim\" Finibus radi 5697 \"https://example.com/taed/umdolo.html?rroqu=dquiaco#nibus\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" accept", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.24.54.129 77 [19/Oct/2017:4:03:07 eprehend] \"HEAD https://example.net/edolo/ugiatquo.jpg?eosquira=pta#snos orsi\" 10.231.7.209 lorsita eavol \"osamnis\" temaccu scipitl 1247 \"https://www5.example.org/caboNem/urExcept.txt?litesseq=atcupida#tessequa\" \"Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36\" block", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.121.163.5 7803 [02/Nov/2017:11:05:41 redol] \"CONNECT https://api.example.org/isci/dolor.htm?orinrep=quiavol#nrepreh ratv\" 10.77.129.175 tali BCS \"qui\" ugiatquo incidid 2617 \"https://www.example.com/sBonor/fugits.jpg?amc=vol#admi\" \"Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.51.236.148 329 [16/Nov/2017:6:08:15 adol] \"PROPFIND https://mail.example.com/roide/tem.gif?rerepre=nculpaq#culpaqui tvolup\" 10.116.146.114 col obea \"emp\" agnaaliq est 1444 \"https://www.example.com/inculp/onofd.gif?umdolors=dolori#asperna\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" deny", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.244.108.135 6997 [01/Dec/2017:1:10:49 ume] \"NONE https://internal.example.net/rautod/olest.jpg?lapar=ritati#edquia itesse\" 10.217.222.99 ame amvolu \"mip\" tion tobeatae 2512 \"https://api.example.com/iqua/luptat.txt?oremqu=uradi#velitsed\" \"Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90\" block", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.4.69.152 3833 [15/Dec/2017:8:13:24 scivel] \"PUT https://api.example.org/iusmodt/enim.txt?aquio=ersp#iame orroquis\" 10.150.198.112 ntmoll mexer \"estla\" uipexe abor 1370 \"https://www.example.net/remips/illoi.jpg?abori=uisnostr#reetdol\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" block", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.45.114.111 357 [29/Dec/2017:3:15:58 olup] \"POST https://example.org/abillo/undeom.html?oraincid=quaer#eetdo tlab\" 10.45.54.107 seddoeiu nse \"aali\" edictasu mdolors 7490 \"https://www5.example.org/atis/atDuis.txt?nisiut=rumwri#velill\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" accept", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.49.242.174 4078 [12/Jan/2018:10:18:32 tat] \"TRACE https://mail.example.net/uam/orumSec.jpg?isnisiu=suntincu#sse venia\" 10.205.28.24 oeni untutlab \"tvolup\" consecte pteurs 742 \"https://www5.example.net/ons/tiaecon.html?unt=tass#tiumdol\" \"Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90\" allow", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.17.202.219 487 [27/Jan/2018:5:21:06 iame] \"HEAD https://www5.example.org/umiurer/rere.txt?mnisi=usmo#iamea imaveni\" 10.183.223.149 cor odoco \"oin\" itseddoe elites 6366 \"https://mail.example.com/eursinto/litesse.html?licaboNe=tautfug#giatquov\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" deny", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.81.140.173 7623 [10/Feb/2018:12:23:41 itae] \"MOVE https://internal.example.net/atnula/ditautf.jpg?iquidex=olup#remipsu tan\" 10.88.172.222 doconse etdol \"dolorsi\" nturmag tura 6695 \"https://internal.example.org/totam/ntoccae.htm?idunt=atqu#naturau\" \"mobmail android 2.1.3.3150\" cancel", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.162.129.196 4247 [24/Feb/2018:7:26:15 snisi] \"OPTIONS https://api.example.net/uscip/umS.txt?quiacons=uisa#xeacommo Cicero\" 10.247.53.179 issu identsu \"piscivel\" hend eacommo 6835 \"https://example.com/osquira/umd.gif?scipi=tur#acon\" \"mobmail android 2.1.3.3150\" accept", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.110.86.230 536 [11/Mar/2018:2:28:49 eFini] \"UNLOCK https://mail.example.com/mrema/ullamc.txt?eufug=roquisq#temporai uido\" 10.172.148.223 snulap enimadm \"stenatu\" upta atc 3066 \"https://www5.example.net/asnulap/ipi.htm?orissu=fic#sBon\" \"Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80\" accept", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.93.159.170 3481 [25/Mar/2018:9:31:24 emullam] \"GET https://www5.example.com/isau/itinvol.txt?saquaea=ons#orsitam modico\" 10.232.19.43 porinc riame \"riat\" sseq eriam 729 \"https://internal.example.net/imve/essequam.gif?urQuis=etcon#onsequu\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" deny", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.207.97.192 973 [08/Apr/2018:4:33:58 emp] \"ICP_QUERY https://api.example.net/veli/venia.htm?etdolor=uat#onemulla riaturEx\" 10.55.55.72 nculp asp \"eacom\" mag gelitse 2007 \"https://example.net/lab/llumq.htm?tetura=rumet#uptasnul\" \"Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.41.156.88 203 [22/Apr/2018:11:36:32 oco] \"MOVE https://internal.example.net/ainci/osqu.jpg?sus=imavenia#expli ugiat\" 10.89.73.240 orem ntorever \"pisciv\" fugiatqu seos 5561 \"https://www5.example.net/elillum/veleumi.gif?tvol=oluptate#lit\" \"Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61\" deny", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.54.44.231 5292 [07/May/2018:6:39:06 aco] \"CONNECT https://www.example.org/runtm/eturadip.htm?psumd=oloree#seos rios\" 10.101.183.86 mvenia mcorpo \"ntexpl\" abor oreverit 6451 \"https://internal.example.net/tat/eufugia.htm?tau=fficia#est\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" allow", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.181.177.74 3378 [21/May/2018:1:41:41 itsedd] \"LOCK https://internal.example.org/liquipex/uisnos.html?ventor=lupt#umwri odoc\" 10.130.150.189 oreeu nvo \"iamqui\" tassita colabori 1223 \"https://www.example.net/lpa/isn.htm?iat=ffic#siuta\" \"Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.76.220.3 2492 [04/Jun/2018:8:44:15 serrorsi] \"GET https://api.example.org/mquisnos/lore.txt?siar=isn#veniamq lup\" 10.83.130.95 ipitlabo userror \"eacommo\" nderi liqua 7030 \"https://api.example.net/henderit/remq.jpg?voluptas=velill#rspic\" \"Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36\" deny", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.219.245.58 7073 [19/Jun/2018:3:46:49 snisiut] \"COPY https://www.example.com/quas/occaeca.htm?ender=dico#uptatem upt\" 10.166.160.217 olor radip \"rchitect\" Dui iameaqu 2429 \"https://api.example.com/asnulap/yCiceroi.jpg?ender=inc#tect\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" deny", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.121.121.153 723 [03/Jul/2018:10:49:23 smoditem] \"UNLOCK https://www5.example.org/uidolo/umdolore.jpg?oquisq=abori#sit catcu\" 10.183.243.246 amni tatio \"amquisno\" modoc magnam 3267 \"https://example.com/idatat/onev.html?lesti=oreseo#reprehen\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" cancel", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.54.5.47 1585 [17/Jul/2018:5:51:58 mmodi] \"OPTIONS https://internal.example.net/eniamqu/inimav.htm?imadm=uta#tisu remagnam\" 10.202.224.209 iusmodit aturv \"ectetura\" obeataev umf 3141 \"https://www.example.com/quaeabil/emip.htm?urExc=tDuis#iqu\" \"Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36\" cancel", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.72.99.69 3172 [01/Aug/2018:12:54:32 oremeumf] \"PROPFIND https://mail.example.net/sintocca/mipsumqu.htm?tnulapar=ico#giatquo lors\" 10.170.234.233 accus uatu \"mquis\" lab uido 2046 \"https://mail.example.com/tena/aal.jpg?CSedu=mcol#lup\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.245.240.47 4017 [15/Aug/2018:7:57:06 itaedict] \"DELETE https://api.example.org/rep/remap.html?siarc=fdeFin#eleumi edic\" 10.142.130.227 olabori odic \"iuta\" liquaUte scivelit 7795 \"https://internal.example.net/scipit/lloinve.htm?evolup=rvelil#isiutali\" \"Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" allow", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.62.188.193 4104 [29/Aug/2018:2:59:40 atu] \"DELETE https://api.example.net/eturad/tDuis.htm?enimadmi=tateveli#osa mini\" 10.61.110.7 oremque quaU \"ufugi\" cin tmo 508 \"https://example.com/oremip/its.jpg?iavol=natuserr#ostrudex\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" deny", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.172.139.78 6533 [12/Sep/2018:10:02:15 lamco] \"COPY https://www.example.net/hender/ptatemU.htm?mquisnos=tnulapa#madmi tlabore\" 10.68.198.188 doeiu onsectet \"dentsunt\" inea animid 2119 \"https://mail.example.net/onnumqua/quioff.html?upt=atatnonp#nvol\" \"Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61\" block", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.172.47.7 2805 [27/Sep/2018:5:04:49 midest] \"CONNECT https://www.example.org/iduntutl/rsitam.htm?ntor=oinBCSed#oid rchit\" 10.169.63.169 ariat midestl \"quatu\" avolu teturad 3465 \"https://api.example.net/iquaUten/prehende.gif?rpo=velites#nonpro\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" block", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.32.98.109 5012 [11/Oct/2018:12:07:23 dexercit] \"PURGE https://example.org/itessequ/porissu.html?uip=ectobea#dat aUtenima\" 10.62.10.137 eeufugi deomnisi \"olupta\" oll laboree 3880 \"https://api.example.org/cupidata/stiaecon.htm?rsint=itl#ttenb\" \"Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.176.62.146 5945 [25/Oct/2018:7:09:57 lors] \"COPY https://api.example.net/enimad/tis.txt?mipsumq=ident#nimide quelaud\" 10.255.40.12 rro oeiusmo \"nimv\" emeu tatemac 5192 \"https://www5.example.com/teursint/etMa.gif?lamcolab=ceroinB#umqui\" \"Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90\" deny", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.194.198.46 3387 [09/Nov/2018:2:12:32 cta] \"GET https://api.example.org/taspe/yCiceroi.htm?cti=ommodoc#nse mveniam\" tuser 2694 \"https://internal.example.com/tlaboru/aeabillo.txt?equuntu=quamni#turveli\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" deny 10.88.98.31 rured 105.243000", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.5.49.20 7503 [23/Nov/2018:9:15:06 macc] \"OPTIONS https://example.com/beat/rro.jpg?uisau=qua#iarchite emsequi\" 10.1.27.133 edqu tationu \"gnaaliq\" olore ntutlab 6881 \"https://www5.example.com/gnama/esciun.html?ratvo=ntutl#volupt\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" block", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.11.73.145 6972 [07/Dec/2018:4:17:40 uisautem] \"POST https://www5.example.org/loremq/turmagni.txt?emUtenim=ende#dexea aco\" 10.70.244.155 olorsi caboNemo \"uptas\" temaccus ons 2160 \"https://internal.example.com/ctetur/mvolupta.html?oreeu=mea#ssec\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" accept", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.204.214.98 985 [21/Dec/2018:11:20:14 equ] \"PURGE https://www5.example.net/deomnisi/ddoe.txt?oremi=ectobeat#ecte abo\" 10.121.80.158 boriosa cillumdo \"ditau\" moenimip uames 7663 \"https://internal.example.com/lor/oreeu.html?eturadip=nost#atus\" \"Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.74.115.33 4006 [05/Jan/2019:6:22:49 nsequat] \"PURGE https://api.example.net/tiset/sci.jpg?rauto=doloreeu#lors eumfu\" 10.139.151.19 eumf roquisq \"uasi\" maveniam uis 5533 \"https://www.example.com/imi/animi.htm?ama=tatnonp#ntiumt\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" block", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.191.220.1 6454 [19/Jan/2019:1:25:23 ctetura] \"DELETE https://api.example.net/tDuisau/aturve.htm?tper=pisciv#tconsect pariat\" 10.242.48.203 ctobeat isi \"idexeac\" ntu tdolo 3872 \"https://mail.example.com/olupt/ola.jpg?etquasia=qua#adm\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" deny", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.109.88.27 5568 [02/Feb/2019:8:27:57 cidu] \"PROPATCH https://internal.example.com/oluptate/todi.jpg?tdolo=ident#scip eacommod\" 10.254.10.98 adipisc aparia \"maliq\" ccusant epteurs 6661 \"https://www5.example.org/oditau/onsec.gif?temqui=lup#aeca\" \"Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36\" accept", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.5.148.114 4749 [17/Feb/2019:3:30:32 ntin] \"LOCK https://mail.example.com/radipis/lore.html?civeli=eufugia#utlabore tamr\" 10.175.138.42 olore onemul \"trudexe\" remeum etur 890 \"https://mail.example.org/quiav/ctionofd.gif?Finibus=uisautei#nevolu\" \"Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" deny", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.0.0.240 1795 [03/Mar/2019:10:33:06 psa] \"PROPFIND https://internal.example.org/olupta/tio.jpg?idestl=litani#emp arch\" 10.18.199.203 ugits ittenb \"tobeatae\" ntut llum 366 \"https://example.com/equat/estiaec.htm?mquido=ende#ntmollit\" \"Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.1.220.47 6685 [17/Mar/2019:5:35:40 mipsamv] \"NONE https://www5.example.com/sequines/cto.gif?temaccu=uamqua#Neq runt\" 10.73.80.251 pteurs ercitati \"atem\" serro lumquid 5939 \"https://www5.example.org/imaveni/equ.htm?ssequamn=ave#taliqui\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" allow", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.153.109.61 7499 [01/Apr/2019:12:38:14 numq] \"PURGE https://www.example.net/periam/ain.gif?iquipex=mqu#onorume abill\" 10.22.34.206 mini mve \"tionev\" uasiarch velites 1745 \"https://api.example.org/equa/edquiaco.gif?olorsit=naaliq#plica\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" block", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.62.168.226 5334 [15/Apr/2019:7:40:49 bori] \"CONNECT https://www.example.net/ecatc/quovolu.jpg?dexe=nemul#Duis lupt\" 10.199.103.185 uipe ipsa \"con\" eirured sequamn 5243 \"https://mail.example.com/ciatisun/duntutl.htm?didun=riaturEx#nde\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" allow", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.97.33.56 3541 [29/Apr/2019:2:43:23 rad] \"COPY https://example.com/tqui/ssequ.gif?emse=emqui#cipitla tlab\" 10.128.84.27 nula ptate \"volupta\" umfu utla 2478 \"https://www5.example.com/dolo/velites.gif?equa=apari#tsunt\" \"Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36\" block", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.49.169.175 2103 [13/May/2019:9:45:57 sistena] \"HEAD https://example.com/caboN/imipsam.jpg?catcupid=ritquiin#quisnost sequines\" 10.115.154.104 illum ore \"spici\" Sedut tatis 7767 \"https://www5.example.com/sequines/minimve.gif?toditau=uiad#nvolupta\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" allow", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.213.100.153 2571 [28/May/2019:4:48:31 iatquo] \"PROPFIND https://www.example.org/oinvento/ali.htm?utaliqui=isciv#osqu ptatemse\" 10.33.112.100 catcup enimad \"magnaali\" velillum ionev 1594 \"https://internal.example.com/ameaq/Quis.html?lestiae=iav#umiure\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" block", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.216.143.226 2632 [11/Jun/2019:11:51:06 deomn] \"CONNECT https://api.example.net/quido/llo.htm?tpersp=assi#rch psa\" 10.25.53.93 tvolup oremeu \"lab\" lla urau 6127 \"https://example.net/equamni/atcupi.htm?onemull=mdo#labore\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.139.195.188 893 [25/Jun/2019:6:53:40 aliquaU] \"HEAD https://www.example.net/tvolu/imve.txt?gnaaliq=quam#deriti edictasu\" 10.246.115.57 edquiano mSecti \"henderi\" taevitae tevel 5926 \"https://example.com/ita/iquipexe.jpg?quamqua=quuntur#nihi\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.60.56.205 4345 [10/Jul/2019:1:56:14 writtenb] \"NONE https://www5.example.com/ugitsed/dminimve.htm?onse=uiac#tquii tesse\" 10.82.148.126 inBCSedu ita \"ade\" nihilmol nder 2214 \"https://api.example.net/uunturm/iatn.gif?tseddo=diduntut#rroq\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" block", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.245.251.98 261 [24/Jul/2019:8:58:48 mremaper] \"DELETE https://api.example.com/ntium/ide.htm?tamrema=isautem#usan gnamali\" 10.6.11.124 edqui tvolu \"psu\" strud onsequ 5930 \"https://www5.example.net/iumto/sequatu.jpg?runtm=mdoloree#que\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" accept", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.99.55.115 1537 [07/Aug/2019:4:01:23 exerci] \"CONNECT https://www5.example.org/iad/ngelits.jpg?mporin=orissusc#utaliqui uov\" 10.145.25.55 litsed lumd \"tiaec\" lorem iamquisn 2079 \"https://mail.example.org/aper/entor.txt?lumdol=edutper#utemve\" \"Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.187.86.64 3325 [21/Aug/2019:11:03:57 atatn] \"TRACE https://mail.example.com/iatnulap/roi.htm?uine=loreeu#eprehe ddoeiusm\" 10.6.88.105 uptatemU rem \"onorumet\" iscivel rinci 249 \"https://internal.example.com/eriti/uptateve.htm?rema=mcol#tion\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" allow", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.252.146.132 503 [05/Sep/2019:6:06:31 tat] \"CONNECT https://mail.example.org/turv/use.jpg?mtot=macc#illoin eursi\" 10.163.9.35 uatDu umq \"ipsu\" oremip ota 4562 \"https://example.com/epteurs/itse.jpg?modi=cip#tla\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.249.101.177 4465 [19/Sep/2019:1:09:05 quam] \"DELETE https://mail.example.com/umdol/rerepr.txt?emipsumq=orinr#ineavol umdo\" 10.235.160.245 squamest upta \"umquiad\" porinc uameiu 4857 \"https://api.example.org/mipsa/uas.gif?reeufu=umexe#xce\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" deny", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.140.170.171 773 [03/Oct/2019:8:11:40 deom] \"TRACE https://internal.example.com/rautod/onorumet.htm?mvo=agnidol#nevolup erspici\" 10.73.218.58 quidol tinv \"Utenima\" nse umq 1831 \"https://mail.example.org/meaquei/snisiu.htm?atev=vento#litsed\" \"Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.248.156.138 2125 [18/Oct/2019:3:14:14 smodit] \"OPTIONS https://example.net/dun/xce.jpg?nsequat=mvol#asiar eiu\" 10.67.148.40 tcons squamest \"ction\" emveleum siuta 2155 \"https://example.com/epteur/onproi.txt?imveniam=sunte#exerc\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" deny", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.83.154.75 4260 [01/Nov/2019:10:16:48 explicab] \"UNLOCK https://api.example.com/teiru/mquamei.jpg?pta=uradi#sequu orumetMa\" 10.37.33.179 taed eatae \"siutali\" oloremq sum 6106 \"https://www.example.org/ulamc/doe.txt?remquela=toreve#squirat\" \"Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" accept", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.14.29.202 7842 [15/Nov/2019:5:19:22 modoco] \"MKOL https://www5.example.net/dtempor/rroquisq.gif?liquid=uidex#umdolo nimv\" 10.84.107.38 tutla usmod \"ine\" qui itse 2097 \"https://www5.example.org/tasn/exeaco.html?metc=aincidu#reprehe\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" deny", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.221.86.133 6682 [30/Nov/2019:12:21:57 edi] \"POST https://api.example.com/ore/adeser.htm?pre=aute#rchite rcit\" 10.204.223.184 oinve ptasnul \"utaliqui\" mcorpor rerepr 6861 \"https://example.com/tuserror/agnama.jpg?deritq=boreetdo#teni\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" deny", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "10.195.4.70 3844 [14/Dec/2019:7:24:31 mfugiat] \"PUT https://api.example.com/liqu/dolor.htm?ess=umdo#aer quela\" 10.229.39.190 Nequepo edictas \"emac\" rmagnido exeaco 2574 \"https://api.example.org/loremi/nven.htm?usan=ugiatn#squa\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" deny", "tags": [ diff --git a/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml index c78337cbf54..ad4e15fd090 100644 --- a/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Squid processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/squid/data_stream/log/sample_event.json b/packages/squid/data_stream/log/sample_event.json index 83a9264ffc9..4dd3e8355c6 100644 --- a/packages/squid/data_stream/log/sample_event.json +++ b/packages/squid/data_stream/log/sample_event.json @@ -18,7 +18,7 @@ ] }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/squid/manifest.yml b/packages/squid/manifest.yml index 563e5955418..a493698c4d3 100644 --- a/packages/squid/manifest.yml +++ b/packages/squid/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: squid title: Squid Logs -version: 0.8.0 +version: "0.9.0" description: Collect and parse logs from Squid devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/suricata/_dev/build/build.yml b/packages/suricata/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/suricata/_dev/build/build.yml +++ b/packages/suricata/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/suricata/changelog.yml b/packages/suricata/changelog.yml index 567542096bb..8ee240a0371 100644 --- a/packages/suricata/changelog.yml +++ b/packages/suricata/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.1.0" changes: - description: Add JA3/JA3S to `related.hash` diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json index 04ed5ce567d..a47e0964d65 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json @@ -12,7 +12,7 @@ "port": 47592 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json index 7bf5a0fc89b..bca302ed0bf 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json @@ -29,7 +29,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -151,7 +151,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -273,7 +273,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -517,7 +517,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -639,7 +639,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -761,7 +761,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -885,7 +885,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1009,7 +1009,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1133,7 +1133,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1257,7 +1257,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1381,7 +1381,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1505,7 +1505,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1629,7 +1629,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1753,7 +1753,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1877,7 +1877,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -2001,7 +2001,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -2125,7 +2125,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -2249,7 +2249,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -2372,7 +2372,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -2475,7 +2475,7 @@ "port": 9080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -2584,7 +2584,7 @@ "port": 8443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json index 2903e6b02a9..88d969dc1d9 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json @@ -18,7 +18,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -164,7 +164,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -246,7 +246,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -313,7 +313,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -379,7 +379,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -488,7 +488,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -598,7 +598,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -667,7 +667,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -733,7 +733,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -810,7 +810,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -892,7 +892,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -975,7 +975,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1058,7 +1058,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1141,7 +1141,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1221,7 +1221,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1303,7 +1303,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1386,7 +1386,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1469,7 +1469,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1552,7 +1552,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1621,7 +1621,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1687,7 +1687,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1796,7 +1796,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1906,7 +1906,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json index 73ea5493680..ff181c45c23 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json @@ -12,7 +12,7 @@ "port": 47592 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json index ecc4598de7b..5a41dc18974 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json @@ -8,7 +8,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -69,7 +69,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -153,7 +153,7 @@ "port": 63963 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -242,7 +242,7 @@ "port": 56118 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -357,7 +357,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -410,7 +410,7 @@ { "@timestamp": "2018-07-05T19:51:23.009Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -610,7 +610,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -707,7 +707,7 @@ "port": 547 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -768,7 +768,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -848,7 +848,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -946,7 +946,7 @@ "port": 8081 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1032,7 +1032,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml b/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml index b619ad869f7..70235cb233e 100644 --- a/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for parsing Suricata EVE logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.original copy_from: message diff --git a/packages/suricata/data_stream/eve/sample_event.json b/packages/suricata/data_stream/eve/sample_event.json index 000da0c559f..93e98948aed 100644 --- a/packages/suricata/data_stream/eve/sample_event.json +++ b/packages/suricata/data_stream/eve/sample_event.json @@ -17,7 +17,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/suricata/docs/README.md b/packages/suricata/docs/README.md index fd9310c5988..f4057ae9e8a 100644 --- a/packages/suricata/docs/README.md +++ b/packages/suricata/docs/README.md @@ -33,7 +33,7 @@ An example event for `eve` looks as following: "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/suricata/manifest.yml b/packages/suricata/manifest.yml index cb4ae492971..dfc59e4a5e2 100644 --- a/packages/suricata/manifest.yml +++ b/packages/suricata/manifest.yml @@ -1,6 +1,6 @@ name: suricata title: Suricata Events -version: 2.1.0 +version: "2.2.0" release: ga description: Collect and parse event logs from Suricata instances with Elastic Agent. type: integration diff --git a/packages/symantec_endpoint/_dev/build/build.yml b/packages/symantec_endpoint/_dev/build/build.yml index 08d85edcf9a..5661d603a89 100644 --- a/packages/symantec_endpoint/_dev/build/build.yml +++ b/packages/symantec_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@v8.3.0 diff --git a/packages/symantec_endpoint/changelog.yml b/packages/symantec_endpoint/changelog.yml index c1d6c3d184a..8f06e9fca3f 100644 --- a/packages/symantec_endpoint/changelog.yml +++ b/packages/symantec_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.1" changes: - description: Readme - added link to Vendor documentation and improved the wording diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json index 1623a6ebb6f..142b6594bd2 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "category": [ @@ -37,7 +37,7 @@ }, { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json index 27937c1bd52..6ff5bf97cdd 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json index 4601c9f4543..f9d99ffc68a 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "blocked", @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json index c4738e85c70..4ba86c547cb 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json @@ -6,7 +6,7 @@ "port": 138 }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json index 9aaabcc710c..6e3f18e8355 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-02-16T08:01:33.000Z", "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "Left alone", @@ -82,7 +82,7 @@ { "@timestamp": "2020-05-04T06:57:02.000Z", "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "Left alone", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json index 01c1fe40ecc..6d48d0d4608 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-09-03T08:12:25.000Z", "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "All actions failed", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json index 602cb7e86ef..8615d155a5e 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "started", @@ -55,7 +55,7 @@ }, { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "completed", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json index 15cd6870782..37a4fe4ddde 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json @@ -8,7 +8,7 @@ "port": 8080 }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "category": [ @@ -106,7 +106,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "category": [ @@ -195,7 +195,7 @@ "mac": "2D-FF-88-AA-BB-DC" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "category": [ @@ -279,7 +279,7 @@ "port": 5985 }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "ip": "216.160.83.61" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "category": [ @@ -487,7 +487,7 @@ "port": 5112 }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json index 2cc8bba3107..12bda079b6c 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-08-19T07:14:38.000Z", "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json index b6cb305ca6b..76a204e9503 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json @@ -16,7 +16,7 @@ "mac": "AA-BB-CC-DD-EE-FF" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "blocked", @@ -121,7 +121,7 @@ "port": 8080 }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "blocked", @@ -201,7 +201,7 @@ "port": 80 }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json index 12e36f868b6..d5f88dfdaeb 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json index 8e96def41d0..40fa4cde05f 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json @@ -16,7 +16,7 @@ "mac": "AA-BB-CC-DD-EE-FF" }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "blocked", @@ -91,7 +91,7 @@ }, { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json index c8538737f8e..1723b26c509 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json @@ -15,7 +15,7 @@ "port": 80 }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json index 0bbccc3aebe..5ad95994812 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json @@ -12,7 +12,7 @@ "port": 80 }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json index 60600cfd31c..0b3bea848fd 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -24,7 +24,7 @@ }, { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -46,7 +46,7 @@ }, { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -68,7 +68,7 @@ }, { "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json index 199c4a8c3bc..44d586c508f 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json @@ -8,7 +8,7 @@ "port": 5112 }, "ecs": { - "version": "1.12.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 9616d313620..41fb2391c0a 100644 --- a/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: - set: field: ecs.version - value: '1.12.0' + value: '8.3.0' - grok: description: Parse syslog header. diff --git a/packages/symantec_endpoint/data_stream/log/sample_event.json b/packages/symantec_endpoint/data_stream/log/sample_event.json index 080bd684ef5..4dfa5436fb0 100644 --- a/packages/symantec_endpoint/data_stream/log/sample_event.json +++ b/packages/symantec_endpoint/data_stream/log/sample_event.json @@ -1,117 +1,102 @@ { - "process": { - "executable": "C:/WINDOWS/system32/NTOSKRNL.EXE", - "hash": { - "sha256": "5379732000000000000000000000000000000000000000000000000000000000", - "md5": "53797320000000000000000000000000" - } + "@timestamp": "2018-02-16T08:01:33.000Z", + "agent": { + "ephemeral_id": "360bd055-47f7-487a-b357-e372825d65dd", + "id": "33b93e16-9d01-4487-9b09-99db9e860912", + "name": "docker-fleet-agent", + "type": "filebeat", + "version": "8.2.2" }, - "log": { - "syslog": { - "process": { - "name": "myproc", - "pid": 8710 - }, - "hostname": "192.0.2.1", - "priority": 165, - "version": 1 - } + "data_stream": { + "dataset": "symantec_endpoint.log", + "namespace": "ep", + "type": "logs" }, - "destination": { - "geo": { - "name": "Default" - }, - "address": "192.168.1.113", - "port": 80, - "mac": "CC-F9-E4-A9-12-26", - "ip": "192.168.1.113" + "ecs": { + "version": "8.3.0" }, - "rule": { - "name": "Block Unapproved Incoming Ports" + "elastic_agent": { + "id": "33b93e16-9d01-4487-9b09-99db9e860912", + "snapshot": false, + "version": "8.2.2" }, - "source": { - "address": "192.168.1.1", - "port": 33424, - "mac": "2C-3A-FD-A7-9E-71", - "ip": "192.168.1.1" + "event": { + "action": "Left alone", + "agent_id_status": "verified", + "count": 1, + "dataset": "symantec_endpoint.log", + "end": "2018-02-16T08:01:33.000Z", + "ingested": "2022-06-27T23:54:21Z", + "kind": "event", + "original": "Potential risk found,Computer name: exampleComputer,Detection type: Heuristic,First Seen: Symantec has known about this file approximately 2 days.,Application name: Propsim,Application type: 127,\"Application version: \"\"3\",0,6,\"0\"\"\",Hash type: SHA-256,Application hash: SHA#1234567890,Company name: Dummy Technologies,File size (bytes): 343040,Sensitivity: 2,Detection score: 3,COH Engine Version: 8.1.1.1,Detection Submissions No,Permitted application reason: MDS,Disposition: Bad,Download site: ,Web domain: ,Downloaded by: c:/programdata/oracle/java/javapath_target_2151967445/Host126,Prevalence: Unknown,Confidence: There is not enough information about this file to recommend it.,URL Tracking Status: Off,Risk Level: High,Detection Source: N/A,Source: Heuristic Scan,Risk name: ,Occurrences: 1,f:\\user\\workspace\\baseline package creator\\release\\Host214,'',Actual action: Left alone,Requested action: Left alone,Secondary action: Left alone,Event time: 2018-02-16 08:01:33,Inserted: 2018-02-16 08:02:52,End: 2018-02-16 08:01:33,Domain: Default,Group: My Company\\SEPM Group Name,Server: SEPMServer,User: exampleUser,Source computer: ,Source IP:" }, - "tags": [ - "forwarded", - "preserve_original_event" - ], - "network": { - "community_id": "1:TbyoH4bYJO0/cP/YShIpq9J+Z3s=", - "transport": "tcp", - "type": "ipv4", - "direction": "ingress" + "file": { + "pe": { + "company": "Dummy Technologies", + "file_version": "\"3", + "product": "Propsim" + }, + "size": 343040 }, - "@timestamp": "2021-11-16T12:14:15.000Z", - "ecs": { - "version": "1.12.0" + "host": { + "hostname": "exampleComputer", + "name": "exampleComputer" }, - "related": { - "hash": [ - "53797320000000000000000000000000", - "5379732000000000000000000000000000000000000000000000000000000000" - ], - "ip": [ - "192.168.1.113", - "192.168.1.1" - ] + "input": { + "type": "udp" }, - "host": { - "name": "host-rfc5424", - "hostname": "host-rfc5424", - "mac": [ - "CC-F9-E4-A9-12-26" - ], - "ip": [ - "192.168.1.113" - ] + "log": { + "source": { + "address": "172.19.0.4:51285" + } + }, + "process": { + "executable": "c:/programdata/oracle/java/javapath_target_2151967445/Host126" }, "symantec_endpoint": { "log": { - "occurrences": "4", - "sha-256": "5379732000000000000000000000000000000000000000000000000000000000", - "local_port": "80", - "user_name": "sampleuser4", - "remote_port": "33424", - "rule": "Block Unapproved Incoming Ports", - "md-5": "53797320000000000000000000000000", - "network_protocol": "TCP", - "traffic_direction": "Inbound", - "remote_host_ip": "192.168.1.1", - "remote_host_mac": "2C3AFDA79E71", - "domain_name": "SMPL", - "application": "C:/WINDOWS/system32/NTOSKRNL.EXE", - "local_host_ip": "192.168.1.113", - "action": "blocked", - "end": "2020-11-11 19:25:28", - "location": "Default", - "local_host_mac": "CCF9E4A91226", - "begin": "2020-11-11 19:25:21" + "actual_action": "Left alone", + "application_hash": "SHA#1234567890", + "application_name": "Propsim", + "application_type": "127", + "application_version": "\"3", + "coh_engine_version": "8.1.1.1", + "company_name": "Dummy Technologies", + "computer_name": "exampleComputer", + "confidence": "There is not enough information about this file to recommend it.", + "detection_score": "3", + "detection_source": "N/A", + "detection_type": "Heuristic", + "disposition": "Bad", + "domain_name": "Default", + "downloaded_by": "c:/programdata/oracle/java/javapath_target_2151967445/Host126", + "end": "2018-02-16 08:01:33", + "event_time": "2018-02-16T08:01:33.000Z", + "file_size_bytes": "343040", + "first_seen": "Symantec has known about this file approximately 2 days.", + "group": "My Company\\SEPM Group Name", + "hash_type": "SHA-256", + "inserted": "2018-02-16T08:02:52.000Z", + "occurrences": "1", + "permitted_application_reason": "MDS", + "prevalence": "Unknown", + "requested_action": "Left alone", + "risk_level": "High", + "secondary_action": "Left alone", + "sensitivity": 2, + "server": "SEPMServer", + "source": "Heuristic Scan", + "url_tracking_status": "Off", + "user_name": "exampleUser" } }, - "event": { - "original": "\u003c165\u003e1 2021-11-16T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - host-rfc5424,Local Host IP: 192.168.1.113,Local Port: 80,Local Host MAC: CCF9E4A91226,Remote Host IP: 192.168.1.1,Remote Host Name: ,Remote Port: 33424,Remote Host MAC: 2C3AFDA79E71,TCP,Inbound,Begin: 2020-11-11 19:25:21,End Time: 2020-11-11 19:25:28,Occurrences: 4,Application: C:/WINDOWS/system32/NTOSKRNL.EXE,Rule: Block Unapproved Incoming Ports,Location: Default,User Name: sampleuser4,Domain Name: SMPL,Action: Blocked,SHA-256: 5379732000000000000000000000000000000000000000000000000000000000,MD-5: 53797320000000000000000000000000", - "provider": "Agent Traffic Log", - "kind": "event", - "start": "2020-11-11T19:25:21.000Z", - "count": 4, - "action": "blocked", - "end": "2020-11-11T19:25:28.000Z", - "category": [ - "intrusion_detection", - "network", - "process" - ], - "type": [ - "connection", - "denied" - ] - }, + "tags": [ + "preserve_original_event", + "symantec-endpoint-log", + "forwarded" + ], "user": { - "name": "sampleuser4", - "domain": "SMPL" + "domain": "Default", + "name": "exampleUser" } } \ No newline at end of file diff --git a/packages/symantec_endpoint/docs/README.md b/packages/symantec_endpoint/docs/README.md index 71e62e88cea..bf627d5ff7b 100644 --- a/packages/symantec_endpoint/docs/README.md +++ b/packages/symantec_endpoint/docs/README.md @@ -140,7 +140,7 @@ See vendor documentation: [External Logging settings and log event severity leve | destination.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | destination.as.organization.name | Organization name. | keyword | | destination.as.organization.name.text | Multi-field of `destination.as.organization.name`. | match_only_text | -| destination.domain | Destination domain. | keyword | +| destination.domain | The domain name of the destination system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | destination.geo.city_name | City name. | keyword | | destination.geo.continent_name | Name of the continent. | keyword | | destination.geo.country_iso_code | Country ISO code. | keyword | @@ -204,8 +204,8 @@ See vendor documentation: [External Logging settings and log event severity leve | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | | network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | -| network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | -| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | +| network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | +| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. | keyword | | observer.product | The product name of the observer. | constant_keyword | | observer.type | The type of the observer the data is coming from. | constant_keyword | | observer.vendor | Vendor name of the observer. | constant_keyword | @@ -225,7 +225,7 @@ See vendor documentation: [External Logging settings and log event severity leve | source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | source.as.organization.name | Organization name. | keyword | | source.as.organization.name.text | Multi-field of `source.as.organization.name`. | match_only_text | -| source.domain | Source domain. | keyword | +| source.domain | The domain name of the source system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | source.geo.city_name | City name. | keyword | | source.geo.continent_name | Name of the continent. | keyword | | source.geo.country_iso_code | Country ISO code. | keyword | @@ -353,120 +353,105 @@ An example event for `log` looks as following: ```json { - "process": { - "executable": "C:/WINDOWS/system32/NTOSKRNL.EXE", - "hash": { - "sha256": "5379732000000000000000000000000000000000000000000000000000000000", - "md5": "53797320000000000000000000000000" - } + "@timestamp": "2018-02-16T08:01:33.000Z", + "agent": { + "ephemeral_id": "360bd055-47f7-487a-b357-e372825d65dd", + "id": "33b93e16-9d01-4487-9b09-99db9e860912", + "name": "docker-fleet-agent", + "type": "filebeat", + "version": "8.2.2" }, - "log": { - "syslog": { - "process": { - "name": "myproc", - "pid": 8710 - }, - "hostname": "192.0.2.1", - "priority": 165, - "version": 1 - } + "data_stream": { + "dataset": "symantec_endpoint.log", + "namespace": "ep", + "type": "logs" }, - "destination": { - "geo": { - "name": "Default" - }, - "address": "192.168.1.113", - "port": 80, - "mac": "CC-F9-E4-A9-12-26", - "ip": "192.168.1.113" + "ecs": { + "version": "8.3.0" }, - "rule": { - "name": "Block Unapproved Incoming Ports" + "elastic_agent": { + "id": "33b93e16-9d01-4487-9b09-99db9e860912", + "snapshot": false, + "version": "8.2.2" }, - "source": { - "address": "192.168.1.1", - "port": 33424, - "mac": "2C-3A-FD-A7-9E-71", - "ip": "192.168.1.1" + "event": { + "action": "Left alone", + "agent_id_status": "verified", + "count": 1, + "dataset": "symantec_endpoint.log", + "end": "2018-02-16T08:01:33.000Z", + "ingested": "2022-06-27T23:54:21Z", + "kind": "event", + "original": "Potential risk found,Computer name: exampleComputer,Detection type: Heuristic,First Seen: Symantec has known about this file approximately 2 days.,Application name: Propsim,Application type: 127,\"Application version: \"\"3\",0,6,\"0\"\"\",Hash type: SHA-256,Application hash: SHA#1234567890,Company name: Dummy Technologies,File size (bytes): 343040,Sensitivity: 2,Detection score: 3,COH Engine Version: 8.1.1.1,Detection Submissions No,Permitted application reason: MDS,Disposition: Bad,Download site: ,Web domain: ,Downloaded by: c:/programdata/oracle/java/javapath_target_2151967445/Host126,Prevalence: Unknown,Confidence: There is not enough information about this file to recommend it.,URL Tracking Status: Off,Risk Level: High,Detection Source: N/A,Source: Heuristic Scan,Risk name: ,Occurrences: 1,f:\\user\\workspace\\baseline package creator\\release\\Host214,'',Actual action: Left alone,Requested action: Left alone,Secondary action: Left alone,Event time: 2018-02-16 08:01:33,Inserted: 2018-02-16 08:02:52,End: 2018-02-16 08:01:33,Domain: Default,Group: My Company\\SEPM Group Name,Server: SEPMServer,User: exampleUser,Source computer: ,Source IP:" }, - "tags": [ - "forwarded", - "preserve_original_event" - ], - "network": { - "community_id": "1:TbyoH4bYJO0/cP/YShIpq9J+Z3s=", - "transport": "tcp", - "type": "ipv4", - "direction": "ingress" + "file": { + "pe": { + "company": "Dummy Technologies", + "file_version": "\"3", + "product": "Propsim" + }, + "size": 343040 }, - "@timestamp": "2021-11-16T12:14:15.000Z", - "ecs": { - "version": "1.12.0" + "host": { + "hostname": "exampleComputer", + "name": "exampleComputer" }, - "related": { - "hash": [ - "53797320000000000000000000000000", - "5379732000000000000000000000000000000000000000000000000000000000" - ], - "ip": [ - "192.168.1.113", - "192.168.1.1" - ] + "input": { + "type": "udp" }, - "host": { - "name": "host-rfc5424", - "hostname": "host-rfc5424", - "mac": [ - "CC-F9-E4-A9-12-26" - ], - "ip": [ - "192.168.1.113" - ] + "log": { + "source": { + "address": "172.19.0.4:51285" + } + }, + "process": { + "executable": "c:/programdata/oracle/java/javapath_target_2151967445/Host126" }, "symantec_endpoint": { "log": { - "occurrences": "4", - "sha-256": "5379732000000000000000000000000000000000000000000000000000000000", - "local_port": "80", - "user_name": "sampleuser4", - "remote_port": "33424", - "rule": "Block Unapproved Incoming Ports", - "md-5": "53797320000000000000000000000000", - "network_protocol": "TCP", - "traffic_direction": "Inbound", - "remote_host_ip": "192.168.1.1", - "remote_host_mac": "2C3AFDA79E71", - "domain_name": "SMPL", - "application": "C:/WINDOWS/system32/NTOSKRNL.EXE", - "local_host_ip": "192.168.1.113", - "action": "blocked", - "end": "2020-11-11 19:25:28", - "location": "Default", - "local_host_mac": "CCF9E4A91226", - "begin": "2020-11-11 19:25:21" + "actual_action": "Left alone", + "application_hash": "SHA#1234567890", + "application_name": "Propsim", + "application_type": "127", + "application_version": "\"3", + "coh_engine_version": "8.1.1.1", + "company_name": "Dummy Technologies", + "computer_name": "exampleComputer", + "confidence": "There is not enough information about this file to recommend it.", + "detection_score": "3", + "detection_source": "N/A", + "detection_type": "Heuristic", + "disposition": "Bad", + "domain_name": "Default", + "downloaded_by": "c:/programdata/oracle/java/javapath_target_2151967445/Host126", + "end": "2018-02-16 08:01:33", + "event_time": "2018-02-16T08:01:33.000Z", + "file_size_bytes": "343040", + "first_seen": "Symantec has known about this file approximately 2 days.", + "group": "My Company\\SEPM Group Name", + "hash_type": "SHA-256", + "inserted": "2018-02-16T08:02:52.000Z", + "occurrences": "1", + "permitted_application_reason": "MDS", + "prevalence": "Unknown", + "requested_action": "Left alone", + "risk_level": "High", + "secondary_action": "Left alone", + "sensitivity": 2, + "server": "SEPMServer", + "source": "Heuristic Scan", + "url_tracking_status": "Off", + "user_name": "exampleUser" } }, - "event": { - "original": "\u003c165\u003e1 2021-11-16T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - host-rfc5424,Local Host IP: 192.168.1.113,Local Port: 80,Local Host MAC: CCF9E4A91226,Remote Host IP: 192.168.1.1,Remote Host Name: ,Remote Port: 33424,Remote Host MAC: 2C3AFDA79E71,TCP,Inbound,Begin: 2020-11-11 19:25:21,End Time: 2020-11-11 19:25:28,Occurrences: 4,Application: C:/WINDOWS/system32/NTOSKRNL.EXE,Rule: Block Unapproved Incoming Ports,Location: Default,User Name: sampleuser4,Domain Name: SMPL,Action: Blocked,SHA-256: 5379732000000000000000000000000000000000000000000000000000000000,MD-5: 53797320000000000000000000000000", - "provider": "Agent Traffic Log", - "kind": "event", - "start": "2020-11-11T19:25:21.000Z", - "count": 4, - "action": "blocked", - "end": "2020-11-11T19:25:28.000Z", - "category": [ - "intrusion_detection", - "network", - "process" - ], - "type": [ - "connection", - "denied" - ] - }, + "tags": [ + "preserve_original_event", + "symantec-endpoint-log", + "forwarded" + ], "user": { - "name": "sampleuser4", - "domain": "SMPL" + "domain": "Default", + "name": "exampleUser" } } ``` diff --git a/packages/symantec_endpoint/manifest.yml b/packages/symantec_endpoint/manifest.yml index 68660eeca86..cc83e3c73f5 100644 --- a/packages/symantec_endpoint/manifest.yml +++ b/packages/symantec_endpoint/manifest.yml @@ -1,6 +1,6 @@ name: symantec_endpoint title: Symantec Endpoint Protection -version: 1.0.1 +version: "1.1.0" release: beta description: Collect logs from Symantec Endpoint Protection with Elastic Agent. type: integration diff --git a/packages/tcp/_dev/build/build.yml b/packages/tcp/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/tcp/_dev/build/build.yml +++ b/packages/tcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/tcp/changelog.yml b/packages/tcp/changelog.yml index a8ef73b37e9..e005170aebb 100644 --- a/packages/tcp/changelog.yml +++ b/packages/tcp/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.1.0" changes: - description: Update to ECS 8.2 diff --git a/packages/tcp/manifest.yml b/packages/tcp/manifest.yml index 6c3a1f5536b..7ee3f6c1646 100644 --- a/packages/tcp/manifest.yml +++ b/packages/tcp/manifest.yml @@ -3,7 +3,7 @@ name: tcp title: Custom TCP Logs description: Collect raw TCP data from listening TCP port with Elastic Agent. type: integration -version: 1.1.0 +version: "1.2.0" release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" diff --git a/packages/tenable_sc/_dev/build/build.yml b/packages/tenable_sc/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/tenable_sc/_dev/build/build.yml +++ b/packages/tenable_sc/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml index 615927b7672..bea386b1af6 100644 --- a/packages/tenable_sc/changelog.yml +++ b/packages/tenable_sc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.2.2" changes: - description: Update readme - added links to tenable documentation and made the English clearer. diff --git a/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json b/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json index 498c0fd5ba3..7906f84de00 100644 --- a/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json +++ b/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "host", @@ -78,7 +78,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "host", @@ -154,7 +154,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "host", diff --git a/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index f3288708844..51c472c1b53 100644 --- a/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc asset logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/asset/sample_event.json b/packages/tenable_sc/data_stream/asset/sample_event.json index 1b12f787ed8..ee9e0c394e0 100644 --- a/packages/tenable_sc/data_stream/asset/sample_event.json +++ b/packages/tenable_sc/data_stream/asset/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json b/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json index e47cb5d7677..0a64cb08cda 100644 --- a/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json +++ b/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -90,7 +90,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -230,7 +230,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", @@ -353,7 +353,7 @@ { "@timestamp": "2021-09-27T01:33:53.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "kind": "event", diff --git a/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml index 4e6d4aa7d91..0a3dffe5d16 100644 --- a/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc plugin logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/plugin/sample_event.json b/packages/tenable_sc/data_stream/plugin/sample_event.json index 88c4340113c..b78a17cc29a 100644 --- a/packages/tenable_sc/data_stream/plugin/sample_event.json +++ b/packages/tenable_sc/data_stream/plugin/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json b/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json index 41c7cc601ac..2d8dfb529d8 100644 --- a/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json +++ b/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -117,7 +117,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -234,7 +234,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -415,7 +415,7 @@ { "@timestamp": "2021-10-30T16:12:20.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -630,7 +630,7 @@ { "@timestamp": "2021-10-30T16:12:20.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index 494f6ca83b2..68e311155fc 100644 --- a/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc vulnerability logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/vulnerability/sample_event.json b/packages/tenable_sc/data_stream/vulnerability/sample_event.json index c1872bec2de..ed62fbde4e4 100644 --- a/packages/tenable_sc/data_stream/vulnerability/sample_event.json +++ b/packages/tenable_sc/data_stream/vulnerability/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/docs/README.md b/packages/tenable_sc/docs/README.md index a911c3d5d16..c573421ab89 100644 --- a/packages/tenable_sc/docs/README.md +++ b/packages/tenable_sc/docs/README.md @@ -43,7 +43,7 @@ An example event for `asset` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", @@ -235,7 +235,7 @@ An example event for `plugin` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", @@ -491,7 +491,7 @@ An example event for `vulnerability` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/manifest.yml b/packages/tenable_sc/manifest.yml index 94689a3f68a..7d238cc6081 100644 --- a/packages/tenable_sc/manifest.yml +++ b/packages/tenable_sc/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: tenable_sc title: Tenable.sc # The version must be updated in the pipeline as well. Until elastic/kibana#121310 is implemented we will have to manually sync these. -version: 1.2.2 +version: "1.3.0" license: basic description: | Collect logs from Tenable.sc with Elastic Agent. diff --git a/packages/ti_abusech/_dev/build/build.yml b/packages/ti_abusech/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/ti_abusech/_dev/build/build.yml +++ b/packages/ti_abusech/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/ti_abusech/changelog.yml b/packages/ti_abusech/changelog.yml index 5d3260c6d9e..a6381cfe623 100644 --- a/packages/ti_abusech/changelog.yml +++ b/packages/ti_abusech/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.2" changes: - description: Added link to AbuseCH documentation in readme diff --git a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json index 337c854870a..e051e713e06 100644 --- a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json @@ -5,7 +5,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -50,7 +50,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -146,7 +146,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -191,7 +191,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -284,7 +284,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -329,7 +329,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -376,7 +376,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -421,7 +421,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -466,7 +466,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -511,7 +511,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -556,7 +556,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -601,7 +601,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -693,7 +693,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -738,7 +738,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -785,7 +785,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -830,7 +830,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -875,7 +875,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -922,7 +922,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -967,7 +967,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1012,7 +1012,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1057,7 +1057,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1102,7 +1102,7 @@ "malware": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml index f0843a64975..51148f16a53 100644 --- a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/malware/sample_event.json b/packages/ti_abusech/data_stream/malware/sample_event.json index 7f6f1afed40..9b1f6ac7097 100644 --- a/packages/ti_abusech/data_stream/malware/sample_event.json +++ b/packages/ti_abusech/data_stream/malware/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0cd371ed-8f03-437b-909d-8daccf9843fc", diff --git a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json index 70a0c292c3c..18013ca97d4 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -207,7 +207,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -269,7 +269,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -332,7 +332,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -394,7 +394,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -460,7 +460,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -531,7 +531,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml index 3b5f298c44e..2ff021b668b 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json b/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json index b4249697f83..0403fcfacc0 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json @@ -27,7 +27,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0cd371ed-8f03-437b-909d-8daccf9843fc", diff --git a/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json b/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json index 7c611429b29..556438eaa22 100644 --- a/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -162,7 +162,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -258,7 +258,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -306,7 +306,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -354,7 +354,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -402,7 +402,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -450,7 +450,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -498,7 +498,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -546,7 +546,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -594,7 +594,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -642,7 +642,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -690,7 +690,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -786,7 +786,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -834,7 +834,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -882,7 +882,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -930,7 +930,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -978,7 +978,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1026,7 +1026,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1074,7 +1074,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1122,7 +1122,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1216,7 +1216,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1263,7 +1263,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1310,7 +1310,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1357,7 +1357,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1404,7 +1404,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1452,7 +1452,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1501,7 +1501,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1549,7 +1549,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1596,7 +1596,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1643,7 +1643,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1690,7 +1690,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1737,7 +1737,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1784,7 +1784,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1833,7 +1833,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1879,7 +1879,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1927,7 +1927,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1975,7 +1975,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2023,7 +2023,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2071,7 +2071,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2119,7 +2119,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2215,7 +2215,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2263,7 +2263,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2311,7 +2311,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2359,7 +2359,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2407,7 +2407,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2455,7 +2455,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2503,7 +2503,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2550,7 +2550,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2595,7 +2595,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2640,7 +2640,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2685,7 +2685,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2730,7 +2730,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2775,7 +2775,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2820,7 +2820,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2865,7 +2865,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2910,7 +2910,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2955,7 +2955,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3000,7 +3000,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3090,7 +3090,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3135,7 +3135,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3180,7 +3180,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3225,7 +3225,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3270,7 +3270,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3315,7 +3315,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3360,7 +3360,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3405,7 +3405,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3450,7 +3450,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3495,7 +3495,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3540,7 +3540,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3585,7 +3585,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3630,7 +3630,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3675,7 +3675,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3720,7 +3720,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3765,7 +3765,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3810,7 +3810,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3855,7 +3855,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3945,7 +3945,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3990,7 +3990,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4035,7 +4035,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4080,7 +4080,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4125,7 +4125,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4170,7 +4170,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4215,7 +4215,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4260,7 +4260,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4305,7 +4305,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4350,7 +4350,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4395,7 +4395,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4440,7 +4440,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4485,7 +4485,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4530,7 +4530,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4575,7 +4575,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4620,7 +4620,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4665,7 +4665,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4710,7 +4710,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4755,7 +4755,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4800,7 +4800,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4845,7 +4845,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4890,7 +4890,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4935,7 +4935,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4980,7 +4980,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5025,7 +5025,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5070,7 +5070,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5115,7 +5115,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5160,7 +5160,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5205,7 +5205,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5250,7 +5250,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5295,7 +5295,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5340,7 +5340,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5385,7 +5385,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5430,7 +5430,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5475,7 +5475,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5520,7 +5520,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5565,7 +5565,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5610,7 +5610,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5655,7 +5655,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5700,7 +5700,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5745,7 +5745,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5790,7 +5790,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5835,7 +5835,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5880,7 +5880,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5925,7 +5925,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5970,7 +5970,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6015,7 +6015,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6060,7 +6060,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6105,7 +6105,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6150,7 +6150,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6195,7 +6195,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6240,7 +6240,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6285,7 +6285,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6330,7 +6330,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6375,7 +6375,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6420,7 +6420,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6465,7 +6465,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6510,7 +6510,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6555,7 +6555,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6600,7 +6600,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6645,7 +6645,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6692,7 +6692,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6740,7 +6740,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6788,7 +6788,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6836,7 +6836,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6884,7 +6884,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6932,7 +6932,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6980,7 +6980,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7028,7 +7028,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7076,7 +7076,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7124,7 +7124,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7172,7 +7172,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7220,7 +7220,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7268,7 +7268,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7316,7 +7316,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7364,7 +7364,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7412,7 +7412,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7460,7 +7460,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7508,7 +7508,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7556,7 +7556,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7604,7 +7604,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7652,7 +7652,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7700,7 +7700,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7748,7 +7748,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7796,7 +7796,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7844,7 +7844,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7892,7 +7892,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7941,7 +7941,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7988,7 +7988,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8036,7 +8036,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8084,7 +8084,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8132,7 +8132,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8180,7 +8180,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8228,7 +8228,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8276,7 +8276,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8324,7 +8324,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8372,7 +8372,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8420,7 +8420,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8468,7 +8468,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8517,7 +8517,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8564,7 +8564,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8612,7 +8612,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8660,7 +8660,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8708,7 +8708,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8756,7 +8756,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8804,7 +8804,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8852,7 +8852,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8900,7 +8900,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8948,7 +8948,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8996,7 +8996,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9044,7 +9044,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9092,7 +9092,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9140,7 +9140,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9188,7 +9188,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9236,7 +9236,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9284,7 +9284,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9332,7 +9332,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9380,7 +9380,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9428,7 +9428,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9476,7 +9476,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9525,7 +9525,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9574,7 +9574,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9622,7 +9622,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9670,7 +9670,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9718,7 +9718,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9766,7 +9766,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9814,7 +9814,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9862,7 +9862,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9910,7 +9910,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9958,7 +9958,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10006,7 +10006,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10054,7 +10054,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10102,7 +10102,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10150,7 +10150,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10198,7 +10198,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10246,7 +10246,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10294,7 +10294,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10342,7 +10342,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10390,7 +10390,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10438,7 +10438,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10486,7 +10486,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10534,7 +10534,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10582,7 +10582,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10630,7 +10630,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10678,7 +10678,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10726,7 +10726,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10774,7 +10774,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10823,7 +10823,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10872,7 +10872,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10919,7 +10919,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10967,7 +10967,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11015,7 +11015,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11063,7 +11063,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11111,7 +11111,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11159,7 +11159,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11207,7 +11207,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11255,7 +11255,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11303,7 +11303,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11351,7 +11351,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11399,7 +11399,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11447,7 +11447,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11495,7 +11495,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11543,7 +11543,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11591,7 +11591,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11639,7 +11639,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11687,7 +11687,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11735,7 +11735,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11783,7 +11783,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11831,7 +11831,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11880,7 +11880,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11928,7 +11928,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11976,7 +11976,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12022,7 +12022,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12070,7 +12070,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12118,7 +12118,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12166,7 +12166,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12214,7 +12214,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12262,7 +12262,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12310,7 +12310,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12358,7 +12358,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12406,7 +12406,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12454,7 +12454,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12503,7 +12503,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12550,7 +12550,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12598,7 +12598,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12646,7 +12646,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12694,7 +12694,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12742,7 +12742,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12790,7 +12790,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12838,7 +12838,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12886,7 +12886,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12934,7 +12934,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12982,7 +12982,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13030,7 +13030,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13078,7 +13078,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13127,7 +13127,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13175,7 +13175,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13223,7 +13223,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13271,7 +13271,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13319,7 +13319,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13367,7 +13367,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13415,7 +13415,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13463,7 +13463,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13511,7 +13511,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13559,7 +13559,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13607,7 +13607,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13655,7 +13655,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13703,7 +13703,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13751,7 +13751,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13799,7 +13799,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13847,7 +13847,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13895,7 +13895,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13943,7 +13943,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13991,7 +13991,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14039,7 +14039,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14087,7 +14087,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14135,7 +14135,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14183,7 +14183,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14231,7 +14231,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14279,7 +14279,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14327,7 +14327,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14375,7 +14375,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14424,7 +14424,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14473,7 +14473,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14520,7 +14520,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14568,7 +14568,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14616,7 +14616,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14664,7 +14664,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14712,7 +14712,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14760,7 +14760,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14808,7 +14808,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14856,7 +14856,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14904,7 +14904,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14952,7 +14952,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15000,7 +15000,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15048,7 +15048,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15096,7 +15096,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15144,7 +15144,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15192,7 +15192,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15240,7 +15240,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15288,7 +15288,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15336,7 +15336,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15384,7 +15384,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15432,7 +15432,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15480,7 +15480,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15529,7 +15529,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15574,7 +15574,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15621,7 +15621,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15668,7 +15668,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15716,7 +15716,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15764,7 +15764,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15812,7 +15812,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15860,7 +15860,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15908,7 +15908,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15956,7 +15956,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16004,7 +16004,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16052,7 +16052,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16100,7 +16100,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16148,7 +16148,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16196,7 +16196,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16244,7 +16244,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16292,7 +16292,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16340,7 +16340,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16388,7 +16388,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16436,7 +16436,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16484,7 +16484,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16532,7 +16532,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16581,7 +16581,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16629,7 +16629,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16677,7 +16677,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16725,7 +16725,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16773,7 +16773,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16822,7 +16822,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16871,7 +16871,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16918,7 +16918,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16967,7 +16967,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17015,7 +17015,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17063,7 +17063,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17111,7 +17111,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17159,7 +17159,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17207,7 +17207,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17255,7 +17255,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17303,7 +17303,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17351,7 +17351,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17399,7 +17399,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17447,7 +17447,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17495,7 +17495,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17543,7 +17543,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17591,7 +17591,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17639,7 +17639,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17688,7 +17688,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17735,7 +17735,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17784,7 +17784,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17832,7 +17832,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17880,7 +17880,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17928,7 +17928,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17976,7 +17976,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18024,7 +18024,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18072,7 +18072,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18120,7 +18120,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18168,7 +18168,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18216,7 +18216,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18263,7 +18263,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18310,7 +18310,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18357,7 +18357,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18404,7 +18404,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18451,7 +18451,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18498,7 +18498,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18546,7 +18546,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18593,7 +18593,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18640,7 +18640,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18688,7 +18688,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18735,7 +18735,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18782,7 +18782,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18830,7 +18830,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18877,7 +18877,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18924,7 +18924,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18972,7 +18972,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19020,7 +19020,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19068,7 +19068,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19116,7 +19116,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19163,7 +19163,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19212,7 +19212,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19260,7 +19260,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19308,7 +19308,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19356,7 +19356,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19404,7 +19404,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19452,7 +19452,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19500,7 +19500,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19548,7 +19548,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19596,7 +19596,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19644,7 +19644,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19692,7 +19692,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19740,7 +19740,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19788,7 +19788,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19836,7 +19836,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19884,7 +19884,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19932,7 +19932,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19980,7 +19980,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20028,7 +20028,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20076,7 +20076,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20124,7 +20124,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20172,7 +20172,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20220,7 +20220,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20268,7 +20268,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20316,7 +20316,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20364,7 +20364,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20412,7 +20412,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20460,7 +20460,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20508,7 +20508,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20556,7 +20556,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20604,7 +20604,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20652,7 +20652,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20700,7 +20700,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20748,7 +20748,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20796,7 +20796,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20845,7 +20845,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20894,7 +20894,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20942,7 +20942,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20990,7 +20990,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21038,7 +21038,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21086,7 +21086,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21134,7 +21134,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21182,7 +21182,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21230,7 +21230,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21278,7 +21278,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21326,7 +21326,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21374,7 +21374,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21422,7 +21422,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21470,7 +21470,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21518,7 +21518,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21566,7 +21566,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21614,7 +21614,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21662,7 +21662,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21710,7 +21710,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21758,7 +21758,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21806,7 +21806,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21854,7 +21854,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21902,7 +21902,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21951,7 +21951,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21999,7 +21999,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22047,7 +22047,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22095,7 +22095,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22143,7 +22143,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22191,7 +22191,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22239,7 +22239,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22287,7 +22287,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22335,7 +22335,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22383,7 +22383,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22431,7 +22431,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22479,7 +22479,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22527,7 +22527,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22575,7 +22575,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22623,7 +22623,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22671,7 +22671,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22719,7 +22719,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22767,7 +22767,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22815,7 +22815,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22863,7 +22863,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22911,7 +22911,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22959,7 +22959,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23007,7 +23007,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23055,7 +23055,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23103,7 +23103,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23151,7 +23151,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23199,7 +23199,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23247,7 +23247,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23295,7 +23295,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23343,7 +23343,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23392,7 +23392,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23440,7 +23440,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23487,7 +23487,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23535,7 +23535,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23583,7 +23583,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23631,7 +23631,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23679,7 +23679,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23727,7 +23727,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23775,7 +23775,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23823,7 +23823,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23871,7 +23871,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23919,7 +23919,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23967,7 +23967,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24015,7 +24015,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24063,7 +24063,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24111,7 +24111,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24159,7 +24159,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24207,7 +24207,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24255,7 +24255,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24303,7 +24303,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24351,7 +24351,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24400,7 +24400,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24449,7 +24449,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24496,7 +24496,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24544,7 +24544,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24592,7 +24592,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24640,7 +24640,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24688,7 +24688,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24736,7 +24736,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24784,7 +24784,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24832,7 +24832,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24880,7 +24880,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24928,7 +24928,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24976,7 +24976,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25024,7 +25024,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25072,7 +25072,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25120,7 +25120,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25168,7 +25168,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25216,7 +25216,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25264,7 +25264,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25313,7 +25313,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25361,7 +25361,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25409,7 +25409,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25457,7 +25457,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25505,7 +25505,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25554,7 +25554,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25601,7 +25601,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25647,7 +25647,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25695,7 +25695,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25743,7 +25743,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25791,7 +25791,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25839,7 +25839,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25887,7 +25887,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25935,7 +25935,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25983,7 +25983,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26032,7 +26032,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26079,7 +26079,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26127,7 +26127,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26175,7 +26175,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26223,7 +26223,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26271,7 +26271,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26319,7 +26319,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26367,7 +26367,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26415,7 +26415,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26463,7 +26463,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26511,7 +26511,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26559,7 +26559,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26607,7 +26607,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26655,7 +26655,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26703,7 +26703,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26751,7 +26751,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26799,7 +26799,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26847,7 +26847,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26895,7 +26895,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26943,7 +26943,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26991,7 +26991,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27039,7 +27039,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27087,7 +27087,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27135,7 +27135,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27184,7 +27184,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27231,7 +27231,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27279,7 +27279,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27327,7 +27327,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27375,7 +27375,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27423,7 +27423,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27471,7 +27471,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27519,7 +27519,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27568,7 +27568,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27615,7 +27615,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27663,7 +27663,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27711,7 +27711,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27759,7 +27759,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27807,7 +27807,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27855,7 +27855,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27903,7 +27903,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27951,7 +27951,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27999,7 +27999,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28047,7 +28047,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28095,7 +28095,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28143,7 +28143,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28191,7 +28191,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28239,7 +28239,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28287,7 +28287,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28335,7 +28335,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28383,7 +28383,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28432,7 +28432,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28479,7 +28479,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28527,7 +28527,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28576,7 +28576,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28624,7 +28624,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28672,7 +28672,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28720,7 +28720,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28766,7 +28766,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28812,7 +28812,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28858,7 +28858,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28906,7 +28906,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28954,7 +28954,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29002,7 +29002,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29050,7 +29050,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29098,7 +29098,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29146,7 +29146,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29194,7 +29194,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29242,7 +29242,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29290,7 +29290,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29338,7 +29338,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29386,7 +29386,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29434,7 +29434,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29482,7 +29482,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29530,7 +29530,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29578,7 +29578,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29626,7 +29626,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29674,7 +29674,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29722,7 +29722,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29770,7 +29770,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29818,7 +29818,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29867,7 +29867,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29914,7 +29914,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29962,7 +29962,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30008,7 +30008,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30055,7 +30055,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30103,7 +30103,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30151,7 +30151,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30199,7 +30199,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30247,7 +30247,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30295,7 +30295,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30344,7 +30344,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30391,7 +30391,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30439,7 +30439,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30487,7 +30487,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30535,7 +30535,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30583,7 +30583,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30631,7 +30631,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30679,7 +30679,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30727,7 +30727,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30775,7 +30775,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30823,7 +30823,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30871,7 +30871,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30919,7 +30919,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30967,7 +30967,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31015,7 +31015,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31063,7 +31063,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31111,7 +31111,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31159,7 +31159,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31207,7 +31207,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31255,7 +31255,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31303,7 +31303,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31351,7 +31351,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31400,7 +31400,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31447,7 +31447,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31495,7 +31495,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31543,7 +31543,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31591,7 +31591,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31639,7 +31639,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31687,7 +31687,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31735,7 +31735,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31783,7 +31783,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31831,7 +31831,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml index 1765d7608ae..03e1f6e52fa 100644 --- a/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.0.0" + value: "8.3.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/url/sample_event.json b/packages/ti_abusech/data_stream/url/sample_event.json index 2ed40825e3e..9add2167bf4 100644 --- a/packages/ti_abusech/data_stream/url/sample_event.json +++ b/packages/ti_abusech/data_stream/url/sample_event.json @@ -25,7 +25,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.3.0" }, "elastic_agent": { "id": "0cd371ed-8f03-437b-909d-8daccf9843fc", diff --git a/packages/ti_abusech/manifest.yml b/packages/ti_abusech/manifest.yml index 49eb53186dd..4f2fb7d97d7 100644 --- a/packages/ti_abusech/manifest.yml +++ b/packages/ti_abusech/manifest.yml @@ -1,6 +1,6 @@ name: ti_abusech title: AbuseCH -version: 1.3.2 +version: "1.4.0" release: ga description: Ingest threat intelligence indicators from URL Haus and Malware Bazaar feeds with Elastic Agent. type: integration diff --git a/packages/ti_anomali/_dev/build/build.yml b/packages/ti_anomali/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/ti_anomali/_dev/build/build.yml +++ b/packages/ti_anomali/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index 4405fd27c60..6d4589c171c 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.3" changes: - description: added links to Anomoli documentation in readme diff --git a/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json b/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json index 1ad4d4e3895..eab06cc0219 100644 --- a/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json +++ b/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -72,7 +72,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -173,7 +173,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -274,7 +274,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -325,7 +325,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -369,7 +369,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -420,7 +420,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -471,7 +471,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -521,7 +521,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -565,7 +565,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -616,7 +616,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -666,7 +666,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -710,7 +710,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -754,7 +754,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -804,7 +804,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -855,7 +855,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -906,7 +906,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -957,7 +957,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1008,7 +1008,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1059,7 +1059,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1110,7 +1110,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1161,7 +1161,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1212,7 +1212,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1263,7 +1263,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1307,7 +1307,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1357,7 +1357,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1408,7 +1408,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1459,7 +1459,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1510,7 +1510,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1554,7 +1554,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1605,7 +1605,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1649,7 +1649,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1700,7 +1700,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1750,7 +1750,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1801,7 +1801,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1852,7 +1852,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1903,7 +1903,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1953,7 +1953,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2003,7 +2003,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2054,7 +2054,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2098,7 +2098,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2149,7 +2149,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2200,7 +2200,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2251,7 +2251,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2301,7 +2301,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2352,7 +2352,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2403,7 +2403,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2454,7 +2454,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2505,7 +2505,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2549,7 +2549,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2599,7 +2599,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2650,7 +2650,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2701,7 +2701,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2752,7 +2752,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2802,7 +2802,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2853,7 +2853,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2904,7 +2904,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2955,7 +2955,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3006,7 +3006,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3056,7 +3056,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3106,7 +3106,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3156,7 +3156,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3206,7 +3206,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3250,7 +3250,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3301,7 +3301,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3345,7 +3345,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3395,7 +3395,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3446,7 +3446,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3496,7 +3496,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3546,7 +3546,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3590,7 +3590,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3634,7 +3634,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3685,7 +3685,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3735,7 +3735,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3786,7 +3786,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3836,7 +3836,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3887,7 +3887,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3937,7 +3937,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3987,7 +3987,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4031,7 +4031,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4081,7 +4081,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4131,7 +4131,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4182,7 +4182,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4232,7 +4232,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4283,7 +4283,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4333,7 +4333,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4384,7 +4384,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4434,7 +4434,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4485,7 +4485,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4535,7 +4535,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4586,7 +4586,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4637,7 +4637,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4687,7 +4687,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4738,7 +4738,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4789,7 +4789,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4840,7 +4840,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4891,7 +4891,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4935,7 +4935,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4986,7 +4986,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5036,7 +5036,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5086,7 +5086,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5130,7 +5130,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5180,7 +5180,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5231,7 +5231,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5282,7 +5282,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5332,7 +5332,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5382,7 +5382,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5432,7 +5432,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5483,7 +5483,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5534,7 +5534,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5584,7 +5584,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5634,7 +5634,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5684,7 +5684,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5734,7 +5734,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5784,7 +5784,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5834,7 +5834,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5885,7 +5885,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5935,7 +5935,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5985,7 +5985,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6035,7 +6035,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6079,7 +6079,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6123,7 +6123,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6173,7 +6173,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6223,7 +6223,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6274,7 +6274,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6324,7 +6324,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6368,7 +6368,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6418,7 +6418,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6469,7 +6469,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6519,7 +6519,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6569,7 +6569,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6613,7 +6613,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6657,7 +6657,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6701,7 +6701,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6751,7 +6751,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6801,7 +6801,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6851,7 +6851,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6902,7 +6902,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -6952,7 +6952,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7002,7 +7002,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7053,7 +7053,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7103,7 +7103,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7153,7 +7153,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7203,7 +7203,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7253,7 +7253,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7303,7 +7303,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7353,7 +7353,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7403,7 +7403,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7453,7 +7453,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7504,7 +7504,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7554,7 +7554,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7604,7 +7604,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7654,7 +7654,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7704,7 +7704,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7754,7 +7754,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7804,7 +7804,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7854,7 +7854,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7904,7 +7904,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -7954,7 +7954,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8004,7 +8004,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8054,7 +8054,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8104,7 +8104,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8154,7 +8154,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8204,7 +8204,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8254,7 +8254,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8304,7 +8304,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8354,7 +8354,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8404,7 +8404,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8454,7 +8454,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8504,7 +8504,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8554,7 +8554,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8604,7 +8604,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8648,7 +8648,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8698,7 +8698,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8748,7 +8748,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8798,7 +8798,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8848,7 +8848,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8898,7 +8898,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -8949,7 +8949,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9000,7 +9000,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9050,7 +9050,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9101,7 +9101,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9152,7 +9152,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9196,7 +9196,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9246,7 +9246,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9297,7 +9297,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9347,7 +9347,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9398,7 +9398,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9449,7 +9449,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9493,7 +9493,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9543,7 +9543,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9587,7 +9587,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9638,7 +9638,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9689,7 +9689,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9740,7 +9740,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9790,7 +9790,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9841,7 +9841,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9892,7 +9892,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9936,7 +9936,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -9987,7 +9987,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10038,7 +10038,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10089,7 +10089,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10140,7 +10140,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10191,7 +10191,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10241,7 +10241,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10292,7 +10292,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10343,7 +10343,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10394,7 +10394,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10445,7 +10445,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10496,7 +10496,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10547,7 +10547,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10597,7 +10597,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10648,7 +10648,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10699,7 +10699,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10750,7 +10750,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10794,7 +10794,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10845,7 +10845,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10896,7 +10896,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10947,7 +10947,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -10998,7 +10998,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11049,7 +11049,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11100,7 +11100,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11151,7 +11151,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11195,7 +11195,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11246,7 +11246,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11297,7 +11297,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11348,7 +11348,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11399,7 +11399,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11443,7 +11443,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11493,7 +11493,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11544,7 +11544,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11595,7 +11595,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11646,7 +11646,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11690,7 +11690,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11741,7 +11741,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11792,7 +11792,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11843,7 +11843,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11894,7 +11894,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11944,7 +11944,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -11994,7 +11994,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12038,7 +12038,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12089,7 +12089,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12140,7 +12140,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12191,7 +12191,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12242,7 +12242,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12293,7 +12293,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12343,7 +12343,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12394,7 +12394,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12445,7 +12445,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12495,7 +12495,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12545,7 +12545,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12596,7 +12596,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12647,7 +12647,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12691,7 +12691,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12735,7 +12735,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12786,7 +12786,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12837,7 +12837,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12887,7 +12887,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12938,7 +12938,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -12989,7 +12989,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13040,7 +13040,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13091,7 +13091,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13142,7 +13142,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13193,7 +13193,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13244,7 +13244,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13288,7 +13288,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13339,7 +13339,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13389,7 +13389,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13440,7 +13440,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13491,7 +13491,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13541,7 +13541,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13592,7 +13592,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13642,7 +13642,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13693,7 +13693,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13744,7 +13744,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13794,7 +13794,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13845,7 +13845,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13896,7 +13896,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13946,7 +13946,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -13997,7 +13997,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14048,7 +14048,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14098,7 +14098,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14148,7 +14148,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14198,7 +14198,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14249,7 +14249,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14299,7 +14299,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14349,7 +14349,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14399,7 +14399,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14450,7 +14450,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14501,7 +14501,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14551,7 +14551,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14602,7 +14602,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14646,7 +14646,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14696,7 +14696,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14747,7 +14747,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14791,7 +14791,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14835,7 +14835,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14879,7 +14879,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14929,7 +14929,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -14980,7 +14980,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15030,7 +15030,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15081,7 +15081,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15125,7 +15125,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15176,7 +15176,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15227,7 +15227,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15278,7 +15278,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15329,7 +15329,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15380,7 +15380,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15431,7 +15431,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15482,7 +15482,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15533,7 +15533,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15584,7 +15584,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15628,7 +15628,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15679,7 +15679,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15730,7 +15730,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15781,7 +15781,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15832,7 +15832,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15883,7 +15883,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15933,7 +15933,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -15984,7 +15984,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16035,7 +16035,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16086,7 +16086,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16130,7 +16130,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16181,7 +16181,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16232,7 +16232,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16283,7 +16283,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16327,7 +16327,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16371,7 +16371,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16422,7 +16422,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16473,7 +16473,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16524,7 +16524,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16575,7 +16575,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16626,7 +16626,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16677,7 +16677,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16728,7 +16728,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16779,7 +16779,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16823,7 +16823,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16874,7 +16874,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16925,7 +16925,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -16976,7 +16976,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17026,7 +17026,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17076,7 +17076,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17120,7 +17120,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17171,7 +17171,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17215,7 +17215,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17266,7 +17266,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17316,7 +17316,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17366,7 +17366,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17417,7 +17417,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17467,7 +17467,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17518,7 +17518,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17569,7 +17569,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17619,7 +17619,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17670,7 +17670,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17720,7 +17720,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17771,7 +17771,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17821,7 +17821,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17871,7 +17871,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17921,7 +17921,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -17965,7 +17965,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18015,7 +18015,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18065,7 +18065,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18115,7 +18115,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18166,7 +18166,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18217,7 +18217,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18268,7 +18268,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18319,7 +18319,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18370,7 +18370,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18414,7 +18414,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18458,7 +18458,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18508,7 +18508,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18558,7 +18558,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18608,7 +18608,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18652,7 +18652,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18702,7 +18702,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18746,7 +18746,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18796,7 +18796,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18847,7 +18847,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18897,7 +18897,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18941,7 +18941,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -18985,7 +18985,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19036,7 +19036,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19087,7 +19087,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19137,7 +19137,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19187,7 +19187,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19237,7 +19237,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19281,7 +19281,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19331,7 +19331,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19381,7 +19381,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19431,7 +19431,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19482,7 +19482,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19533,7 +19533,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19583,7 +19583,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19634,7 +19634,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19685,7 +19685,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19736,7 +19736,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19780,7 +19780,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19831,7 +19831,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19882,7 +19882,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19932,7 +19932,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -19982,7 +19982,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20026,7 +20026,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20076,7 +20076,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20127,7 +20127,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20178,7 +20178,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20228,7 +20228,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20272,7 +20272,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20322,7 +20322,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20373,7 +20373,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20423,7 +20423,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20474,7 +20474,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20525,7 +20525,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20576,7 +20576,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20620,7 +20620,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20670,7 +20670,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20721,7 +20721,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20771,7 +20771,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20822,7 +20822,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20873,7 +20873,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20923,7 +20923,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -20973,7 +20973,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21023,7 +21023,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21074,7 +21074,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21124,7 +21124,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21175,7 +21175,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21226,7 +21226,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21277,7 +21277,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21328,7 +21328,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21379,7 +21379,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21423,7 +21423,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21474,7 +21474,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21525,7 +21525,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21576,7 +21576,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21627,7 +21627,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21677,7 +21677,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21727,7 +21727,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21778,7 +21778,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21822,7 +21822,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21873,7 +21873,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21923,7 +21923,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -21974,7 +21974,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22025,7 +22025,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22075,7 +22075,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22119,7 +22119,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22170,7 +22170,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22221,7 +22221,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22265,7 +22265,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22309,7 +22309,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22359,7 +22359,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22409,7 +22409,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22460,7 +22460,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22510,7 +22510,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22560,7 +22560,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22604,7 +22604,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22648,7 +22648,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22698,7 +22698,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22748,7 +22748,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22798,7 +22798,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22848,7 +22848,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22898,7 +22898,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22942,7 +22942,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -22993,7 +22993,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23044,7 +23044,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23095,7 +23095,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23139,7 +23139,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23190,7 +23190,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23241,7 +23241,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23292,7 +23292,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23343,7 +23343,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23394,7 +23394,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23445,7 +23445,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23495,7 +23495,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23545,7 +23545,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23596,7 +23596,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23647,7 +23647,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23698,7 +23698,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23749,7 +23749,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23800,7 +23800,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23850,7 +23850,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23901,7 +23901,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23952,7 +23952,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24003,7 +24003,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24053,7 +24053,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24103,7 +24103,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24154,7 +24154,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24198,7 +24198,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24249,7 +24249,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24300,7 +24300,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24351,7 +24351,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24402,7 +24402,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24453,7 +24453,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24504,7 +24504,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24555,7 +24555,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24605,7 +24605,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24656,7 +24656,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24707,7 +24707,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24758,7 +24758,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24809,7 +24809,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24853,7 +24853,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24904,7 +24904,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -24955,7 +24955,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25005,7 +25005,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25056,7 +25056,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25107,7 +25107,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25158,7 +25158,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25209,7 +25209,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25260,7 +25260,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25311,7 +25311,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25355,7 +25355,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25406,7 +25406,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25457,7 +25457,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25508,7 +25508,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25559,7 +25559,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25610,7 +25610,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25654,7 +25654,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25705,7 +25705,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25756,7 +25756,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25800,7 +25800,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25851,7 +25851,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25902,7 +25902,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -25953,7 +25953,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26004,7 +26004,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26055,7 +26055,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26099,7 +26099,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26150,7 +26150,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26201,7 +26201,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26252,7 +26252,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26303,7 +26303,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26354,7 +26354,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26405,7 +26405,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26456,7 +26456,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26507,7 +26507,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26558,7 +26558,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26609,7 +26609,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26660,7 +26660,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26711,7 +26711,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26762,7 +26762,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26813,7 +26813,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26864,7 +26864,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26914,7 +26914,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -26965,7 +26965,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27009,7 +27009,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27053,7 +27053,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27104,7 +27104,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27155,7 +27155,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27206,7 +27206,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27257,7 +27257,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27308,7 +27308,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27359,7 +27359,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27410,7 +27410,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27461,7 +27461,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27512,7 +27512,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27563,7 +27563,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27614,7 +27614,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27664,7 +27664,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27715,7 +27715,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27766,7 +27766,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27817,7 +27817,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27868,7 +27868,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27919,7 +27919,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -27970,7 +27970,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28021,7 +28021,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28071,7 +28071,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28122,7 +28122,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28173,7 +28173,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28224,7 +28224,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28275,7 +28275,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28326,7 +28326,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28377,7 +28377,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28427,7 +28427,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28478,7 +28478,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28529,7 +28529,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28580,7 +28580,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28631,7 +28631,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28682,7 +28682,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28733,7 +28733,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28784,7 +28784,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28835,7 +28835,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28879,7 +28879,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28930,7 +28930,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -28981,7 +28981,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29032,7 +29032,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29076,7 +29076,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29127,7 +29127,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29171,7 +29171,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29222,7 +29222,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29273,7 +29273,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29324,7 +29324,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29375,7 +29375,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29426,7 +29426,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29477,7 +29477,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29528,7 +29528,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29578,7 +29578,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29629,7 +29629,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29680,7 +29680,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29731,7 +29731,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29781,7 +29781,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29825,7 +29825,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29869,7 +29869,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29913,7 +29913,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -29964,7 +29964,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30015,7 +30015,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30065,7 +30065,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30116,7 +30116,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30160,7 +30160,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30211,7 +30211,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30255,7 +30255,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30306,7 +30306,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30357,7 +30357,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30401,7 +30401,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30452,7 +30452,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30496,7 +30496,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30546,7 +30546,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30597,7 +30597,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30648,7 +30648,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30692,7 +30692,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30743,7 +30743,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30794,7 +30794,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30845,7 +30845,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30896,7 +30896,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30947,7 +30947,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -30998,7 +30998,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31049,7 +31049,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31099,7 +31099,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31150,7 +31150,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31200,7 +31200,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31251,7 +31251,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31302,7 +31302,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31353,7 +31353,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31404,7 +31404,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31454,7 +31454,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31505,7 +31505,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31549,7 +31549,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31600,7 +31600,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31651,7 +31651,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31701,7 +31701,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31752,7 +31752,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31803,7 +31803,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31853,7 +31853,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -31904,7 +31904,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml index fb63658f31a..389c25d9cdb 100644 --- a/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_anomali/data_stream/limo/sample_event.json b/packages/ti_anomali/data_stream/limo/sample_event.json index 2043f8e5c83..f1c6e043266 100644 --- a/packages/ti_anomali/data_stream/limo/sample_event.json +++ b/packages/ti_anomali/data_stream/limo/sample_event.json @@ -23,7 +23,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", diff --git a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json index e611706406c..5b611f712cf 100644 --- a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json +++ b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -147,7 +147,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -209,7 +209,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -263,7 +263,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -326,7 +326,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -389,7 +389,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -448,7 +448,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -501,7 +501,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -563,7 +563,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -624,7 +624,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -679,7 +679,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -734,7 +734,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -794,7 +794,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -850,7 +850,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -903,7 +903,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -958,7 +958,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1014,7 +1014,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1069,7 +1069,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1124,7 +1124,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1178,7 +1178,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1232,7 +1232,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1289,7 +1289,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1343,7 +1343,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1404,7 +1404,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1460,7 +1460,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1515,7 +1515,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1569,7 +1569,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1621,7 +1621,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1682,7 +1682,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1744,7 +1744,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1799,7 +1799,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1855,7 +1855,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1963,7 +1963,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2018,7 +2018,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2073,7 +2073,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2126,7 +2126,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2180,7 +2180,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2240,7 +2240,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2293,7 +2293,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2348,7 +2348,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2403,7 +2403,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2465,7 +2465,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2520,7 +2520,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2580,7 +2580,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2641,7 +2641,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2695,7 +2695,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2749,7 +2749,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2804,7 +2804,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2859,7 +2859,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2919,7 +2919,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2973,7 +2973,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3026,7 +3026,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3078,7 +3078,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3139,7 +3139,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3192,7 +3192,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3246,7 +3246,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3301,7 +3301,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3355,7 +3355,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3410,7 +3410,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3470,7 +3470,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3525,7 +3525,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3579,7 +3579,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3634,7 +3634,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3689,7 +3689,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3744,7 +3744,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3798,7 +3798,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3851,7 +3851,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3912,7 +3912,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -3965,7 +3965,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4018,7 +4018,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4072,7 +4072,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4132,7 +4132,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4186,7 +4186,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4239,7 +4239,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4294,7 +4294,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4354,7 +4354,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4410,7 +4410,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4464,7 +4464,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4531,7 +4531,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4592,7 +4592,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4644,7 +4644,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4702,7 +4702,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4763,7 +4763,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4825,7 +4825,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4892,7 +4892,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -4953,7 +4953,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5010,7 +5010,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5069,7 +5069,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5130,7 +5130,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5190,7 +5190,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5250,7 +5250,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5309,7 +5309,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5369,7 +5369,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5418,7 +5418,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5465,7 +5465,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5514,7 +5514,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5562,7 +5562,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -5611,7 +5611,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml index 3a656473320..a55390d7876 100644 --- a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: # - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - fingerprint: fields: - event.dataset diff --git a/packages/ti_anomali/data_stream/threatstream/sample_event.json b/packages/ti_anomali/data_stream/threatstream/sample_event.json index 98ed754e7f1..4103ee4ef76 100644 --- a/packages/ti_anomali/data_stream/threatstream/sample_event.json +++ b/packages/ti_anomali/data_stream/threatstream/sample_event.json @@ -35,7 +35,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", diff --git a/packages/ti_anomali/docs/README.md b/packages/ti_anomali/docs/README.md index ebd87ebba41..af422e1c6f9 100644 --- a/packages/ti_anomali/docs/README.md +++ b/packages/ti_anomali/docs/README.md @@ -43,7 +43,7 @@ An example event for `limo` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", @@ -213,7 +213,7 @@ An example event for `threatstream` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 19b7a6e02b3..71673d726e5 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: 1.3.3 +version: "1.4.0" release: ga description: Ingest threat intelligence indicators from Anomali with Elastic Agent. type: integration diff --git a/packages/ti_cybersixgill/_dev/build/build.yml b/packages/ti_cybersixgill/_dev/build/build.yml index 47cbed9fed8..5661d603a89 100644 --- a/packages/ti_cybersixgill/_dev/build/build.yml +++ b/packages/ti_cybersixgill/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: git@v8.3.0 diff --git a/packages/ti_cybersixgill/changelog.yml b/packages/ti_cybersixgill/changelog.yml index 9b54a27f92a..5254ad44740 100644 --- a/packages/ti_cybersixgill/changelog.yml +++ b/packages/ti_cybersixgill/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.4.1" changes: - description: Update package descriptions diff --git a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json index d51c37577cc..4026a599deb 100644 --- a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json +++ b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -63,7 +63,7 @@ "virustotal": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -111,7 +111,7 @@ "virustotal": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -157,7 +157,7 @@ "virustotal": {} }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 1c7bf729b48..b5050c3cf3d 100644 --- a/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Initial pipeline for parsing Cybersixgill webhooks processors: - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_cybersixgill/data_stream/threat/sample_event.json b/packages/ti_cybersixgill/data_stream/threat/sample_event.json index d20d8876f38..0c73c1eda55 100644 --- a/packages/ti_cybersixgill/data_stream/threat/sample_event.json +++ b/packages/ti_cybersixgill/data_stream/threat/sample_event.json @@ -25,7 +25,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "3f82d126-26ae-4993-a89b-63c5413149e0", diff --git a/packages/ti_cybersixgill/docs/README.md b/packages/ti_cybersixgill/docs/README.md index 3894f0b48ab..e34937287b7 100644 --- a/packages/ti_cybersixgill/docs/README.md +++ b/packages/ti_cybersixgill/docs/README.md @@ -126,7 +126,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "3f82d126-26ae-4993-a89b-63c5413149e0", diff --git a/packages/ti_cybersixgill/manifest.yml b/packages/ti_cybersixgill/manifest.yml index fc4fe16140c..735c955de38 100644 --- a/packages/ti_cybersixgill/manifest.yml +++ b/packages/ti_cybersixgill/manifest.yml @@ -1,6 +1,6 @@ name: ti_cybersixgill title: Cybersixgill -version: 1.4.1 +version: "1.5.0" release: ga description: Ingest threat intelligence indicators from Cybersixgill with Elastic Agent. type: integration diff --git a/packages/ti_misp/_dev/build/build.yml b/packages/ti_misp/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/ti_misp/_dev/build/build.yml +++ b/packages/ti_misp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/ti_misp/changelog.yml b/packages/ti_misp/changelog.yml index 5af3b27dcfc..58acb1f49bb 100644 --- a/packages/ti_misp/changelog.yml +++ b/packages/ti_misp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.4.1" changes: - description: update readme to include link to MISP documentation diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json index c488b957732..65bbbe9e557 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-05-21T09:09:22.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -78,7 +78,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -153,7 +153,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -226,7 +226,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -297,7 +297,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -368,7 +368,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -458,7 +458,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -548,7 +548,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -642,7 +642,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -736,7 +736,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -828,7 +828,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -900,7 +900,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -976,7 +976,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1050,7 +1050,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1122,7 +1122,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1194,7 +1194,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1266,7 +1266,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1342,7 +1342,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1416,7 +1416,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1506,7 +1506,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1596,7 +1596,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1686,7 +1686,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1776,7 +1776,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1866,7 +1866,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1960,7 +1960,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2054,7 +2054,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json index 34b6b4f9039..1049a03dab7 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-08-28T14:24:36.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -81,7 +81,7 @@ { "@timestamp": "2017-08-28T14:24:36.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -158,7 +158,7 @@ { "@timestamp": "2017-04-28T18:23:44.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -235,7 +235,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -310,7 +310,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -381,7 +381,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -454,7 +454,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -525,7 +525,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -600,7 +600,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -673,7 +673,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -752,7 +752,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -823,7 +823,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -900,7 +900,7 @@ { "@timestamp": "2018-01-23T16:09:56.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -972,7 +972,7 @@ { "@timestamp": "2018-01-23T16:09:56.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1044,7 +1044,7 @@ { "@timestamp": "2020-12-13T14:03:16.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index ce9f44b3b44..fc6ea653a07 100644 --- a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_misp/data_stream/threat/sample_event.json b/packages/ti_misp/data_stream/threat/sample_event.json index 2f0271242ca..a13d7182dde 100644 --- a/packages/ti_misp/data_stream/threat/sample_event.json +++ b/packages/ti_misp/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f33cbb31-3e5c-4242-8b35-d4631555523c", diff --git a/packages/ti_misp/docs/README.md b/packages/ti_misp/docs/README.md index e0d38ac70f7..ca60df6b7c1 100644 --- a/packages/ti_misp/docs/README.md +++ b/packages/ti_misp/docs/README.md @@ -174,7 +174,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f33cbb31-3e5c-4242-8b35-d4631555523c", diff --git a/packages/ti_misp/manifest.yml b/packages/ti_misp/manifest.yml index e1d4f3c01c4..23c9ea4ad81 100644 --- a/packages/ti_misp/manifest.yml +++ b/packages/ti_misp/manifest.yml @@ -1,6 +1,6 @@ name: ti_misp title: MISP -version: 1.4.1 +version: "1.5.0" release: ga description: Ingest threat intelligence indicators from MISP platform with Elastic Agent. type: integration diff --git a/packages/ti_otx/_dev/build/build.yml b/packages/ti_otx/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/ti_otx/_dev/build/build.yml +++ b/packages/ti_otx/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/ti_otx/changelog.yml b/packages/ti_otx/changelog.yml index a7b3ce16105..b1a045667a2 100644 --- a/packages/ti_otx/changelog.yml +++ b/packages/ti_otx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.2" changes: - description: Update readme file to add documentation link diff --git a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json index 0403e888429..ec00d2226c5 100644 --- a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json +++ b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -23,7 +23,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -51,7 +51,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -95,7 +95,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -120,7 +120,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -147,7 +147,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -172,7 +172,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -199,7 +199,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -220,7 +220,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -270,7 +270,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -297,7 +297,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -322,7 +322,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -347,7 +347,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -372,7 +372,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -397,7 +397,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -450,7 +450,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -478,7 +478,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -534,7 +534,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -561,7 +561,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -586,7 +586,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -611,7 +611,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -638,7 +638,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -663,7 +663,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -691,7 +691,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -719,7 +719,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -744,7 +744,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -772,7 +772,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -800,7 +800,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -846,7 +846,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -871,7 +871,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -898,7 +898,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -925,7 +925,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -950,7 +950,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -977,7 +977,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1004,7 +1004,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1029,7 +1029,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1057,7 +1057,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1085,7 +1085,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1113,7 +1113,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1141,7 +1141,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1164,7 +1164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1185,7 +1185,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1206,7 +1206,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1233,7 +1233,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1260,7 +1260,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1287,7 +1287,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1314,7 +1314,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1341,7 +1341,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1368,7 +1368,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1395,7 +1395,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1416,7 +1416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1437,7 +1437,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1458,7 +1458,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1479,7 +1479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1500,7 +1500,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1525,7 +1525,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1546,7 +1546,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1567,7 +1567,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1588,7 +1588,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1611,7 +1611,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1634,7 +1634,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1657,7 +1657,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1680,7 +1680,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1703,7 +1703,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1726,7 +1726,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1749,7 +1749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1772,7 +1772,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1795,7 +1795,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1822,7 +1822,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1849,7 +1849,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1876,7 +1876,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1903,7 +1903,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1926,7 +1926,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1947,7 +1947,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1968,7 +1968,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -1996,7 +1996,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2023,7 +2023,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -2050,7 +2050,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 8ce807b2392..57659917a14 100644 --- a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_otx/data_stream/threat/sample_event.json b/packages/ti_otx/data_stream/threat/sample_event.json index 131bc083edd..e05bdae9230 100644 --- a/packages/ti_otx/data_stream/threat/sample_event.json +++ b/packages/ti_otx/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "93ca38c5-fdea-4af2-acab-27edbc2b3434", diff --git a/packages/ti_otx/docs/README.md b/packages/ti_otx/docs/README.md index 1b6e88b3ab1..b1ecfcaf305 100644 --- a/packages/ti_otx/docs/README.md +++ b/packages/ti_otx/docs/README.md @@ -115,7 +115,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "93ca38c5-fdea-4af2-acab-27edbc2b3434", diff --git a/packages/ti_otx/manifest.yml b/packages/ti_otx/manifest.yml index 112cdbecbe7..026a05f4b90 100644 --- a/packages/ti_otx/manifest.yml +++ b/packages/ti_otx/manifest.yml @@ -1,6 +1,6 @@ name: ti_otx title: AlienVault OTX -version: 1.3.2 +version: "1.4.0" release: ga description: Ingest threat intelligence indicators from AlienVault Open Threat Exchange (OTX) with Elastic Agent. type: integration diff --git a/packages/ti_recordedfuture/_dev/build/build.yml b/packages/ti_recordedfuture/_dev/build/build.yml index 47cbed9fed8..5661d603a89 100644 --- a/packages/ti_recordedfuture/_dev/build/build.yml +++ b/packages/ti_recordedfuture/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: git@v8.3.0 diff --git a/packages/ti_recordedfuture/changelog.yml b/packages/ti_recordedfuture/changelog.yml index ab79eef5cb0..cfbafbe7ef3 100644 --- a/packages/ti_recordedfuture/changelog.yml +++ b/packages/ti_recordedfuture/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.1" changes: - description: update readme added link to recorded future API documentation diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json index a24d9b7643f..987428416ab 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json @@ -3,20 +3,20 @@ null, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"xohrikvjhiu.eu\",\"96\",\"5/45\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"21 sightings on 4 sources: Proofpoint, PasteBin, The Daily Advance, @DGAFeedAlerts. Most recent tweet: New ramnit Dom: xohrikvjhiu[.]eu IP: 13[.]90[.]196[.]81 NS: https://t.co/nTqEOuAW2E https://t.co/QdrtFSplyz. Most recent link (Nov 16, 2019): https://twitter.com/DGAFeedAlerts/statuses/1195824847915491329\"\", \"\"Sources\"\": [\"\"QQA438\"\", \"\"Jv_xrR\"\", \"\"SlNfa3\"\", \"\"KvPSaU\"\"], \"\"Timestamp\"\": \"\"2019-11-16T22:03:55.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"18 sightings on 2 sources: Proofpoint, The Daily Advance. Most recent link (Nov 12, 2018): https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy#.W-nmxyGcuiY.twitter\"\", \"\"Sources\"\": [\"\"QQA438\"\", \"\"KvPSaU\"\"], \"\"Timestamp\"\": \"\"2018-11-12T20:48:08.675Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Referenced by Insikt Group\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Insikt Group. 1 report: Proofpoint Researchers Observe sLoad and Ramnit in Campaigns Against The U.K. and Italy. Most recent link (Oct 23, 2018): https://app.recordedfuture.com/live/sc/4KSWum2M6Lx7\"\", \"\"Sources\"\": [\"\"VKz42X\"\"], \"\"Timestamp\"\": \"\"2018-10-23T00:00:00.000Z\"\", \"\"Name\"\": \"\"relatedNote\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Operation\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Mar 23, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-03-23T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\"\", \"\"Sources\"\": [\"\"report:QhR8Qs\"\"], \"\"Timestamp\"\": \"\"2021-12-29T07:12:02.455Z\"\", \"\"Name\"\": \"\"recentCncSite\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 96, + "risk_score": 96.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "21 sightings on 4 sources: Proofpoint, PasteBin, The Daily Advance, @DGAFeedAlerts. Most recent tweet: New ramnit Dom: xohrikvjhiu[.]eu IP: 13[.]90[.]196[.]81 NS: https://t.co/nTqEOuAW2E https://t.co/QdrtFSplyz. Most recent link (Nov 16, 2019): https://twitter.com/DGAFeedAlerts/statuses/1195824847915491329", "MitigationString": "", @@ -31,7 +31,7 @@ "Timestamp": "2019-11-16T22:03:55.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "18 sightings on 2 sources: Proofpoint, The Daily Advance. Most recent link (Nov 12, 2018): https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy#.W-nmxyGcuiY.twitter", "MitigationString": "", @@ -44,7 +44,7 @@ "Timestamp": "2018-11-12T20:48:08.675Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: Proofpoint Researchers Observe sLoad and Ramnit in Campaigns Against The U.K. and Italy. Most recent link (Oct 23, 2018): https://app.recordedfuture.com/live/sc/4KSWum2M6Lx7", "MitigationString": "", @@ -56,7 +56,7 @@ "Timestamp": "2018-10-23T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Mar 23, 2021.", "MitigationString": "", @@ -68,7 +68,7 @@ "Timestamp": "2021-03-23T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -99,20 +99,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"wgwuhauaqcrx.com\",\"95\",\"6/45\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported by DHS AIS\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-216d34d4-67bd-4add-ae6e-4ddec27dcb0e (Jul 25, 2019).\"\", \"\"Sources\"\": [\"\"UZNze8\"\"], \"\"Timestamp\"\": \"\"2019-07-25T00:46:19.000Z\"\", \"\"Name\"\": \"\"dhsAis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: MALWARE BREAKDOWN. Most recent link (May 17, 2017): https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/\"\", \"\"Sources\"\": [\"\"ST7rfx\"\"], \"\"Timestamp\"\": \"\"2017-05-17T19:31:06.000Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported in Threat List\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Jul 19, 2021, and Jul 21, 2021.\"\", \"\"Sources\"\": [\"\"report:Tluf00\"\"], \"\"Timestamp\"\": \"\"2021-12-29T07:21:52.311Z\"\", \"\"Name\"\": \"\"historicalThreatListMembership\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Operation\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jul 9, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-07-09T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Malware Analysis DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: Malwr.com. Most recent link (Jul 6, 2017): https://malwr.com/analysis/ZmMxNWJlYWU1NTI4NDA1Nzg3YTc5MWViNTA0YTNhYmQ/\"\", \"\"Sources\"\": [\"\"NKaUXl\"\"], \"\"Timestamp\"\": \"\"2017-07-06T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareAnalysis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\"\", \"\"Sources\"\": [\"\"report:QhR8Qs\"\"], \"\"Timestamp\"\": \"\"2021-12-29T07:21:52.303Z\"\", \"\"Name\"\": \"\"recentCncSite\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 95, + "risk_score": 95.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-216d34d4-67bd-4add-ae6e-4ddec27dcb0e (Jul 25, 2019).", "MitigationString": "", @@ -124,7 +124,7 @@ "Timestamp": "2019-07-25T00:46:19.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: MALWARE BREAKDOWN. Most recent link (May 17, 2017): https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/", "MitigationString": "", @@ -136,7 +136,7 @@ "Timestamp": "2017-05-17T19:31:06.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Jul 19, 2021, and Jul 21, 2021.", "MitigationString": "", @@ -148,7 +148,7 @@ "Timestamp": "2021-12-29T07:21:52.311Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jul 9, 2021.", "MitigationString": "", @@ -160,7 +160,7 @@ "Timestamp": "2021-07-09T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Malwr.com. Most recent link (Jul 6, 2017): https://malwr.com/analysis/ZmMxNWJlYWU1NTI4NDA1Nzg3YTc5MWViNTA0YTNhYmQ/", "MitigationString": "", @@ -172,7 +172,7 @@ "Timestamp": "2017-07-06T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -203,20 +203,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"wbmpvebw.com\",\"95\",\"6/45\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: wbmpvebw[.]com IP: 209[.]99[.]40[.]220 NS: https://t.co/bH4I7LoMNf https://t.co/KTCPYU87bT. Most recent link (Jan 4, 2020): https://twitter.com/DGAFeedAlerts/statuses/1213551578264821760\"\", \"\"Sources\"\": [\"\"SlNfa3\"\"], \"\"Timestamp\"\": \"\"2020-01-04T20:03:37.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\"\", \"\"Sources\"\": [\"\"KVQ2PB\"\"], \"\"Timestamp\"\": \"\"2017-03-08T01:18:17.569Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported in Threat List\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Feb 18, 2021, and Feb 24, 2021.\"\", \"\"Sources\"\": [\"\"report:Tluf00\"\"], \"\"Timestamp\"\": \"\"2021-12-29T07:16:05.008Z\"\", \"\"Name\"\": \"\"historicalThreatListMembership\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Operation\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 30, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-06-30T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Malware Analysis DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/NzhlZjJmMDA1MTMyNGM5NDg3YTQwMzI5YzAzMzY1NTg/\"\", \"\"Sources\"\": [\"\"NKaUXl\"\"], \"\"Timestamp\"\": \"\"2017-05-08T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareAnalysis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\"\", \"\"Sources\"\": [\"\"report:QhR8Qs\"\"], \"\"Timestamp\"\": \"\"2021-12-29T07:16:05.007Z\"\", \"\"Name\"\": \"\"recentCncSite\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 95, + "risk_score": 95.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: wbmpvebw[.]com IP: 209[.]99[.]40[.]220 NS: https://t.co/bH4I7LoMNf https://t.co/KTCPYU87bT. Most recent link (Jan 4, 2020): https://twitter.com/DGAFeedAlerts/statuses/1213551578264821760", "MitigationString": "", @@ -228,7 +228,7 @@ "Timestamp": "2020-01-04T20:03:37.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -240,7 +240,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Feb 18, 2021, and Feb 24, 2021.", "MitigationString": "", @@ -252,7 +252,7 @@ "Timestamp": "2021-12-29T07:16:05.008Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 30, 2021.", "MitigationString": "", @@ -264,7 +264,7 @@ "Timestamp": "2021-06-30T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/NzhlZjJmMDA1MTMyNGM5NDg3YTQwMzI5YzAzMzY1NTg/", "MitigationString": "", @@ -276,7 +276,7 @@ "Timestamp": "2017-05-08T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -307,20 +307,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"ckgryagcibbcf.com\",\"94\",\"5/45\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: ckgryagcibbcf[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/nKWfZguQSF https://t.co/czXUwYeuxf. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333576053207040\"\", \"\"Sources\"\": [\"\"SlNfa3\"\"], \"\"Timestamp\"\": \"\"2021-02-01T20:08:18.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\"\", \"\"Sources\"\": [\"\"KVQ2PB\"\"], \"\"Timestamp\"\": \"\"2017-03-08T01:18:17.569Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Operation\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 15, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-06-15T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Malware Analysis DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Malwr.com. Most recent link (Apr 11, 2016): https://malwr.com/analysis/YjVjNzlmNjdhMDMyNDY2MjkzY2FkMjQzOWJiNmUyOWI/\"\", \"\"Sources\"\": [\"\"NKaUXl\"\"], \"\"Timestamp\"\": \"\"2016-04-11T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareAnalysis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\"\", \"\"Sources\"\": [\"\"report:QhR8Qs\"\"], \"\"Timestamp\"\": \"\"2021-12-29T06:40:44.358Z\"\", \"\"Name\"\": \"\"recentCncSite\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: ckgryagcibbcf[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/nKWfZguQSF https://t.co/czXUwYeuxf. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333576053207040", "MitigationString": "", @@ -332,7 +332,7 @@ "Timestamp": "2021-02-01T20:08:18.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -344,7 +344,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 15, 2021.", "MitigationString": "", @@ -356,7 +356,7 @@ "Timestamp": "2021-06-15T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Malwr.com. Most recent link (Apr 11, 2016): https://malwr.com/analysis/YjVjNzlmNjdhMDMyNDY2MjkzY2FkMjQzOWJiNmUyOWI/", "MitigationString": "", @@ -368,7 +368,7 @@ "Timestamp": "2016-04-11T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -399,20 +399,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"jpuityvakjgg.com\",\"94\",\"5/45\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: jpuityvakjgg[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/nKWfZguQSF https://t.co/czXUwYeuxf. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333600627683330\"\", \"\"Sources\"\": [\"\"SlNfa3\"\"], \"\"Timestamp\"\": \"\"2021-02-01T20:08:24.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\"\", \"\"Sources\"\": [\"\"KVQ2PB\"\"], \"\"Timestamp\"\": \"\"2017-03-08T01:18:17.569Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Operation\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 17, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-06-17T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Malware Analysis DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/NzhlZjJmMDA1MTMyNGM5NDg3YTQwMzI5YzAzMzY1NTg/\"\", \"\"Sources\"\": [\"\"NKaUXl\"\"], \"\"Timestamp\"\": \"\"2017-05-08T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareAnalysis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\"\", \"\"Sources\"\": [\"\"report:QhR8Qs\"\"], \"\"Timestamp\"\": \"\"2021-12-29T06:46:28.155Z\"\", \"\"Name\"\": \"\"recentCncSite\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: jpuityvakjgg[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/nKWfZguQSF https://t.co/czXUwYeuxf. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333600627683330", "MitigationString": "", @@ -424,7 +424,7 @@ "Timestamp": "2021-02-01T20:08:24.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -436,7 +436,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 17, 2021.", "MitigationString": "", @@ -448,7 +448,7 @@ "Timestamp": "2021-06-17T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/NzhlZjJmMDA1MTMyNGM5NDg3YTQwMzI5YzAzMzY1NTg/", "MitigationString": "", @@ -460,7 +460,7 @@ "Timestamp": "2017-05-08T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -491,20 +491,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"jexgpprgph.com\",\"94\",\"5/45\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: jexgpprgph[.]com IP: 209[.]99[.]40[.]222 NS: https://t.co/IGcQwMvzjy https://t.co/J2gdsVMl8U. Most recent link (Dec 13, 2018): https://twitter.com/DGAFeedAlerts/statuses/1073277207919947778\"\", \"\"Sources\"\": [\"\"SlNfa3\"\"], \"\"Timestamp\"\": \"\"2018-12-13T18:03:21.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\"\", \"\"Sources\"\": [\"\"KVQ2PB\"\"], \"\"Timestamp\"\": \"\"2017-03-08T01:18:17.569Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Operation\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 30, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-06-30T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Malware Analysis DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/MDcwMzAxMzhkZGIwNGI5Y2I0ZGMyMDY1NzhlZmUzNGI/\"\", \"\"Sources\"\": [\"\"NKaUXl\"\"], \"\"Timestamp\"\": \"\"2017-05-08T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareAnalysis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\"\", \"\"Sources\"\": [\"\"report:QhR8Qs\"\"], \"\"Timestamp\"\": \"\"2021-12-29T06:40:30.778Z\"\", \"\"Name\"\": \"\"recentCncSite\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: jexgpprgph[.]com IP: 209[.]99[.]40[.]222 NS: https://t.co/IGcQwMvzjy https://t.co/J2gdsVMl8U. Most recent link (Dec 13, 2018): https://twitter.com/DGAFeedAlerts/statuses/1073277207919947778", "MitigationString": "", @@ -516,7 +516,7 @@ "Timestamp": "2018-12-13T18:03:21.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -528,7 +528,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 30, 2021.", "MitigationString": "", @@ -540,7 +540,7 @@ "Timestamp": "2021-06-30T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/MDcwMzAxMzhkZGIwNGI5Y2I0ZGMyMDY1NzhlZmUzNGI/", "MitigationString": "", @@ -552,7 +552,7 @@ "Timestamp": "2017-05-08T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -583,20 +583,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"cascotqhij.com\",\"94\",\"5/45\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: cascotqhij[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/czXUwYeuxf https://t.co/nKWfZguQSF. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333566758682629\"\", \"\"Sources\"\": [\"\"SlNfa3\"\"], \"\"Timestamp\"\": \"\"2021-02-01T20:08:16.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\"\", \"\"Sources\"\": [\"\"KVQ2PB\"\"], \"\"Timestamp\"\": \"\"2017-03-08T01:18:17.569Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Operation\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jul 27, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-07-27T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Malware Analysis DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Malwr.com. Most recent link (Apr 11, 2016): https://malwr.com/analysis/YjVjNzlmNjdhMDMyNDY2MjkzY2FkMjQzOWJiNmUyOWI/\"\", \"\"Sources\"\": [\"\"NKaUXl\"\"], \"\"Timestamp\"\": \"\"2016-04-11T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareAnalysis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\"\", \"\"Sources\"\": [\"\"report:QhR8Qs\"\"], \"\"Timestamp\"\": \"\"2021-12-29T06:34:06.062Z\"\", \"\"Name\"\": \"\"recentCncSite\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: cascotqhij[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/czXUwYeuxf https://t.co/nKWfZguQSF. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333566758682629", "MitigationString": "", @@ -608,7 +608,7 @@ "Timestamp": "2021-02-01T20:08:16.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -620,7 +620,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jul 27, 2021.", "MitigationString": "", @@ -632,7 +632,7 @@ "Timestamp": "2021-07-27T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Malwr.com. Most recent link (Apr 11, 2016): https://malwr.com/analysis/YjVjNzlmNjdhMDMyNDY2MjkzY2FkMjQzOWJiNmUyOWI/", "MitigationString": "", @@ -644,7 +644,7 @@ "Timestamp": "2016-04-11T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -675,20 +675,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"npcvnorvyhelagx.com\",\"94\",\"5/45\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported by DHS AIS\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-e26bfe3a-8f67-4f57-9449-3f183fe94c07 (Jul 25, 2019).\"\", \"\"Sources\"\": [\"\"UZNze8\"\"], \"\"Timestamp\"\": \"\"2019-07-25T01:51:04.000Z\"\", \"\"Name\"\": \"\"dhsAis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: MALWARE BREAKDOWN. Most recent link (May 17, 2017): https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/\"\", \"\"Sources\"\": [\"\"ST7rfx\"\"], \"\"Timestamp\"\": \"\"2017-05-17T19:31:06.000Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Operation\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Apr 1, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-04-01T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Malware Analysis DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: Malwr.com. Most recent link (Jul 6, 2017): https://malwr.com/analysis/ZmMxNWJlYWU1NTI4NDA1Nzg3YTc5MWViNTA0YTNhYmQ/\"\", \"\"Sources\"\": [\"\"NKaUXl\"\"], \"\"Timestamp\"\": \"\"2017-07-06T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareAnalysis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\"\", \"\"Sources\"\": [\"\"report:QhR8Qs\"\"], \"\"Timestamp\"\": \"\"2021-12-29T06:45:21.381Z\"\", \"\"Name\"\": \"\"recentCncSite\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-e26bfe3a-8f67-4f57-9449-3f183fe94c07 (Jul 25, 2019).", "MitigationString": "", @@ -700,7 +700,7 @@ "Timestamp": "2019-07-25T01:51:04.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: MALWARE BREAKDOWN. Most recent link (May 17, 2017): https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/", "MitigationString": "", @@ -712,7 +712,7 @@ "Timestamp": "2017-05-17T19:31:06.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Apr 1, 2021.", "MitigationString": "", @@ -724,7 +724,7 @@ "Timestamp": "2021-04-01T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Malwr.com. Most recent link (Jul 6, 2017): https://malwr.com/analysis/ZmMxNWJlYWU1NTI4NDA1Nzg3YTc5MWViNTA0YTNhYmQ/", "MitigationString": "", @@ -736,7 +736,7 @@ "Timestamp": "2017-07-06T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -767,20 +767,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"uxlyihgvfnqcrfcf.com\",\"94\",\"5/45\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: uxlyihgvfnqcrfcf[.]com IP: 209[.]99[.]40[.]224 NS: https://t.co/03Dbt4N72t https://t.co/l29AcRDSvE. Most recent link (Jan 4, 2020): https://twitter.com/DGAFeedAlerts/statuses/1213551575332982790\"\", \"\"Sources\"\": [\"\"SlNfa3\"\"], \"\"Timestamp\"\": \"\"2020-01-04T20:03:36.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\"\", \"\"Sources\"\": [\"\"KVQ2PB\"\"], \"\"Timestamp\"\": \"\"2017-03-08T01:18:17.569Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Operation\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on May 6, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-05-06T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Malware Analysis DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/MDcwMzAxMzhkZGIwNGI5Y2I0ZGMyMDY1NzhlZmUzNGI/\"\", \"\"Sources\"\": [\"\"NKaUXl\"\"], \"\"Timestamp\"\": \"\"2017-05-08T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareAnalysis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C DNS Name\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\"\", \"\"Sources\"\": [\"\"report:QhR8Qs\"\"], \"\"Timestamp\"\": \"\"2021-12-29T06:35:26.677Z\"\", \"\"Name\"\": \"\"recentCncSite\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: uxlyihgvfnqcrfcf[.]com IP: 209[.]99[.]40[.]224 NS: https://t.co/03Dbt4N72t https://t.co/l29AcRDSvE. Most recent link (Jan 4, 2020): https://twitter.com/DGAFeedAlerts/statuses/1213551575332982790", "MitigationString": "", @@ -792,7 +792,7 @@ "Timestamp": "2020-01-04T20:03:36.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -804,7 +804,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on May 6, 2021.", "MitigationString": "", @@ -816,7 +816,7 @@ "Timestamp": "2021-05-06T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/MDcwMzAxMzhkZGIwNGI5Y2I0ZGMyMDY1NzhlZmUzNGI/", "MitigationString": "", @@ -828,7 +828,7 @@ "Timestamp": "2017-05-08T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json index e186deada26..ca14392fd14 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json @@ -3,20 +3,20 @@ null, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"38e992eb852ab0c4ac03955fb0dc9bb38e64010fdf9c05331d2b02b6e05689c2\",\"SHA-256\",\"89\",\"6/14\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"50 sightings on 10 sources including: Security Bloggers Network, TechTarget Search Security, Bleeping Computer, Guided Collection, Bleepingcomputer Forums. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561\"\", \"\"Sources\"\": [\"\"NSAcUx\"\", \"\"KCdHcb\"\", \"\"J6UzbO\"\", \"\"Rlso4a\"\", \"\"hkE5DK\"\", \"\"cJMUDF\"\", \"\"TZRwk8\"\", \"\"QMTzEI\"\", \"\"LUhTGd\"\", \"\"J5NRun\"\"], \"\"Timestamp\"\": \"\"2021-12-21T08:40:00.000Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Linked to Attack Vector\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"32 sightings on 27 sources including: Carder Forum (carder.uk), wordpress.com, AAPKS.com, malwareresearch, @phishingalert, @GelosSnake, @neonprimetime, @rpsanch. 7 related attack vectors including Crimeware, Phishing, Remote Code Execution, Malvertising, Click Fraud. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752\"\", \"\"Sources\"\": [\"\"T1bwMv\"\", \"\"LC-zVm\"\", \"\"QFvaUy\"\", \"\"P_upBR\"\", \"\"T2OA5Q\"\", \"\"K20lXV\"\", \"\"TGgDPZ\"\", \"\"hkIDTa\"\", \"\"LqRZCN\"\", \"\"Vd51cf\"\", \"\"ha2FFj\"\", \"\"UmsU31\"\", \"\"K7wUX2\"\", \"\"P_ivKa\"\", \"\"Qj3TQr\"\", \"\"idn:wordpress.com\"\", \"\"J-mrOR\"\", \"\"QPbAan\"\", \"\"VeioBt\"\", \"\"WlbRkJ\"\", \"\"K7sErA\"\", \"\"TvfQzk\"\", \"\"TP1vbk\"\", \"\"SrKvJ0\"\", \"\"SqCj4s\"\", \"\"VXaDYo\"\", \"\"bk2VX4\"\"], \"\"Timestamp\"\": \"\"2021-12-25T03:23:47.000Z\"\", \"\"Name\"\": \"\"linkedToVector\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Cyber Attack\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"6 sightings on 6 sources including: Messaging Platforms - Uncategorized, @_mr_touch. Most recent tweet: Active cred #phishing/malware distribution campaign on 185.186.245.101 with kits targeting @Office365 and @WeTransfer brands. Windows malware submitted to VT here: https://t.co/edCd4sOnAI domains: https://t.co/4GdqctLwkY cc: @malwrhunterteam @JayTHL @SteveD3 @thepacketrat https://t.co/e9d3R7fzIq. Most recent link (May 28, 2019): https://twitter.com/PhishingAi/statuses/1133376801831436289\"\", \"\"Sources\"\": [\"\"XV7DoD\"\", \"\"Ym7dzt\"\", \"\"LKKAV1\"\", \"\"VeioBt\"\", \"\"Y7TWfI\"\", \"\"KGS-xC\"\"], \"\"Timestamp\"\": \"\"2019-05-28T14:17:41.000Z\"\", \"\"Name\"\": \"\"linkedToCyberAttack\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Malware\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"119 sightings on 42 sources including: Malware-Traffic-Analysis.net - Blog Entries, Doc Player, GhostBin, Data Breach Today.eu | Updates, Codex - Recent changes en. 43 related malware families including Dardesh, AZORult, Emotet, Ryuk Ransomware, GandCrab. Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se você jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. Tô rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321\"\", \"\"Sources\"\": [\"\"TvGJYk\"\", \"\"LErKlJ\"\", \"\"QWOrKl\"\", \"\"LKKAV1\"\", \"\"W4ygGi\"\", \"\"PATKM7\"\", \"\"T1bwMv\"\", \"\"TY6igj\"\", \"\"LjkJhE\"\", \"\"kuKt0c\"\", \"\"QAy9GA\"\", \"\"LbYmLr\"\", \"\"K20lXV\"\", \"\"QZe7TG\"\", \"\"idn:droppdf.com\"\", \"\"QAmbRP\"\", \"\"V_o1DL\"\", \"\"TbciDE\"\", \"\"XV7DoD\"\", \"\"P_j5Dw\"\", \"\"QNmgPm\"\", \"\"TGXqeD\"\", \"\"KGS-xC\"\", \"\"L3kVdM\"\", \"\"QMfGAr\"\", \"\"h6VVAH\"\", \"\"doLlw5\"\", \"\"UrsUKT\"\", \"\"JOU\"\", \"\"MIKjae\"\", \"\"P_oIyV\"\", \"\"QJ6TQK\"\", \"\"RfVd0T\"\", \"\"J6UzbO\"\", \"\"Ql9O5c\"\", \"\"USKpXp\"\", \"\"TP1vbk\"\", \"\"SrKvJ0\"\", \"\"Tq2nAb\"\", \"\"P_ov9o\"\", \"\"VXaDYo\"\", \"\"idn:index-of.es\"\"], \"\"Timestamp\"\": \"\"2021-11-27T23:07:37.000Z\"\", \"\"Name\"\": \"\"linkedToMalware\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Reported by DHS AIS\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-12195723-7c56-4c63-b828-fc340dd4050a (Dec 20, 2018).\"\", \"\"Sources\"\": [\"\"UZNze8\"\"], \"\"Timestamp\"\": \"\"2018-12-20T21:13:36.000Z\"\", \"\"Name\"\": \"\"dhsAis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}, {\"\"Rule\"\": \"\"Positive Malware Verdict\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"5 sightings on 3 sources: Malware-Traffic-Analysis.net - Blog Entries, ReversingLabs, PolySwarm. Most recent link (Dec 15, 2018): https://www.malware-traffic-analysis.net/2018/12/14/index.html\"\", \"\"Sources\"\": [\"\"LErKlJ\"\", \"\"TbciDE\"\", \"\"doLlw5\"\"], \"\"Timestamp\"\": \"\"2020-07-11T09:55:23.000Z\"\", \"\"Name\"\": \"\"positiveMalwareVerdict\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "50 sightings on 10 sources including: Security Bloggers Network, TechTarget Search Security, Bleeping Computer, Guided Collection, Bleepingcomputer Forums. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561", "MitigationString": "", @@ -37,7 +37,7 @@ "Timestamp": "2021-12-21T08:40:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "32 sightings on 27 sources including: Carder Forum (carder.uk), wordpress.com, AAPKS.com, malwareresearch, @phishingalert, @GelosSnake, @neonprimetime, @rpsanch. 7 related attack vectors including Crimeware, Phishing, Remote Code Execution, Malvertising, Click Fraud. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752", "MitigationString": "", @@ -75,7 +75,7 @@ "Timestamp": "2021-12-25T03:23:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "6 sightings on 6 sources including: Messaging Platforms - Uncategorized, @_mr_touch. Most recent tweet: Active cred #phishing/malware distribution campaign on 185.186.245.101 with kits targeting @Office365 and @WeTransfer brands. Windows malware submitted to VT here: https://t.co/edCd4sOnAI domains: https://t.co/4GdqctLwkY cc: @malwrhunterteam @JayTHL @SteveD3 @thepacketrat https://t.co/e9d3R7fzIq. Most recent link (May 28, 2019): https://twitter.com/PhishingAi/statuses/1133376801831436289", "MitigationString": "", @@ -92,7 +92,7 @@ "Timestamp": "2019-05-28T14:17:41.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "119 sightings on 42 sources including: Malware-Traffic-Analysis.net - Blog Entries, Doc Player, GhostBin, Data Breach Today.eu | Updates, Codex - Recent changes en. 43 related malware families including Dardesh, AZORult, Emotet, Ryuk Ransomware, GandCrab. Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se você jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. Tô rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321", "MitigationString": "", @@ -145,7 +145,7 @@ "Timestamp": "2021-11-27T23:07:37.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-12195723-7c56-4c63-b828-fc340dd4050a (Dec 20, 2018).", "MitigationString": "", @@ -157,7 +157,7 @@ "Timestamp": "2018-12-20T21:13:36.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "5 sightings on 3 sources: Malware-Traffic-Analysis.net - Blog Entries, ReversingLabs, PolySwarm. Most recent link (Dec 15, 2018): https://www.malware-traffic-analysis.net/2018/12/14/index.html", "MitigationString": "", @@ -192,20 +192,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71\",\"SHA-256\",\"89\",\"7/14\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"28 sightings on 8 sources including: Dancho Danchev's Blog, SecureWorks, Talos Intel, Unit 42 Palo Alto Networks, Cisco Japan Blog. Most recent link (Mar 12, 2021): https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group?es_p=13420131\"\", \"\"Sources\"\": [\"\"JfqIbv\"\", \"\"Z2mQh2\"\", \"\"PA-rR4\"\", \"\"jjf3_B\"\", \"\"clDYM8\"\", \"\"T5\"\", \"\"rN\"\", \"\"J5NRun\"\"], \"\"Timestamp\"\": \"\"2021-03-12T20:30:37.672Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Linked to Attack Vector\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"69 sightings on 18 sources including: Stock market news Company News MarketScreenercom, HackDig Posts, Sesin at, US CERT CISA Alerts, citizensudo.com. 6 related attack vectors including Powershell Attack, Supply Chain Attack, Target Destination Manipulation, Reconnaissance, C\u0026C Server. Most recent link (Apr 15, 2021): https://www.cisa.gov/uscert/ncas/alerts/aa20-352a\"\", \"\"Sources\"\": [\"\"XBl0xf\"\", \"\"POs2u-\"\", \"\"Z3TZAQ\"\", \"\"hhY_oz\"\", \"\"idn:citizensudo.com\"\", \"\"VKz42X\"\", \"\"PA-rR4\"\", \"\"POs2tz\"\", \"\"idn:firsthackersnews.com\"\", \"\"KcjdRW\"\", \"\"dCotni\"\", \"\"idn:comodo.com\"\", \"\"gI8s5W\"\", \"\"hibUwt\"\", \"\"rN\"\", \"\"idn:reportcybercrime.com\"\", \"\"idn:eshielder.com\"\", \"\"idn:edsitrend.com\"\"], \"\"Timestamp\"\": \"\"2021-04-15T00:00:00.000Z\"\", \"\"Name\"\": \"\"linkedToVector\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Vulnerability\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"11 sightings on 2 sources: GitHub, Insikt Group. 5 related cyber vulnerabilities: CWE-20, CWE-287, CVE-2020-10148, CVE-2020-1938, CWE-269. Most recent link (Dec 27, 2021): https://github.com/teamt5-it/official-website-v2/blob/master/_site/_next/data/64e2c6f134e73517d6ff737822e83cd75cf633c6/tw/posts/ithome-ghostcat-apache-tomcat-ajp-vulnerability.json\"\", \"\"Sources\"\": [\"\"MIKjae\"\", \"\"VKz42X\"\"], \"\"Timestamp\"\": \"\"2021-12-27T07:36:54.000Z\"\", \"\"Name\"\": \"\"linkedToVuln\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Malware\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"175 sightings on 31 sources including: 4-traders.com, SentinelLabs, Sesin at, Cisco Japan Blog, McAfee. 8 related malware families including WebShell, Ransomware, Backdoor, Backdoor Shell, SUNBURST. Most recent tweet: Malcode highlighted in 'App_Web_logoimagehandler.ashx.b6031896.dll' (c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71) #SolarWinds #SUNBURST https://t.co/lyvnVHuTb2. Most recent link (Dec 16, 2020): https://twitter.com/_mynameisgeff/statuses/1339070792705830913\"\", \"\"Sources\"\": [\"\"TuWseX\"\", \"\"KBTQ2e\"\", \"\"eP3CYX\"\", \"\"Z3TZAQ\"\", \"\"clDYM8\"\", \"\"rN\"\", \"\"VKz42X\"\", \"\"idn:elemendar.com\"\", \"\"idn:securitysummitperu.com\"\", \"\"PA-rR4\"\", \"\"idn:terabitweb.com\"\", \"\"eTNyK6\"\", \"\"gBQB48\"\", \"\"bMZlEg\"\", \"\"idn:edsitrend.com\"\", \"\"idn:infoblox.com\"\", \"\"UZNze8\"\", \"\"Z2mQh2\"\", \"\"XBl0xf\"\", \"\"dCpZqs\"\", \"\"jmpFm1\"\", \"\"T5\"\", \"\"doLlw5\"\", \"\"gBDK5G\"\", \"\"MIKjae\"\", \"\"idn:firsthackersnews.com\"\", \"\"jjf3_B\"\", \"\"Jv_xrR\"\", \"\"dCotni\"\", \"\"idn:comodo.com\"\", \"\"hibUwt\"\"], \"\"Timestamp\"\": \"\"2020-12-16T04:52:10.000Z\"\", \"\"Name\"\": \"\"linkedToMalware\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Reported by DHS AIS\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"3 sightings on 1 source: DHS Automated Indicator Sharing. 3 reports including AA20-352A APT Compromise of Govt Agencies, Critical Infrastructure, and Private Sector Organizations, from CISA, Government Facilities Sector, CISA, Government Facilities Sector, NCCIC:STIX_Package-673aacd1-1852-4d44-bd93-0c44940a6358 (Feb 3, 2021).\"\", \"\"Sources\"\": [\"\"UZNze8\"\"], \"\"Timestamp\"\": \"\"2021-02-03T21:32:08.000Z\"\", \"\"Name\"\": \"\"dhsAis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}, {\"\"Rule\"\": \"\"Positive Malware Verdict\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"6 sightings on 2 sources: Sophos Virus and Spyware Threats, PolySwarm. Most recent link (Dec 17, 2020): https://news.sophos.com/fr-fr/2020/12/15/cyberattaque-contre-solarwinds-comment-savoir-si-vous-etes-concerne/\"\", \"\"Sources\"\": [\"\"K16tAG\"\", \"\"doLlw5\"\"], \"\"Timestamp\"\": \"\"2020-12-20T15:18:53.000Z\"\", \"\"Name\"\": \"\"positiveMalwareVerdict\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}, {\"\"Rule\"\": \"\"Reported by Insikt Group\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"13 sightings on 1 source: Insikt Group. 4 reports including Researchers Linked Supernova Malware to Spiral Group. Most recent link (Mar 08, 2021): https://app.recordedfuture.com/live/sc/5DIp4RIUiJz6\"\", \"\"Sources\"\": [\"\"VKz42X\"\"], \"\"Timestamp\"\": \"\"2021-03-08T00:00:00.000Z\"\", \"\"Name\"\": \"\"analystNote\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "28 sightings on 8 sources including: Dancho Danchev's Blog, SecureWorks, Talos Intel, Unit 42 Palo Alto Networks, Cisco Japan Blog. Most recent link (Mar 12, 2021): https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group?es_p=13420131", "MitigationString": "", @@ -224,7 +224,7 @@ "Timestamp": "2021-03-12T20:30:37.672Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "69 sightings on 18 sources including: Stock market news Company News MarketScreenercom, HackDig Posts, Sesin at, US CERT CISA Alerts, citizensudo.com. 6 related attack vectors including Powershell Attack, Supply Chain Attack, Target Destination Manipulation, Reconnaissance, C\u0026C Server. Most recent link (Apr 15, 2021): https://www.cisa.gov/uscert/ncas/alerts/aa20-352a", "MitigationString": "", @@ -253,7 +253,7 @@ "Timestamp": "2021-04-15T00:00:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "11 sightings on 2 sources: GitHub, Insikt Group. 5 related cyber vulnerabilities: CWE-20, CWE-287, CVE-2020-10148, CVE-2020-1938, CWE-269. Most recent link (Dec 27, 2021): https://github.com/teamt5-it/official-website-v2/blob/master/_site/_next/data/64e2c6f134e73517d6ff737822e83cd75cf633c6/tw/posts/ithome-ghostcat-apache-tomcat-ajp-vulnerability.json", "MitigationString": "", @@ -266,7 +266,7 @@ "Timestamp": "2021-12-27T07:36:54.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "175 sightings on 31 sources including: 4-traders.com, SentinelLabs, Sesin at, Cisco Japan Blog, McAfee. 8 related malware families including WebShell, Ransomware, Backdoor, Backdoor Shell, SUNBURST. Most recent tweet: Malcode highlighted in 'App_Web_logoimagehandler.ashx.b6031896.dll' (c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71) #SolarWinds #SUNBURST https://t.co/lyvnVHuTb2. Most recent link (Dec 16, 2020): https://twitter.com/_mynameisgeff/statuses/1339070792705830913", "MitigationString": "", @@ -308,7 +308,7 @@ "Timestamp": "2020-12-16T04:52:10.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "3 sightings on 1 source: DHS Automated Indicator Sharing. 3 reports including AA20-352A APT Compromise of Govt Agencies, Critical Infrastructure, and Private Sector Organizations, from CISA, Government Facilities Sector, CISA, Government Facilities Sector, NCCIC:STIX_Package-673aacd1-1852-4d44-bd93-0c44940a6358 (Feb 3, 2021).", "MitigationString": "", @@ -320,7 +320,7 @@ "Timestamp": "2021-02-03T21:32:08.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "6 sightings on 2 sources: Sophos Virus and Spyware Threats, PolySwarm. Most recent link (Dec 17, 2020): https://news.sophos.com/fr-fr/2020/12/15/cyberattaque-contre-solarwinds-comment-savoir-si-vous-etes-concerne/", "MitigationString": "", @@ -333,7 +333,7 @@ "Timestamp": "2020-12-20T15:18:53.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "13 sightings on 1 source: Insikt Group. 4 reports including Researchers Linked Supernova Malware to Spiral Group. Most recent link (Mar 08, 2021): https://app.recordedfuture.com/live/sc/5DIp4RIUiJz6", "MitigationString": "", @@ -366,20 +366,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"b66db3a06c2955a9cb71a8718970c592\",\"MD5\",\"89\",\"5/14\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"10 sightings on 7 sources including: ISC Sans Diary Archive, SecureWorks, InfoCON: green, ISC | Latest Headlines, SANS Internet Storm Center. Most recent link (Dec 20, 2021): https://www.jpcert.or.jp/english/at/2021/at210050.html\"\", \"\"Sources\"\": [\"\"TCw6v6\"\", \"\"Z2mQh2\"\", \"\"2d\"\", \"\"cJuZvt\"\", \"\"JYxY8X\"\", \"\"J2_htN\"\", \"\"jXNbON\"\"], \"\"Timestamp\"\": \"\"2021-12-20T04:54:00.000Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Linked to Attack Vector\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"6 sightings on 5 sources: GitHub, SANS Internet Storm Center, Messaging Platforms - Uncategorized, @decalage2, @simonwargniez. 3 related attack vectors: Remote Code Execution, Zero Day Exploit, Cyberattack. Most recent tweet: Great lists of software affected by #Log4Shell / CVE-2021-44228 / Log4J RCE: https://t.co/TpEQXKgMGW by @ncsc_nl https://t.co/FA5i8zR5Z1 by @CISAgov https://t.co/0xVZJvMcpU by @SwitHak https://t.co/788knvztWV https://t.co/WMkXslhgWS #log4j #log4j2. Most recent link (Dec 15, 2021): https://twitter.com/decalage2/statuses/1471121875816353800\"\", \"\"Sources\"\": [\"\"LUf99I\"\", \"\"MIKjae\"\", \"\"JYxY8X\"\", \"\"Y7TWfI\"\", \"\"KIRe_w\"\"], \"\"Timestamp\"\": \"\"2021-12-15T14:16:01.000Z\"\", \"\"Name\"\": \"\"linkedToVector\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Vulnerability\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"108 sightings on 78 sources including: bund.de, tistory.com, PasteBin, Sesin at, Messaging Platforms - Uncategorized. 24 related cyber vulnerabilities including CWE-22, CWE-611, CVE-2019-19781, CVE-2020-16898, CWE-20. Most recent tweet: Security advisories, bulletins, and vendor responses related to Log4Shell #Log4Shell #Log4j #cybersecurity #infosec #vendorsecurity https://t.co/Vpwrhdppm7. Most recent link (Dec 22, 2021): https://twitter.com/arrgibbs/statuses/1473733864459841538\"\", \"\"Sources\"\": [\"\"VQpQDR\"\", \"\"KFu3Rc\"\", \"\"LUf99I\"\", \"\"SGCsBG\"\", \"\"U94lUG\"\", \"\"KFcv42\"\", \"\"QT0CFv\"\", \"\"UHvtcg\"\", \"\"KFUbjU\"\", \"\"KHwUI5\"\", \"\"KKSt8d\"\", \"\"idn:bund.de\"\", \"\"VmIbAC\"\", \"\"QGT0Vy\"\", \"\"ejfM20\"\", \"\"KGlTEd\"\", \"\"QCoXJo\"\", \"\"RXSwU8\"\", \"\"idn:tistory.com\"\", \"\"LpdVul\"\", \"\"K-eKsL\"\", \"\"TKYCSz\"\", \"\"SkABVK\"\", \"\"SdGk_x\"\", \"\"LI6d7O\"\", \"\"LQIfBf\"\", \"\"U6B2hC\"\", \"\"f7_CfD\"\", \"\"LKt0HB\"\", \"\"RHS4v8\"\", \"\"KKmN5m\"\", \"\"YfJqp2\"\", \"\"Jv_xrR\"\", \"\"RJ2_NX\"\", \"\"VZXzSv\"\", \"\"k0QC11\"\", \"\"KFWBRs\"\", \"\"LRk_pt\"\", \"\"Qn2VRQ\"\", \"\"kGHFKP\"\", \"\"ShBO5M\"\", \"\"T-GSBp\"\", \"\"KNdyHF\"\", \"\"QLCTXP\"\", \"\"Z3TZAQ\"\", \"\"Khf99v\"\", \"\"KHZhjO\"\", \"\"SHH61D\"\", \"\"Knx_su\"\", \"\"LL8-pr\"\", \"\"QpmWTf\"\", \"\"KIRe_w\"\", \"\"QIea7F\"\", \"\"SlhG3F\"\", \"\"KIdj8R\"\", \"\"SQqKS8\"\", \"\"Lq6DNq\"\", \"\"QpYsBa\"\", \"\"d-ZMP2\"\", \"\"LOoye8\"\", \"\"QEUmiJ\"\", \"\"ewfPjC\"\", \"\"LBNFpV\"\", \"\"QTpbKE\"\", \"\"Y7TWfI\"\", \"\"KGS-xC\"\", \"\"eifkGz\"\", \"\"au2SGr\"\", \"\"SKw4tT\"\", \"\"KGW5kn\"\", \"\"Q9y5Ki\"\", \"\"KGxw1d\"\", \"\"MIKjae\"\", \"\"LO5p1C\"\", \"\"JYxY8X\"\", \"\"KJsMEF\"\", \"\"QBLBHH\"\", \"\"k7WJ2k\"\"], \"\"Timestamp\"\": \"\"2021-12-22T19:15:08.000Z\"\", \"\"Name\"\": \"\"linkedToVuln\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Malware\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"11 sightings on 3 sources: bund.de, SANS Internet Storm Center, Sesin at. 2 related malware families: Ransomware, Botnet. Most recent link (Dec 20, 2021): https://www.jpcert.or.jp/english/at/2021/at210050.html\"\", \"\"Sources\"\": [\"\"idn:bund.de\"\", \"\"JYxY8X\"\", \"\"Z3TZAQ\"\"], \"\"Timestamp\"\": \"\"2021-12-20T04:54:00.000Z\"\", \"\"Name\"\": \"\"linkedToMalware\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Positive Malware Verdict\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Naked Security. Most recent link (Dec 18, 2021): https://news.sophos.com/en-us/2021/12/17/log4shell-response-and-mitigation-recommendations/\"\", \"\"Sources\"\": [\"\"J2_htN\"\"], \"\"Timestamp\"\": \"\"2021-12-18T00:20:04.000Z\"\", \"\"Name\"\": \"\"positiveMalwareVerdict\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "10 sightings on 7 sources including: ISC Sans Diary Archive, SecureWorks, InfoCON: green, ISC | Latest Headlines, SANS Internet Storm Center. Most recent link (Dec 20, 2021): https://www.jpcert.or.jp/english/at/2021/at210050.html", "MitigationString": "", @@ -397,7 +397,7 @@ "Timestamp": "2021-12-20T04:54:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "6 sightings on 5 sources: GitHub, SANS Internet Storm Center, Messaging Platforms - Uncategorized, @decalage2, @simonwargniez. 3 related attack vectors: Remote Code Execution, Zero Day Exploit, Cyberattack. Most recent tweet: Great lists of software affected by #Log4Shell / CVE-2021-44228 / Log4J RCE: https://t.co/TpEQXKgMGW by @ncsc_nl https://t.co/FA5i8zR5Z1 by @CISAgov https://t.co/0xVZJvMcpU by @SwitHak https://t.co/788knvztWV https://t.co/WMkXslhgWS #log4j #log4j2. Most recent link (Dec 15, 2021): https://twitter.com/decalage2/statuses/1471121875816353800", "MitigationString": "", @@ -413,7 +413,7 @@ "Timestamp": "2021-12-15T14:16:01.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "108 sightings on 78 sources including: bund.de, tistory.com, PasteBin, Sesin at, Messaging Platforms - Uncategorized. 24 related cyber vulnerabilities including CWE-22, CWE-611, CVE-2019-19781, CVE-2020-16898, CWE-20. Most recent tweet: Security advisories, bulletins, and vendor responses related to Log4Shell #Log4Shell #Log4j #cybersecurity #infosec #vendorsecurity https://t.co/Vpwrhdppm7. Most recent link (Dec 22, 2021): https://twitter.com/arrgibbs/statuses/1473733864459841538", "MitigationString": "", @@ -502,7 +502,7 @@ "Timestamp": "2021-12-22T19:15:08.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "11 sightings on 3 sources: bund.de, SANS Internet Storm Center, Sesin at. 2 related malware families: Ransomware, Botnet. Most recent link (Dec 20, 2021): https://www.jpcert.or.jp/english/at/2021/at210050.html", "MitigationString": "", @@ -516,7 +516,7 @@ "Timestamp": "2021-12-20T04:54:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Naked Security. Most recent link (Dec 18, 2021): https://news.sophos.com/en-us/2021/12/17/log4shell-response-and-mitigation-recommendations/", "MitigationString": "", @@ -549,20 +549,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745\",\"SHA-256\",\"89\",\"8/14\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"91 sightings on 19 sources including: Security News Concentrator, Fortinet, Trend Micro, CrowdStrike, FireEye Threat Research Blog. Most recent link (Dec 20, 2019): https://threatvector.cylance.com/en_us/home/threat-spotlight-petya-like-ransomware-is-nasty-wiper.html\"\", \"\"Sources\"\": [\"\"QS89Bd\"\", \"\"KVP0jz\"\", \"\"T5\"\", \"\"JYxY5G\"\", \"\"WR_Ohh\"\", \"\"Jt4ExJ\"\", \"\"Kzw0Pm\"\", \"\"JQH96m\"\", \"\"2d\"\", \"\"JYxY8X\"\", \"\"rN\"\", \"\"PA-rR4\"\", \"\"VyWQM7\"\", \"\"Lp_esG\"\", \"\"ONMgMx\"\", \"\"4n\"\", \"\"QMTzEI\"\", \"\"83\"\", \"\"K0TN7r\"\"], \"\"Timestamp\"\": \"\"2019-12-20T01:04:11.602Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported in Threat List\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Jul 6, 2017, and Jul 17, 2017.\"\", \"\"Sources\"\": [\"\"report:Tluf00\"\"], \"\"Timestamp\"\": \"\"2021-12-24T20:03:09.087Z\"\", \"\"Name\"\": \"\"historicalThreatListMembership\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Linked to Attack Vector\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"14 sightings on 5 sources including: Assiste.Forum, @arturodicorinto. 2 related attack vectors: ShellCode, Cyberattack. Most recent tweet: They're getting quicker at updating.. #petya #cyberattack https://t.co/px0g9BSpod. Most recent link (Jun 27, 2017): https://twitter.com/SupersizedSam/statuses/879764638845587461\"\", \"\"Sources\"\": [\"\"LP7dc7\"\", \"\"LRlngp\"\", \"\"Sl8XTb\"\", \"\"QMfGAr\"\", \"\"J-y3tn\"\"], \"\"Timestamp\"\": \"\"2017-06-27T18:13:29.000Z\"\", \"\"Name\"\": \"\"linkedToVector\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Vulnerability\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: GitHub. 2 related cyber vulnerabilities: CWE-20, CVE-2017-0143. Most recent link (Oct 10, 2021): https://github.com/demisto/content/blob/master/Packs/RecordedFuture/Integrations/RecordedFuture/example_commands.txt\"\", \"\"Sources\"\": [\"\"MIKjae\"\"], \"\"Timestamp\"\": \"\"2021-10-10T08:21:25.825Z\"\", \"\"Name\"\": \"\"linkedToVuln\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Cyber Attack\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"10 sightings on 9 sources including: BitcoinTalk.org, @Noemi_hcke. Most recent tweet: #petya related hashes in #virustotal https://t.co/Cv7Pltjhia https://t.co/P3otYPoxBj #ransomware #malware #sha256. Most recent link (Jun 28, 2017): https://twitter.com/Menardconnect/statuses/879885997831368705\"\", \"\"Sources\"\": [\"\"ThowaF\"\", \"\"KUtKjP\"\", \"\"K84j7t\"\", \"\"MghdWI\"\", \"\"K8rrfe\"\", \"\"QlWPRW\"\", \"\"KFsPRz\"\", \"\"S-Anbb\"\", \"\"KE9dMF\"\"], \"\"Timestamp\"\": \"\"2017-06-28T02:15:44.000Z\"\", \"\"Name\"\": \"\"linkedToCyberAttack\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Malware\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"834 sightings on 201 sources including: New Jersey Cybersecurity \u0026amp; Communications Integration Cell, lnkd.in, avtech24h.com, Malwr.com, Talos Intel. 21 related malware families including ICS Malware, PetrWrap, Emotet, Trojan, NotPetya. Most recent tweet: #ransomware 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745 f65a7dadff844f2dc44a3bd43e1c0d600b1a6c66f6d02734d8f385872ccab0bc b6e8dc95ec939a1f3b184da559c8010ab3dc773e426e63e5aa7ffc44174d8a9d 9e1609ab7f01b56a9476494d9b3bf5997380d466744b07ec5d9b20e416b10f08. Most recent link (Apr 9, 2021): https://twitter.com/RedBeardIOCs/statuses/1380600677249003521\"\", \"\"Sources\"\": [\"\"jbVMcB\"\", \"\"idn:lnkd.in\"\", \"\"idn:avtech24h.com\"\", \"\"K84j7t\"\", \"\"Sl8XTb\"\", \"\"KGRhOC\"\", \"\"NKaUXl\"\", \"\"KIoGAG\"\", \"\"PA-rR4\"\", \"\"LRlngp\"\", \"\"rN\"\", \"\"Jxh46H\"\", \"\"KFL44X\"\", \"\"TbciDE\"\", \"\"KFNVB9\"\", \"\"OJpx5g\"\", \"\"K-CGye\"\", \"\"KK6oqV\"\", \"\"WR_Ohh\"\", \"\"idn:twitter.com\"\", \"\"fgwEcq\"\", \"\"QYsx0D\"\", \"\"KIFtR_\"\", \"\"Lp_esG\"\", \"\"TSFWTw\"\", \"\"KGHzAY\"\", \"\"P_oEH3\"\", \"\"KBTQ2e\"\", \"\"QCGHCy\"\", \"\"JYxY5G\"\", \"\"UQsrUj\"\", \"\"idn:cert.ro\"\", \"\"idn:bluvector.io\"\", \"\"KFUJTL\"\", \"\"TFUkSW\"\", \"\"P0Gs9I\"\", \"\"K8ofB1\"\", \"\"KVnnHP\"\", \"\"TpaXxw\"\", \"\"U5qdTI\"\", \"\"idn:zscaler.com\"\", \"\"L3kVdM\"\", \"\"QMfGAr\"\", \"\"KIk8aS\"\", \"\"Kzw0Pm\"\", \"\"hcELIE\"\", \"\"POs2tz\"\", \"\"KD6Na4\"\", \"\"idn:globalsecuritymag.com\"\", \"\"LDd0sl\"\", \"\"KVP0jz\"\", \"\"Lj8CsQ\"\", \"\"K8rrfe\"\", \"\"LDejRI\"\", \"\"J-y3tn\"\", \"\"WXutod\"\", \"\"idn:infosecurityfactory.nl\"\", \"\"LBlc7C\"\", \"\"idn:bg.org.tr\"\", \"\"QS89Bd\"\", \"\"K9SiDc\"\", \"\"Qe89bv\"\", \"\"TiY1wu\"\", \"\"idn:undernews.fr\"\", \"\"idn:iteefactory.nl\"\", \"\"KFRGd_\"\", \"\"KFVuR_\"\", \"\"4n\"\", \"\"S-Anbb\"\", \"\"KFNZEC\"\", \"\"TSazOG\"\", \"\"K9Skh1\"\", \"\"MghdWI\"\", \"\"idn:securityiscoming.com\"\", \"\"QS89BG\"\", \"\"LVg9nH\"\", \"\"KFiGli\"\", \"\"K9Vq9B\"\", \"\"KLbNtt\"\", \"\"VyWQM7\"\", \"\"NTakwX\"\", \"\"KGoarP\"\", \"\"idn:gelsene.net\"\", \"\"LwURWv\"\", \"\"KGX8VB\"\", \"\"ThoB0I\"\", \"\"TAIz7D\"\", \"\"QBHQ61\"\", \"\"TiY1w7\"\", \"\"idn:kompasiana.com\"\", \"\"idn:t.co\"\", \"\"KfDTG0\"\", \"\"idn:ictsecuritymagazine.com\"\", \"\"Liz5-u\"\", \"\"MIKjae\"\", \"\"JYxY8X\"\", \"\"KUtKjP\"\", \"\"idn:cert.pl\"\", \"\"Lpm4nc\"\", \"\"idn:boozallen.com\"\", \"\"RVFHk_\"\", \"\"KGmazP\"\", \"\"M_7iBk\"\", \"\"TStw1W\"\", \"\"LFcJLk\"\", \"\"K0TN7r\"\", \"\"KVRURg\"\", \"\"UNe62M\"\", \"\"iL8bPu\"\", \"\"K76BjK\"\", \"\"VRixQe\"\", \"\"idn:dfir.pro\"\", \"\"KF-l77\"\", \"\"idn:gixtools.net\"\", \"\"P_oIyV\"\", \"\"KGzicb\"\", \"\"LGryD9\"\", \"\"idn:fb.me\"\", \"\"K5nCn5\"\", \"\"ThKuX0\"\", \"\"SYrUYn\"\", \"\"KFKbZE\"\", \"\"MAe5tQ\"\", \"\"KGm6gS\"\", \"\"W4ygGi\"\", \"\"g9rk5F\"\", \"\"idn:menshaway.blogspot.com\"\", \"\"KFsPRz\"\", \"\"LDm9iS\"\", \"\"RV8KWp\"\", \"\"KTuH6e\"\", \"\"P_uJi3\"\", \"\"KG_Bgt\"\", \"\"QAmbRP\"\", \"\"idn:csirt.cz\"\", \"\"LZYvHh\"\", \"\"L0HtmN\"\", \"\"KWLqO-\"\", \"\"LtUj1D\"\", \"\"QMTzDr\"\", \"\"idn:dy.si\"\", \"\"Lo8Box\"\", \"\"K-4reD\"\", \"\"KFTeBZ\"\", \"\"KKzFno\"\", \"\"QMTzEI\"\", \"\"KFYLd8\"\", \"\"KGABt4\"\", \"\"LIizBt\"\", \"\"idn:herjavecgroup.com\"\", \"\"QAAZRn\"\", \"\"K66Zgw\"\", \"\"KWz-My\"\", \"\"Lb0b3F\"\", \"\"idn:emsisoft.vn\"\", \"\"LodOTm\"\", \"\"KE9dMF\"\", \"\"O-Wf5x\"\", \"\"LG2dQX\"\", \"\"P_-RZy\"\", \"\"LK7o9D\"\", \"\"K60PUk\"\", \"\"KKUqfz\"\", \"\"idn:logrhythm.com\"\", \"\"Jv_xrR\"\", \"\"LP7dc7\"\", \"\"MFNOaz\"\", \"\"TefIES\"\", \"\"KGdGg3\"\", \"\"KHNdvY\"\", \"\"QBTxvB\"\", \"\"idn:swordshield.com\"\", \"\"ThowaF\"\", \"\"idn:binarydefense.com\"\", \"\"idn:indusface.com\"\", \"\"QBtnC2\"\", \"\"QlWPRW\"\", \"\"KHZhjO\"\", \"\"idn:idcloudhost.com\"\", \"\"LRFVsB\"\", \"\"KG2JTH\"\", \"\"KIm1im\"\", \"\"LAfpKN\"\", \"\"BaV\"\", \"\"KGW3VP\"\", \"\"KFcp5q\"\", \"\"LCN_6T\"\", \"\"idn:avastvn.com\"\", \"\"KFTnbG\"\", \"\"TiCWjw\"\", \"\"Lmhpq3\"\", \"\"KGS-xC\"\", \"\"KFVthB\"\", \"\"idn:finyear.com\"\", \"\"KFji4N\"\", \"\"P_7M19\"\", \"\"K-b0DI\"\", \"\"LV1UMS\"\", \"\"idn:safe-cyberdefense.com\"\", \"\"Kjk3fx\"\", \"\"Q1wlJN\"\"], \"\"Timestamp\"\": \"\"2021-04-09T19:17:06.000Z\"\", \"\"Name\"\": \"\"linkedToMalware\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Reported by DHS AIS\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-21cebba6-46ed-464e-ad5a-32a8063e1400 (Jun 27, 2017).\"\", \"\"Sources\"\": [\"\"UZNze8\"\"], \"\"Timestamp\"\": \"\"2017-06-27T17:18:01.000Z\"\", \"\"Name\"\": \"\"dhsAis\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}, {\"\"Rule\"\": \"\"Positive Malware Verdict\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"5 sightings on 3 sources: Recorded Future Malware Detonation, ReversingLabs, PolySwarm. Most recent link (Jun 27, 2017): ReversingLabs malware file analysis.\"\", \"\"Sources\"\": [\"\"TAIz7D\"\", \"\"TbciDE\"\", \"\"doLlw5\"\"], \"\"Timestamp\"\": \"\"2020-12-17T22:59:03.000Z\"\", \"\"Name\"\": \"\"positiveMalwareVerdict\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "91 sightings on 19 sources including: Security News Concentrator, Fortinet, Trend Micro, CrowdStrike, FireEye Threat Research Blog. Most recent link (Dec 20, 2019): https://threatvector.cylance.com/en_us/home/threat-spotlight-petya-like-ransomware-is-nasty-wiper.html", "MitigationString": "", @@ -592,7 +592,7 @@ "Timestamp": "2019-12-20T01:04:11.602Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Jul 6, 2017, and Jul 17, 2017.", "MitigationString": "", @@ -604,7 +604,7 @@ "Timestamp": "2021-12-24T20:03:09.087Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "14 sightings on 5 sources including: Assiste.Forum, @arturodicorinto. 2 related attack vectors: ShellCode, Cyberattack. Most recent tweet: They're getting quicker at updating.. #petya #cyberattack https://t.co/px0g9BSpod. Most recent link (Jun 27, 2017): https://twitter.com/SupersizedSam/statuses/879764638845587461", "MitigationString": "", @@ -620,7 +620,7 @@ "Timestamp": "2017-06-27T18:13:29.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: GitHub. 2 related cyber vulnerabilities: CWE-20, CVE-2017-0143. Most recent link (Oct 10, 2021): https://github.com/demisto/content/blob/master/Packs/RecordedFuture/Integrations/RecordedFuture/example_commands.txt", "MitigationString": "", @@ -632,7 +632,7 @@ "Timestamp": "2021-10-10T08:21:25.825Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "10 sightings on 9 sources including: BitcoinTalk.org, @Noemi_hcke. Most recent tweet: #petya related hashes in #virustotal https://t.co/Cv7Pltjhia https://t.co/P3otYPoxBj #ransomware #malware #sha256. Most recent link (Jun 28, 2017): https://twitter.com/Menardconnect/statuses/879885997831368705", "MitigationString": "", @@ -652,7 +652,7 @@ "Timestamp": "2017-06-28T02:15:44.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "834 sightings on 201 sources including: New Jersey Cybersecurity \u0026amp; Communications Integration Cell, lnkd.in, avtech24h.com, Malwr.com, Talos Intel. 21 related malware families including ICS Malware, PetrWrap, Emotet, Trojan, NotPetya. Most recent tweet: #ransomware 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745 f65a7dadff844f2dc44a3bd43e1c0d600b1a6c66f6d02734d8f385872ccab0bc b6e8dc95ec939a1f3b184da559c8010ab3dc773e426e63e5aa7ffc44174d8a9d 9e1609ab7f01b56a9476494d9b3bf5997380d466744b07ec5d9b20e416b10f08. Most recent link (Apr 9, 2021): https://twitter.com/RedBeardIOCs/statuses/1380600677249003521", "MitigationString": "", @@ -864,7 +864,7 @@ "Timestamp": "2021-04-09T19:17:06.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-21cebba6-46ed-464e-ad5a-32a8063e1400 (Jun 27, 2017).", "MitigationString": "", @@ -876,7 +876,7 @@ "Timestamp": "2017-06-27T17:18:01.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "5 sightings on 3 sources: Recorded Future Malware Detonation, ReversingLabs, PolySwarm. Most recent link (Jun 27, 2017): ReversingLabs malware file analysis.", "MitigationString": "", @@ -911,20 +911,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"ad2ad0249fafe85877bc79a01e1afd1a44d983c064ad8cb5bc694d29d166217b\",\"SHA-256\",\"89\",\"5/14\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"16 sightings on 4 sources: Guided Collection, Bleepingcomputer Forums, ISC | All Updates, Malwarebytes Unpacked. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561\"\", \"\"Sources\"\": [\"\"Rlso4a\"\", \"\"hkE5DK\"\", \"\"TZRwk8\"\", \"\"J5NRun\"\"], \"\"Timestamp\"\": \"\"2021-12-21T08:40:00.000Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Linked to Attack Vector\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"6 sightings on 6 sources including: malwareresearch, AAPKS.com, @Shouvik95232310, @santGM. 3 related attack vectors: Phishing, Click Fraud, Typosquatting. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752\"\", \"\"Sources\"\": [\"\"WlbRkJ\"\", \"\"ha2FFj\"\", \"\"K7wUX2\"\", \"\"P_ivKa\"\", \"\"J-mrOR\"\", \"\"P_upBR\"\"], \"\"Timestamp\"\": \"\"2021-12-25T03:23:47.000Z\"\", \"\"Name\"\": \"\"linkedToVector\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Cyber Attack\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Messaging Platforms - Uncategorized. Most recent link (Oct 18, 2021): https://t.me/An0nymousTeam/1429\"\", \"\"Sources\"\": [\"\"Y7TWfI\"\"], \"\"Timestamp\"\": \"\"2021-10-18T12:09:43.000Z\"\", \"\"Name\"\": \"\"linkedToCyberAttack\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Malware\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"47 sightings on 16 sources including: Ichunqiu Forum, Doc Player, ArXiv, GitHub, droppdf.com. 18 related malware families including Fakespy, Trojan, Offensive Security Tools (OST), Spyware, Dardesh. Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se você jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. Tô rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321\"\", \"\"Sources\"\": [\"\"TGXqeD\"\", \"\"W4ygGi\"\", \"\"L3kVdM\"\", \"\"QMfGAr\"\", \"\"kuKt0c\"\", \"\"QAy9GA\"\", \"\"JOU\"\", \"\"MIKjae\"\", \"\"P_oIyV\"\", \"\"QJ6TQK\"\", \"\"idn:droppdf.com\"\", \"\"Ql9O5c\"\", \"\"QAmbRP\"\", \"\"Tq2nAb\"\", \"\"TbciDE\"\", \"\"idn:index-of.es\"\"], \"\"Timestamp\"\": \"\"2021-11-27T23:07:37.000Z\"\", \"\"Name\"\": \"\"linkedToMalware\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Positive Malware Verdict\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: ReversingLabs. Most recent link (Jul 1, 2019): ReversingLabs malware file analysis.\"\", \"\"Sources\"\": [\"\"TbciDE\"\"], \"\"Timestamp\"\": \"\"2019-07-01T00:00:00.000Z\"\", \"\"Name\"\": \"\"positiveMalwareVerdict\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "16 sightings on 4 sources: Guided Collection, Bleepingcomputer Forums, ISC | All Updates, Malwarebytes Unpacked. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561", "MitigationString": "", @@ -939,7 +939,7 @@ "Timestamp": "2021-12-21T08:40:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "6 sightings on 6 sources including: malwareresearch, AAPKS.com, @Shouvik95232310, @santGM. 3 related attack vectors: Phishing, Click Fraud, Typosquatting. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752", "MitigationString": "", @@ -956,7 +956,7 @@ "Timestamp": "2021-12-25T03:23:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Messaging Platforms - Uncategorized. Most recent link (Oct 18, 2021): https://t.me/An0nymousTeam/1429", "MitigationString": "", @@ -968,7 +968,7 @@ "Timestamp": "2021-10-18T12:09:43.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "47 sightings on 16 sources including: Ichunqiu Forum, Doc Player, ArXiv, GitHub, droppdf.com. 18 related malware families including Fakespy, Trojan, Offensive Security Tools (OST), Spyware, Dardesh. Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se você jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. Tô rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321", "MitigationString": "", @@ -995,7 +995,7 @@ "Timestamp": "2021-11-27T23:07:37.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: ReversingLabs. Most recent link (Jul 1, 2019): ReversingLabs malware file analysis.", "MitigationString": "", @@ -1028,20 +1028,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"01ba1fb41632594997a41d0c3a911ae5b3034d566ebb991ef76ad76e6f9e283a\",\"SHA-256\",\"89\",\"5/14\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Trend Micro. Most recent link (Mar 11, 2021): https://documents.trendmicro.com/assets/pdf/Technical_Brief_Uncleanable_and_Unkillable_The_Evolution_of_IoT_Botnets_Through_P2P_Networking.pdf\"\", \"\"Sources\"\": [\"\"T5\"\"], \"\"Timestamp\"\": \"\"2021-03-11T00:00:00.000Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Linked to Attack Vector\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"31 sightings on 4 sources: @m0rb, @bad_packets, @InfoSex11, @luc4m. 2 related attack vectors: DDOS, Command Injection. Most recent tweet: 2021-06-17T23:29:30 - Commented: https://t.co/j2a05iXOiI #malware #commandinjection. Most recent link (Jun 17, 2021): https://twitter.com/m0rb/statuses/1405668962462011401\"\", \"\"Sources\"\": [\"\"KFwzec\"\", \"\"TGgDPZ\"\", \"\"cgGiXI\"\", \"\"LMcjZ7\"\"], \"\"Timestamp\"\": \"\"2021-06-17T23:29:31.000Z\"\", \"\"Name\"\": \"\"linkedToVector\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Cyber Attack\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"3 sightings on 2 sources: @bad_packets, @swarmdotmarket. Most recent tweet: New #Mozi #malware targets #IoT devices -- research via @BlackLotusLabs -- Samples here in PolySwarm, free to download: https://t.co/JYkyEPPWmH https://t.co/jioPHPnJj9 #threatintel #botnet #infosec Most recent link (Apr 20, 2020): https://twitter.com/PolySwarm/statuses/1252347003457073155\"\", \"\"Sources\"\": [\"\"TGgDPZ\"\", \"\"UBjcy3\"\"], \"\"Timestamp\"\": \"\"2020-04-20T21:22:47.000Z\"\", \"\"Name\"\": \"\"linkedToCyberAttack\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Malware\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"87 sightings on 15 sources including: lumen.com, HackDig Posts, Anquanke News, Daily Dot, centurylink.com. 7 related malware families including Mozi Botnet, Trojan, Qbot, Mirai, DDOS Toolkit. Most recent tweet: New #Mozi #malware targets #IoT devices -- research via @BlackLotusLabs -- Samples here in PolySwarm, free to download: https://t.co/JYkyEPPWmH https://t.co/jioPHPnJj9 #threatintel #botnet #infosec. Most recent link (Apr 20, 2020): https://twitter.com/PolySwarm/statuses/1252347003457073155\"\", \"\"Sources\"\": [\"\"idn:lumen.com\"\", \"\"POs2u-\"\", \"\"U13S_U\"\", \"\"Jzl3yj\"\", \"\"idn:centurylink.com\"\", \"\"doLlw5\"\", \"\"POs2t2\"\", \"\"idn:cyberswachhtakendra.gov.in\"\", \"\"idn:hackxsecurity.com\"\", \"\"TGgDPZ\"\", \"\"Jv_xrR\"\", \"\"TSFWTv\"\", \"\"LMcjZ7\"\", \"\"UBjcy3\"\", \"\"TbciDE\"\"], \"\"Timestamp\"\": \"\"2020-04-20T21:22:47.000Z\"\", \"\"Name\"\": \"\"linkedToMalware\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Positive Malware Verdict\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"5 sightings on 3 sources: Recorded Future Malware Detonation, ReversingLabs, PolySwarm. Most recent link (Nov 28, 2019): ReversingLabs malware file analysis.\"\", \"\"Sources\"\": [\"\"TAIz7D\"\", \"\"TbciDE\"\", \"\"doLlw5\"\"], \"\"Timestamp\"\": \"\"2021-04-04T07:46:20.000Z\"\", \"\"Name\"\": \"\"positiveMalwareVerdict\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Trend Micro. Most recent link (Mar 11, 2021): https://documents.trendmicro.com/assets/pdf/Technical_Brief_Uncleanable_and_Unkillable_The_Evolution_of_IoT_Botnets_Through_P2P_Networking.pdf", "MitigationString": "", @@ -1053,7 +1053,7 @@ "Timestamp": "2021-03-11T00:00:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "31 sightings on 4 sources: @m0rb, @bad_packets, @InfoSex11, @luc4m. 2 related attack vectors: DDOS, Command Injection. Most recent tweet: 2021-06-17T23:29:30 - Commented: https://t.co/j2a05iXOiI #malware #commandinjection. Most recent link (Jun 17, 2021): https://twitter.com/m0rb/statuses/1405668962462011401", "MitigationString": "", @@ -1068,7 +1068,7 @@ "Timestamp": "2021-06-17T23:29:31.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "3 sightings on 2 sources: @bad_packets, @swarmdotmarket. Most recent tweet: New #Mozi #malware targets #IoT devices -- research via @BlackLotusLabs -- Samples here in PolySwarm, free to download: https://t.co/JYkyEPPWmH https://t.co/jioPHPnJj9 #threatintel #botnet #infosec Most recent link (Apr 20, 2020): https://twitter.com/PolySwarm/statuses/1252347003457073155", "MitigationString": "", @@ -1081,7 +1081,7 @@ "Timestamp": "2020-04-20T21:22:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "87 sightings on 15 sources including: lumen.com, HackDig Posts, Anquanke News, Daily Dot, centurylink.com. 7 related malware families including Mozi Botnet, Trojan, Qbot, Mirai, DDOS Toolkit. Most recent tweet: New #Mozi #malware targets #IoT devices -- research via @BlackLotusLabs -- Samples here in PolySwarm, free to download: https://t.co/JYkyEPPWmH https://t.co/jioPHPnJj9 #threatintel #botnet #infosec. Most recent link (Apr 20, 2020): https://twitter.com/PolySwarm/statuses/1252347003457073155", "MitigationString": "", @@ -1107,7 +1107,7 @@ "Timestamp": "2020-04-20T21:22:47.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "5 sightings on 3 sources: Recorded Future Malware Detonation, ReversingLabs, PolySwarm. Most recent link (Nov 28, 2019): ReversingLabs malware file analysis.", "MitigationString": "", @@ -1142,20 +1142,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"fecddb7f3fa478be4687ca542c0ecf232ec35a0c2418c8bfe4875686ec373c1e\",\"SHA-256\",\"89\",\"6/14\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"45 sightings on 9 sources including: Security Bloggers Network, Bleeping Computer, Guided Collection, Bleepingcomputer Forums, TheServerSide.com | Updates. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561\"\", \"\"Sources\"\": [\"\"NSAcUx\"\", \"\"J6UzbO\"\", \"\"Rlso4a\"\", \"\"hkE5DK\"\", \"\"cJMUDF\"\", \"\"TZRwk8\"\", \"\"QMTzEI\"\", \"\"LUhTGd\"\", \"\"J5NRun\"\"], \"\"Timestamp\"\": \"\"2021-12-21T08:40:00.000Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Linked to Attack Vector\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"29 sightings on 24 sources including: Carder Forum (carder.uk), wordpress.com, AAPKS.com, malwareresearch, @phishingalert, @GelosSnake, @rpsanch, @rce_coder. 7 related attack vectors including Crimeware, Phishing, Remote Code Execution, Malvertising, Click Fraud. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752\"\", \"\"Sources\"\": [\"\"T1bwMv\"\", \"\"LC-zVm\"\", \"\"P_upBR\"\", \"\"T2OA5Q\"\", \"\"K20lXV\"\", \"\"TGgDPZ\"\", \"\"hkIDTa\"\", \"\"LqRZCN\"\", \"\"Vd51cf\"\", \"\"ha2FFj\"\", \"\"UmsU31\"\", \"\"ddafo3\"\", \"\"K7wUX2\"\", \"\"P_ivKa\"\", \"\"idn:wordpress.com\"\", \"\"J-mrOR\"\", \"\"QPbAan\"\", \"\"VeioBt\"\", \"\"WlbRkJ\"\", \"\"TvfQzk\"\", \"\"TP1vbk\"\", \"\"SrKvJ0\"\", \"\"SqCj4s\"\", \"\"VXaDYo\"\"], \"\"Timestamp\"\": \"\"2021-12-25T03:23:47.000Z\"\", \"\"Name\"\": \"\"linkedToVector\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Vulnerability\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Messaging Platforms - Uncategorized. 2 related cyber vulnerabilities: CVE-2016-6663, CWE-362.\"\", \"\"Sources\"\": [\"\"Y7TWfI\"\"], \"\"Timestamp\"\": \"\"2021-12-29T07:27:12.565Z\"\", \"\"Name\"\": \"\"linkedToVuln\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Cyber Attack\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"10 sightings on 7 sources including: SANS Institute Course Selector Results, Messaging Platforms - Uncategorized, @ecstatic_nobel, @Artilllerie. Most recent tweet: Active cred #phishing/malware distribution campaign on 185.186.245.101 with kits targeting @Office365 and @WeTransfer brands. Windows malware submitted to VT here: https://t.co/edCd4sOnAI domains: https://t.co/4GdqctLwkY cc: @malwrhunterteam @JayTHL @SteveD3 @thepacketrat https://t.co/e9d3R7fzIq. Most recent link (May 28, 2019): https://twitter.com/PhishingAi/statuses/1133376801831436289\"\", \"\"Sources\"\": [\"\"Ym7dzt\"\", \"\"LKKAV1\"\", \"\"OuKV3V\"\", \"\"VeioBt\"\", \"\"Y7TWfI\"\", \"\"KGS-xC\"\", \"\"KFSXln\"\"], \"\"Timestamp\"\": \"\"2019-05-28T14:17:41.000Z\"\", \"\"Name\"\": \"\"linkedToCyberAttack\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Malware\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"114 sightings on 42 sources including: Doc Player, GhostBin, Codex - Recent changes en, droppdf.com, ReversingLabs. 41 related malware families including Dardesh, AZORult, Emotet, GandCrab, Offensive Security Tools (OST). Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se você jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. Tô rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321\"\", \"\"Sources\"\": [\"\"QWOrKl\"\", \"\"LKKAV1\"\", \"\"W4ygGi\"\", \"\"PATKM7\"\", \"\"T1bwMv\"\", \"\"LjkJhE\"\", \"\"kuKt0c\"\", \"\"QAy9GA\"\", \"\"LbYmLr\"\", \"\"K20lXV\"\", \"\"QZe7TG\"\", \"\"idn:droppdf.com\"\", \"\"QAmbRP\"\", \"\"TbciDE\"\", \"\"P_j5Dw\"\", \"\"QNmgPm\"\", \"\"TGXqeD\"\", \"\"POs2u-\"\", \"\"KGS-xC\"\", \"\"L3kVdM\"\", \"\"QMfGAr\"\", \"\"h6VVAH\"\", \"\"doLlw5\"\", \"\"UrsUKT\"\", \"\"JOU\"\", \"\"MIKjae\"\", \"\"P_oIyV\"\", \"\"QJ6TQK\"\", \"\"RfVd0T\"\", \"\"J6UzbO\"\", \"\"POs2tz\"\", \"\"VfsacJ\"\", \"\"Jv_xrR\"\", \"\"Ql9O5c\"\", \"\"USKpXp\"\", \"\"TP1vbk\"\", \"\"SrKvJ0\"\", \"\"Tq2nAb\"\", \"\"KFSXln\"\", \"\"P_ov9o\"\", \"\"VXaDYo\"\", \"\"idn:index-of.es\"\"], \"\"Timestamp\"\": \"\"2021-11-27T23:07:37.000Z\"\", \"\"Name\"\": \"\"linkedToMalware\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Positive Malware Verdict\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"2 sightings on 2 sources: ReversingLabs, PolySwarm. Most recent link (Apr 19, 2018): ReversingLabs malware file analysis.\"\", \"\"Sources\"\": [\"\"TbciDE\"\", \"\"doLlw5\"\"], \"\"Timestamp\"\": \"\"2021-02-10T09:10:10.000Z\"\", \"\"Name\"\": \"\"positiveMalwareVerdict\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "45 sightings on 9 sources including: Security Bloggers Network, Bleeping Computer, Guided Collection, Bleepingcomputer Forums, TheServerSide.com | Updates. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561", "MitigationString": "", @@ -1175,7 +1175,7 @@ "Timestamp": "2021-12-21T08:40:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "29 sightings on 24 sources including: Carder Forum (carder.uk), wordpress.com, AAPKS.com, malwareresearch, @phishingalert, @GelosSnake, @rpsanch, @rce_coder. 7 related attack vectors including Crimeware, Phishing, Remote Code Execution, Malvertising, Click Fraud. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752", "MitigationString": "", @@ -1210,7 +1210,7 @@ "Timestamp": "2021-12-25T03:23:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Messaging Platforms - Uncategorized. 2 related cyber vulnerabilities: CVE-2016-6663, CWE-362.", "MitigationString": "", @@ -1222,7 +1222,7 @@ "Timestamp": "2021-12-29T07:27:12.565Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "10 sightings on 7 sources including: SANS Institute Course Selector Results, Messaging Platforms - Uncategorized, @ecstatic_nobel, @Artilllerie. Most recent tweet: Active cred #phishing/malware distribution campaign on 185.186.245.101 with kits targeting @Office365 and @WeTransfer brands. Windows malware submitted to VT here: https://t.co/edCd4sOnAI domains: https://t.co/4GdqctLwkY cc: @malwrhunterteam @JayTHL @SteveD3 @thepacketrat https://t.co/e9d3R7fzIq. Most recent link (May 28, 2019): https://twitter.com/PhishingAi/statuses/1133376801831436289", "MitigationString": "", @@ -1240,7 +1240,7 @@ "Timestamp": "2019-05-28T14:17:41.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "114 sightings on 42 sources including: Doc Player, GhostBin, Codex - Recent changes en, droppdf.com, ReversingLabs. 41 related malware families including Dardesh, AZORult, Emotet, GandCrab, Offensive Security Tools (OST). Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se você jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. Tô rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321", "MitigationString": "", @@ -1293,7 +1293,7 @@ "Timestamp": "2021-11-27T23:07:37.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "2 sightings on 2 sources: ReversingLabs, PolySwarm. Most recent link (Apr 19, 2018): ReversingLabs malware file analysis.", "MitigationString": "", @@ -1327,20 +1327,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"a1d9cd6f189beff28a0a49b10f8fe4510128471f004b3e4283ddc7f78594906b\",\"SHA-256\",\"89\",\"3/14\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"58 sightings on 5 sources: SecureWorks, InfoCON: green, McAfee, Talos Intel, Kaspersky Securelist and Lab. Most recent link (Jun 28, 2018): https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27077/en_US/McAfee_Labs_WannaCry_June24_2018.pdf\"\", \"\"Sources\"\": [\"\"Z2mQh2\"\", \"\"2d\"\", \"\"rN\"\", \"\"PA-rR4\"\", \"\"4n\"\"], \"\"Timestamp\"\": \"\"2018-06-28T08:11:36.570Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Linked to Malware\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1688 sightings on 26 sources including: lnkd.in, Doc Player, Cyber4Sight, voicebox.pt, VKontakte. 2 related malware families: Wcry, Ransomware. Most recent link (Sep 13, 2017): https://malwr.com/analysis/ZmIzN2E3MzQyM2I0NDYwODllOWRhMmQxODg3YzMxZDA/\"\", \"\"Sources\"\": [\"\"idn:lnkd.in\"\", \"\"W4ygGi\"\", \"\"S2tpaX\"\", \"\"idn:voicebox.pt\"\", \"\"SIjHV9\"\", \"\"PJHGaq\"\", \"\"PA-rR4\"\", \"\"Z2mQh2\"\", \"\"e_\"\", \"\"idn:gofastbuy.com\"\", \"\"idn:ziftsolutions.com\"\", \"\"POs2u-\"\", \"\"KHpcuE\"\", \"\"QccsRc\"\", \"\"idn:dfir.pro\"\", \"\"idn:nksc.lt\"\", \"\"idn:dy.si\"\", \"\"KZFCph\"\", \"\"rN\"\", \"\"QYsx0D\"\", \"\"idn:logrhythm.com\"\", \"\"Jv_xrR\"\", \"\"idn:safe-cyberdefense.com\"\", \"\"4n\"\", \"\"QS89Bx\"\", \"\"NKaUXl\"\"], \"\"Timestamp\"\": \"\"2017-09-13T00:00:00.000Z\"\", \"\"Name\"\": \"\"linkedToMalware\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Positive Malware Verdict\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: Recorded Future Malware Detonation.\"\", \"\"Sources\"\": [\"\"TAIz7D\"\"], \"\"Timestamp\"\": \"\"2020-10-13T10:46:31.000Z\"\", \"\"Name\"\": \"\"positiveMalwareVerdict\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "58 sightings on 5 sources: SecureWorks, InfoCON: green, McAfee, Talos Intel, Kaspersky Securelist and Lab. Most recent link (Jun 28, 2018): https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27077/en_US/McAfee_Labs_WannaCry_June24_2018.pdf", "MitigationString": "", @@ -1356,7 +1356,7 @@ "Timestamp": "2018-06-28T08:11:36.570Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1688 sightings on 26 sources including: lnkd.in, Doc Player, Cyber4Sight, voicebox.pt, VKontakte. 2 related malware families: Wcry, Ransomware. Most recent link (Sep 13, 2017): https://malwr.com/analysis/ZmIzN2E3MzQyM2I0NDYwODllOWRhMmQxODg3YzMxZDA/", "MitigationString": "", @@ -1393,7 +1393,7 @@ "Timestamp": "2017-09-13T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "2 sightings on 1 source: Recorded Future Malware Detonation.", "MitigationString": "", @@ -1426,20 +1426,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"85aba198a0ba204e8549ea0c8980447249d30dece0d430e3f517315ad10f32ce\",\"SHA-256\",\"89\",\"5/14\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"16 sightings on 4 sources: Guided Collection, Bleepingcomputer Forums, ISC | All Updates, Malwarebytes Unpacked. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561\"\", \"\"Sources\"\": [\"\"Rlso4a\"\", \"\"hkE5DK\"\", \"\"TZRwk8\"\", \"\"J5NRun\"\"], \"\"Timestamp\"\": \"\"2021-12-21T08:40:00.000Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Linked to Attack Vector\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"6 sightings on 6 sources including: malwareresearch, AAPKS.com, @Shouvik95232310, @santGM. 3 related attack vectors: Phishing, Click Fraud, Typosquatting. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752\"\", \"\"Sources\"\": [\"\"WlbRkJ\"\", \"\"ha2FFj\"\", \"\"K7wUX2\"\", \"\"P_ivKa\"\", \"\"J-mrOR\"\", \"\"P_upBR\"\"], \"\"Timestamp\"\": \"\"2021-12-25T03:23:47.000Z\"\", \"\"Name\"\": \"\"linkedToVector\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Cyber Attack\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Messaging Platforms - Uncategorized. Most recent link (Oct 18, 2021): https://t.me/An0nymousTeam/1429\"\", \"\"Sources\"\": [\"\"Y7TWfI\"\"], \"\"Timestamp\"\": \"\"2021-10-18T12:09:43.000Z\"\", \"\"Name\"\": \"\"linkedToCyberAttack\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Linked to Malware\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"43 sightings on 14 sources including: Ichunqiu Forum, Doc Player, ArXiv, GitHub, droppdf.com. 19 related malware families including Fakespy, Trojan, Offensive Security Tools (OST), Spyware, Dardesh. Most recent tweet: RT @demonslay335: #STOP #Djvu #Ransomware extension \\\"\".mogera\\\"\" (v090): https://t.co/wlMcSE2EHj | https://t.co/XAYkOoOReU. Most recent link (May 27, 2019): https://twitter.com/DrolSecurity/statuses/1133117241388621825\"\", \"\"Sources\"\": [\"\"TGXqeD\"\", \"\"W4ygGi\"\", \"\"L3kVdM\"\", \"\"QMfGAr\"\", \"\"QAy9GA\"\", \"\"JOU\"\", \"\"MIKjae\"\", \"\"P_oIyV\"\", \"\"QJ6TQK\"\", \"\"idn:droppdf.com\"\", \"\"Ql9O5c\"\", \"\"QAmbRP\"\", \"\"Tq2nAb\"\", \"\"idn:index-of.es\"\"], \"\"Timestamp\"\": \"\"2019-05-27T21:06:17.000Z\"\", \"\"Name\"\": \"\"linkedToMalware\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Positive Malware Verdict\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: PolySwarm. Most recent link (Mar 8, 2021): https://polyswarm.network/scan/results/file/85aba198a0ba204e8549ea0c8980447249d30dece0d430e3f517315ad10f32ce\"\", \"\"Sources\"\": [\"\"doLlw5\"\"], \"\"Timestamp\"\": \"\"2021-03-08T13:00:15.000Z\"\", \"\"Name\"\": \"\"positiveMalwareVerdict\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "16 sightings on 4 sources: Guided Collection, Bleepingcomputer Forums, ISC | All Updates, Malwarebytes Unpacked. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561", "MitigationString": "", @@ -1454,7 +1454,7 @@ "Timestamp": "2021-12-21T08:40:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "6 sightings on 6 sources including: malwareresearch, AAPKS.com, @Shouvik95232310, @santGM. 3 related attack vectors: Phishing, Click Fraud, Typosquatting. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752", "MitigationString": "", @@ -1471,7 +1471,7 @@ "Timestamp": "2021-12-25T03:23:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Messaging Platforms - Uncategorized. Most recent link (Oct 18, 2021): https://t.me/An0nymousTeam/1429", "MitigationString": "", @@ -1483,7 +1483,7 @@ "Timestamp": "2021-10-18T12:09:43.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "43 sightings on 14 sources including: Ichunqiu Forum, Doc Player, ArXiv, GitHub, droppdf.com. 19 related malware families including Fakespy, Trojan, Offensive Security Tools (OST), Spyware, Dardesh. Most recent tweet: RT @demonslay335: #STOP #Djvu #Ransomware extension \".mogera\" (v090): https://t.co/wlMcSE2EHj | https://t.co/XAYkOoOReU. Most recent link (May 27, 2019): https://twitter.com/DrolSecurity/statuses/1133117241388621825", "MitigationString": "", @@ -1508,7 +1508,7 @@ "Timestamp": "2019-05-27T21:06:17.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: PolySwarm. Most recent link (Mar 8, 2021): https://polyswarm.network/scan/results/file/85aba198a0ba204e8549ea0c8980447249d30dece0d430e3f517315ad10f32ce", "MitigationString": "", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json index abc0de749a6..509d4cb7da3 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json @@ -2,20 +2,20 @@ "expected": [ { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"21 sightings on 4 sources: Proofpoint, PasteBin, The Daily Advance, @DGAFeedAlerts. Most recent tweet: New ramnit Dom: xohrikvjhiu[.]eu IP: 13[.]90[.]196[.]81 NS: https://t.co/nTqEOuAW2E https://t.co/QdrtFSplyz. Most recent link (Nov 16, 2019): https://twitter.com/DGAFeedAlerts/statuses/1195824847915491329\\\", \\\"Sources\\\": [\\\"QQA438\\\", \\\"Jv_xrR\\\", \\\"SlNfa3\\\", \\\"KvPSaU\\\"], \\\"Timestamp\\\": \\\"2019-11-16T22:03:55.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"18 sightings on 2 sources: Proofpoint, The Daily Advance. Most recent link (Nov 12, 2018): https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy#.W-nmxyGcuiY.twitter\\\", \\\"Sources\\\": [\\\"QQA438\\\", \\\"KvPSaU\\\"], \\\"Timestamp\\\": \\\"2018-11-12T20:48:08.675Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Referenced by Insikt Group\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Insikt Group. 1 report: Proofpoint Researchers Observe sLoad and Ramnit in Campaigns Against The U.K. and Italy. Most recent link (Oct 23, 2018): https://app.recordedfuture.com/live/sc/4KSWum2M6Lx7\\\", \\\"Sources\\\": [\\\"VKz42X\\\"], \\\"Timestamp\\\": \\\"2018-10-23T00:00:00.000Z\\\", \\\"Name\\\": \\\"relatedNote\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Operation\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Mar 23, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-03-23T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\\\", \\\"Sources\\\": [\\\"report:QhR8Qs\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:12:02.455Z\\\", \\\"Name\\\": \\\"recentCncSite\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"xohrikvjhiu.eu\", \"Risk\": \"96\", \"RiskString\": \"5/45\"}", - "risk_score": 96, + "risk_score": 96.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "21 sightings on 4 sources: Proofpoint, PasteBin, The Daily Advance, @DGAFeedAlerts. Most recent tweet: New ramnit Dom: xohrikvjhiu[.]eu IP: 13[.]90[.]196[.]81 NS: https://t.co/nTqEOuAW2E https://t.co/QdrtFSplyz. Most recent link (Nov 16, 2019): https://twitter.com/DGAFeedAlerts/statuses/1195824847915491329", "MitigationString": "", @@ -30,7 +30,7 @@ "Timestamp": "2019-11-16T22:03:55.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "18 sightings on 2 sources: Proofpoint, The Daily Advance. Most recent link (Nov 12, 2018): https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy#.W-nmxyGcuiY.twitter", "MitigationString": "", @@ -43,7 +43,7 @@ "Timestamp": "2018-11-12T20:48:08.675Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: Proofpoint Researchers Observe sLoad and Ramnit in Campaigns Against The U.K. and Italy. Most recent link (Oct 23, 2018): https://app.recordedfuture.com/live/sc/4KSWum2M6Lx7", "MitigationString": "", @@ -55,7 +55,7 @@ "Timestamp": "2018-10-23T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Mar 23, 2021.", "MitigationString": "", @@ -67,7 +67,7 @@ "Timestamp": "2021-03-23T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -98,20 +98,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported by DHS AIS\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-216d34d4-67bd-4add-ae6e-4ddec27dcb0e (Jul 25, 2019).\\\", \\\"Sources\\\": [\\\"UZNze8\\\"], \\\"Timestamp\\\": \\\"2019-07-25T00:46:19.000Z\\\", \\\"Name\\\": \\\"dhsAis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: MALWARE BREAKDOWN. Most recent link (May 17, 2017): https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/\\\", \\\"Sources\\\": [\\\"ST7rfx\\\"], \\\"Timestamp\\\": \\\"2017-05-17T19:31:06.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported in Threat List\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Jul 19, 2021, and Jul 21, 2021.\\\", \\\"Sources\\\": [\\\"report:Tluf00\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:21:52.311Z\\\", \\\"Name\\\": \\\"historicalThreatListMembership\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Operation\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jul 9, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-07-09T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Malware Analysis DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: Malwr.com. Most recent link (Jul 6, 2017): https://malwr.com/analysis/ZmMxNWJlYWU1NTI4NDA1Nzg3YTc5MWViNTA0YTNhYmQ/\\\", \\\"Sources\\\": [\\\"NKaUXl\\\"], \\\"Timestamp\\\": \\\"2017-07-06T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareAnalysis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\\\", \\\"Sources\\\": [\\\"report:QhR8Qs\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:21:52.303Z\\\", \\\"Name\\\": \\\"recentCncSite\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"wgwuhauaqcrx.com\", \"Risk\": \"95\", \"RiskString\": \"6/45\"}", - "risk_score": 95, + "risk_score": 95.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-216d34d4-67bd-4add-ae6e-4ddec27dcb0e (Jul 25, 2019).", "MitigationString": "", @@ -123,7 +123,7 @@ "Timestamp": "2019-07-25T00:46:19.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: MALWARE BREAKDOWN. Most recent link (May 17, 2017): https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/", "MitigationString": "", @@ -135,7 +135,7 @@ "Timestamp": "2017-05-17T19:31:06.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Jul 19, 2021, and Jul 21, 2021.", "MitigationString": "", @@ -147,7 +147,7 @@ "Timestamp": "2021-12-29T07:21:52.311Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jul 9, 2021.", "MitigationString": "", @@ -159,7 +159,7 @@ "Timestamp": "2021-07-09T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Malwr.com. Most recent link (Jul 6, 2017): https://malwr.com/analysis/ZmMxNWJlYWU1NTI4NDA1Nzg3YTc5MWViNTA0YTNhYmQ/", "MitigationString": "", @@ -171,7 +171,7 @@ "Timestamp": "2017-07-06T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -202,20 +202,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: wbmpvebw[.]com IP: 209[.]99[.]40[.]220 NS: https://t.co/bH4I7LoMNf https://t.co/KTCPYU87bT. Most recent link (Jan 4, 2020): https://twitter.com/DGAFeedAlerts/statuses/1213551578264821760\\\", \\\"Sources\\\": [\\\"SlNfa3\\\"], \\\"Timestamp\\\": \\\"2020-01-04T20:03:37.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\\\", \\\"Sources\\\": [\\\"KVQ2PB\\\"], \\\"Timestamp\\\": \\\"2017-03-08T01:18:17.569Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported in Threat List\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Feb 18, 2021, and Feb 24, 2021.\\\", \\\"Sources\\\": [\\\"report:Tluf00\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:16:05.008Z\\\", \\\"Name\\\": \\\"historicalThreatListMembership\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Operation\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 30, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-06-30T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Malware Analysis DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/NzhlZjJmMDA1MTMyNGM5NDg3YTQwMzI5YzAzMzY1NTg/\\\", \\\"Sources\\\": [\\\"NKaUXl\\\"], \\\"Timestamp\\\": \\\"2017-05-08T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareAnalysis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\\\", \\\"Sources\\\": [\\\"report:QhR8Qs\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:16:05.007Z\\\", \\\"Name\\\": \\\"recentCncSite\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"wbmpvebw.com\", \"Risk\": \"95\", \"RiskString\": \"6/45\"}", - "risk_score": 95, + "risk_score": 95.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: wbmpvebw[.]com IP: 209[.]99[.]40[.]220 NS: https://t.co/bH4I7LoMNf https://t.co/KTCPYU87bT. Most recent link (Jan 4, 2020): https://twitter.com/DGAFeedAlerts/statuses/1213551578264821760", "MitigationString": "", @@ -227,7 +227,7 @@ "Timestamp": "2020-01-04T20:03:37.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -239,7 +239,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Feb 18, 2021, and Feb 24, 2021.", "MitigationString": "", @@ -251,7 +251,7 @@ "Timestamp": "2021-12-29T07:16:05.008Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 30, 2021.", "MitigationString": "", @@ -263,7 +263,7 @@ "Timestamp": "2021-06-30T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/NzhlZjJmMDA1MTMyNGM5NDg3YTQwMzI5YzAzMzY1NTg/", "MitigationString": "", @@ -275,7 +275,7 @@ "Timestamp": "2017-05-08T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -306,20 +306,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: ckgryagcibbcf[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/nKWfZguQSF https://t.co/czXUwYeuxf. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333576053207040\\\", \\\"Sources\\\": [\\\"SlNfa3\\\"], \\\"Timestamp\\\": \\\"2021-02-01T20:08:18.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\\\", \\\"Sources\\\": [\\\"KVQ2PB\\\"], \\\"Timestamp\\\": \\\"2017-03-08T01:18:17.569Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Operation\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 15, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-06-15T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Malware Analysis DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Malwr.com. Most recent link (Apr 11, 2016): https://malwr.com/analysis/YjVjNzlmNjdhMDMyNDY2MjkzY2FkMjQzOWJiNmUyOWI/\\\", \\\"Sources\\\": [\\\"NKaUXl\\\"], \\\"Timestamp\\\": \\\"2016-04-11T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareAnalysis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\\\", \\\"Sources\\\": [\\\"report:QhR8Qs\\\"], \\\"Timestamp\\\": \\\"2021-12-29T06:40:44.358Z\\\", \\\"Name\\\": \\\"recentCncSite\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"ckgryagcibbcf.com\", \"Risk\": \"94\", \"RiskString\": \"5/45\"}", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: ckgryagcibbcf[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/nKWfZguQSF https://t.co/czXUwYeuxf. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333576053207040", "MitigationString": "", @@ -331,7 +331,7 @@ "Timestamp": "2021-02-01T20:08:18.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -343,7 +343,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 15, 2021.", "MitigationString": "", @@ -355,7 +355,7 @@ "Timestamp": "2021-06-15T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Malwr.com. Most recent link (Apr 11, 2016): https://malwr.com/analysis/YjVjNzlmNjdhMDMyNDY2MjkzY2FkMjQzOWJiNmUyOWI/", "MitigationString": "", @@ -367,7 +367,7 @@ "Timestamp": "2016-04-11T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -398,20 +398,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: jpuityvakjgg[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/nKWfZguQSF https://t.co/czXUwYeuxf. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333600627683330\\\", \\\"Sources\\\": [\\\"SlNfa3\\\"], \\\"Timestamp\\\": \\\"2021-02-01T20:08:24.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\\\", \\\"Sources\\\": [\\\"KVQ2PB\\\"], \\\"Timestamp\\\": \\\"2017-03-08T01:18:17.569Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Operation\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 17, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-06-17T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Malware Analysis DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/NzhlZjJmMDA1MTMyNGM5NDg3YTQwMzI5YzAzMzY1NTg/\\\", \\\"Sources\\\": [\\\"NKaUXl\\\"], \\\"Timestamp\\\": \\\"2017-05-08T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareAnalysis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\\\", \\\"Sources\\\": [\\\"report:QhR8Qs\\\"], \\\"Timestamp\\\": \\\"2021-12-29T06:46:28.155Z\\\", \\\"Name\\\": \\\"recentCncSite\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"jpuityvakjgg.com\", \"Risk\": \"94\", \"RiskString\": \"5/45\"}", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: jpuityvakjgg[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/nKWfZguQSF https://t.co/czXUwYeuxf. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333600627683330", "MitigationString": "", @@ -423,7 +423,7 @@ "Timestamp": "2021-02-01T20:08:24.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -435,7 +435,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 17, 2021.", "MitigationString": "", @@ -447,7 +447,7 @@ "Timestamp": "2021-06-17T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/NzhlZjJmMDA1MTMyNGM5NDg3YTQwMzI5YzAzMzY1NTg/", "MitigationString": "", @@ -459,7 +459,7 @@ "Timestamp": "2017-05-08T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -490,20 +490,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: jexgpprgph[.]com IP: 209[.]99[.]40[.]222 NS: https://t.co/IGcQwMvzjy https://t.co/J2gdsVMl8U. Most recent link (Dec 13, 2018): https://twitter.com/DGAFeedAlerts/statuses/1073277207919947778\\\", \\\"Sources\\\": [\\\"SlNfa3\\\"], \\\"Timestamp\\\": \\\"2018-12-13T18:03:21.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\\\", \\\"Sources\\\": [\\\"KVQ2PB\\\"], \\\"Timestamp\\\": \\\"2017-03-08T01:18:17.569Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Operation\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 30, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-06-30T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Malware Analysis DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/MDcwMzAxMzhkZGIwNGI5Y2I0ZGMyMDY1NzhlZmUzNGI/\\\", \\\"Sources\\\": [\\\"NKaUXl\\\"], \\\"Timestamp\\\": \\\"2017-05-08T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareAnalysis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\\\", \\\"Sources\\\": [\\\"report:QhR8Qs\\\"], \\\"Timestamp\\\": \\\"2021-12-29T06:40:30.778Z\\\", \\\"Name\\\": \\\"recentCncSite\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"jexgpprgph.com\", \"Risk\": \"94\", \"RiskString\": \"5/45\"}", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: jexgpprgph[.]com IP: 209[.]99[.]40[.]222 NS: https://t.co/IGcQwMvzjy https://t.co/J2gdsVMl8U. Most recent link (Dec 13, 2018): https://twitter.com/DGAFeedAlerts/statuses/1073277207919947778", "MitigationString": "", @@ -515,7 +515,7 @@ "Timestamp": "2018-12-13T18:03:21.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -527,7 +527,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 30, 2021.", "MitigationString": "", @@ -539,7 +539,7 @@ "Timestamp": "2021-06-30T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/MDcwMzAxMzhkZGIwNGI5Y2I0ZGMyMDY1NzhlZmUzNGI/", "MitigationString": "", @@ -551,7 +551,7 @@ "Timestamp": "2017-05-08T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -582,20 +582,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: cascotqhij[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/czXUwYeuxf https://t.co/nKWfZguQSF. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333566758682629\\\", \\\"Sources\\\": [\\\"SlNfa3\\\"], \\\"Timestamp\\\": \\\"2021-02-01T20:08:16.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\\\", \\\"Sources\\\": [\\\"KVQ2PB\\\"], \\\"Timestamp\\\": \\\"2017-03-08T01:18:17.569Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Operation\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jul 27, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-07-27T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Malware Analysis DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Malwr.com. Most recent link (Apr 11, 2016): https://malwr.com/analysis/YjVjNzlmNjdhMDMyNDY2MjkzY2FkMjQzOWJiNmUyOWI/\\\", \\\"Sources\\\": [\\\"NKaUXl\\\"], \\\"Timestamp\\\": \\\"2016-04-11T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareAnalysis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\\\", \\\"Sources\\\": [\\\"report:QhR8Qs\\\"], \\\"Timestamp\\\": \\\"2021-12-29T06:34:06.062Z\\\", \\\"Name\\\": \\\"recentCncSite\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"cascotqhij.com\", \"Risk\": \"94\", \"RiskString\": \"5/45\"}", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: cascotqhij[.]com IP: 18[.]235[.]92[.]123 NS: https://t.co/czXUwYeuxf https://t.co/nKWfZguQSF. Most recent link (Feb 1, 2021): https://twitter.com/DGAFeedAlerts/statuses/1356333566758682629", "MitigationString": "", @@ -607,7 +607,7 @@ "Timestamp": "2021-02-01T20:08:16.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -619,7 +619,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jul 27, 2021.", "MitigationString": "", @@ -631,7 +631,7 @@ "Timestamp": "2021-07-27T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Malwr.com. Most recent link (Apr 11, 2016): https://malwr.com/analysis/YjVjNzlmNjdhMDMyNDY2MjkzY2FkMjQzOWJiNmUyOWI/", "MitigationString": "", @@ -643,7 +643,7 @@ "Timestamp": "2016-04-11T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -674,20 +674,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported by DHS AIS\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-e26bfe3a-8f67-4f57-9449-3f183fe94c07 (Jul 25, 2019).\\\", \\\"Sources\\\": [\\\"UZNze8\\\"], \\\"Timestamp\\\": \\\"2019-07-25T01:51:04.000Z\\\", \\\"Name\\\": \\\"dhsAis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: MALWARE BREAKDOWN. Most recent link (May 17, 2017): https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/\\\", \\\"Sources\\\": [\\\"ST7rfx\\\"], \\\"Timestamp\\\": \\\"2017-05-17T19:31:06.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Operation\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Apr 1, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-04-01T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Malware Analysis DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: Malwr.com. Most recent link (Jul 6, 2017): https://malwr.com/analysis/ZmMxNWJlYWU1NTI4NDA1Nzg3YTc5MWViNTA0YTNhYmQ/\\\", \\\"Sources\\\": [\\\"NKaUXl\\\"], \\\"Timestamp\\\": \\\"2017-07-06T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareAnalysis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\\\", \\\"Sources\\\": [\\\"report:QhR8Qs\\\"], \\\"Timestamp\\\": \\\"2021-12-29T06:45:21.381Z\\\", \\\"Name\\\": \\\"recentCncSite\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"npcvnorvyhelagx.com\", \"Risk\": \"94\", \"RiskString\": \"5/45\"}", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-e26bfe3a-8f67-4f57-9449-3f183fe94c07 (Jul 25, 2019).", "MitigationString": "", @@ -699,7 +699,7 @@ "Timestamp": "2019-07-25T01:51:04.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: MALWARE BREAKDOWN. Most recent link (May 17, 2017): https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/", "MitigationString": "", @@ -711,7 +711,7 @@ "Timestamp": "2017-05-17T19:31:06.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Apr 1, 2021.", "MitigationString": "", @@ -723,7 +723,7 @@ "Timestamp": "2021-04-01T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Malwr.com. Most recent link (Jul 6, 2017): https://malwr.com/analysis/ZmMxNWJlYWU1NTI4NDA1Nzg3YTc5MWViNTA0YTNhYmQ/", "MitigationString": "", @@ -735,7 +735,7 @@ "Timestamp": "2017-07-06T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -766,20 +766,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: uxlyihgvfnqcrfcf[.]com IP: 209[.]99[.]40[.]224 NS: https://t.co/03Dbt4N72t https://t.co/l29AcRDSvE. Most recent link (Jan 4, 2020): https://twitter.com/DGAFeedAlerts/statuses/1213551575332982790\\\", \\\"Sources\\\": [\\\"SlNfa3\\\"], \\\"Timestamp\\\": \\\"2020-01-04T20:03:36.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html\\\", \\\"Sources\\\": [\\\"KVQ2PB\\\"], \\\"Timestamp\\\": \\\"2017-03-08T01:18:17.569Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Operation\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on May 6, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-05-06T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Malware Analysis DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/MDcwMzAxMzhkZGIwNGI5Y2I0ZGMyMDY1NzhlZmUzNGI/\\\", \\\"Sources\\\": [\\\"NKaUXl\\\"], \\\"Timestamp\\\": \\\"2017-05-08T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareAnalysis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\\\", \\\"Sources\\\": [\\\"report:QhR8Qs\\\"], \\\"Timestamp\\\": \\\"2021-12-29T06:35:26.677Z\\\", \\\"Name\\\": \\\"recentCncSite\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"uxlyihgvfnqcrfcf.com\", \"Risk\": \"94\", \"RiskString\": \"5/45\"}", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: uxlyihgvfnqcrfcf[.]com IP: 209[.]99[.]40[.]224 NS: https://t.co/03Dbt4N72t https://t.co/l29AcRDSvE. Most recent link (Jan 4, 2020): https://twitter.com/DGAFeedAlerts/statuses/1213551575332982790", "MitigationString": "", @@ -791,7 +791,7 @@ "Timestamp": "2020-01-04T20:03:36.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Dynamoos Blog. Most recent link (Mar 8, 2017): http://blog.dynamoo.com/2013/05/something-evil-on-xxx-xx-xxxx.html", "MitigationString": "", @@ -803,7 +803,7 @@ "Timestamp": "2017-03-08T01:18:17.569Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on May 6, 2021.", "MitigationString": "", @@ -815,7 +815,7 @@ "Timestamp": "2021-05-06T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Malwr.com. Most recent link (May 8, 2017): https://malwr.com/analysis/MDcwMzAxMzhkZGIwNGI5Y2I0ZGMyMDY1NzhlZmUzNGI/", "MitigationString": "", @@ -827,7 +827,7 @@ "Timestamp": "2017-05-08T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -858,20 +858,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported by DHS AIS\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-fd72a0d2-bcbd-43b4-910b-9898e979a562 (Jul 24, 2019).\\\", \\\"Sources\\\": [\\\"UZNze8\\\"], \\\"Timestamp\\\": \\\"2019-07-24T23:40:35.000Z\\\", \\\"Name\\\": \\\"dhsAis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported as a Defanged DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: bjfwfqviu[.]com IP: 23[.]96[.]57[.]36 NS: https://t.co/nTqEOuAW2E https://t.co/NnqzXB3b3P. Most recent link (Jul 3, 2019): https://twitter.com/DGAFeedAlerts/statuses/1146524855602429953\\\", \\\"Sources\\\": [\\\"SlNfa3\\\"], \\\"Timestamp\\\": \\\"2019-07-03T21:03:21.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Operation\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on May 6, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-05-06T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Malware Analysis DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"3 sightings on 1 source: Malwr.com. Most recent link (Jul 6, 2017): https://malwr.com/analysis/ZDQ0ODcwOTZiN2FmNDExNmExYzA3YjUwOTcxYmRlMjE/\\\", \\\"Sources\\\": [\\\"NKaUXl\\\"], \\\"Timestamp\\\": \\\"2017-07-06T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareAnalysis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C DNS Name\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.\\\", \\\"Sources\\\": [\\\"report:QhR8Qs\\\"], \\\"Timestamp\\\": \\\"2021-12-29T06:48:58.905Z\\\", \\\"Name\\\": \\\"recentCncSite\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"bjfwfqviu.com\", \"Risk\": \"94\", \"RiskString\": \"5/45\"}", - "risk_score": 94, + "risk_score": 94.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-fd72a0d2-bcbd-43b4-910b-9898e979a562 (Jul 24, 2019).", "MitigationString": "", @@ -883,7 +883,7 @@ "Timestamp": "2019-07-24T23:40:35.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New ramnit Dom: bjfwfqviu[.]com IP: 23[.]96[.]57[.]36 NS: https://t.co/nTqEOuAW2E https://t.co/NnqzXB3b3P. Most recent link (Jul 3, 2019): https://twitter.com/DGAFeedAlerts/statuses/1146524855602429953", "MitigationString": "", @@ -895,7 +895,7 @@ "Timestamp": "2019-07-03T21:03:21.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on May 6, 2021.", "MitigationString": "", @@ -907,7 +907,7 @@ "Timestamp": "2021-05-06T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "3 sightings on 1 source: Malwr.com. Most recent link (Jul 6, 2017): https://malwr.com/analysis/ZDQ0ODcwOTZiN2FmNDExNmExYzA3YjUwOTcxYmRlMjE/", "MitigationString": "", @@ -919,7 +919,7 @@ "Timestamp": "2017-07-06T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Bambenek Consulting C\u0026C Blocklist.", "MitigationString": "", @@ -950,20 +950,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"Algorithm\": \"SHA-256\", \"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"50 sightings on 10 sources including: Security Bloggers Network, TechTarget Search Security, Bleeping Computer, Guided Collection, Bleepingcomputer Forums. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561\\\", \\\"Sources\\\": [\\\"NSAcUx\\\", \\\"KCdHcb\\\", \\\"J6UzbO\\\", \\\"Rlso4a\\\", \\\"hkE5DK\\\", \\\"cJMUDF\\\", \\\"TZRwk8\\\", \\\"QMTzEI\\\", \\\"LUhTGd\\\", \\\"J5NRun\\\"], \\\"Timestamp\\\": \\\"2021-12-21T08:40:00.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Linked to Attack Vector\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"32 sightings on 27 sources including: Carder Forum (carder.uk), wordpress.com, AAPKS.com, malwareresearch, @phishingalert, @GelosSnake, @neonprimetime, @rpsanch. 7 related attack vectors including Crimeware, Phishing, Remote Code Execution, Malvertising, Click Fraud. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752\\\", \\\"Sources\\\": [\\\"T1bwMv\\\", \\\"LC-zVm\\\", \\\"QFvaUy\\\", \\\"P_upBR\\\", \\\"T2OA5Q\\\", \\\"K20lXV\\\", \\\"TGgDPZ\\\", \\\"hkIDTa\\\", \\\"LqRZCN\\\", \\\"Vd51cf\\\", \\\"ha2FFj\\\", \\\"UmsU31\\\", \\\"K7wUX2\\\", \\\"P_ivKa\\\", \\\"Qj3TQr\\\", \\\"idn:wordpress.com\\\", \\\"J-mrOR\\\", \\\"QPbAan\\\", \\\"VeioBt\\\", \\\"WlbRkJ\\\", \\\"K7sErA\\\", \\\"TvfQzk\\\", \\\"TP1vbk\\\", \\\"SrKvJ0\\\", \\\"SqCj4s\\\", \\\"VXaDYo\\\", \\\"bk2VX4\\\"], \\\"Timestamp\\\": \\\"2021-12-25T03:23:47.000Z\\\", \\\"Name\\\": \\\"linkedToVector\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Cyber Attack\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"6 sightings on 6 sources including: Messaging Platforms - Uncategorized, @_mr_touch. Most recent tweet: Active cred #phishing/malware distribution campaign on 185.186.245.101 with kits targeting @Office365 and @WeTransfer brands. Windows malware submitted to VT here: https://t.co/edCd4sOnAI domains: https://t.co/4GdqctLwkY cc: @malwrhunterteam @JayTHL @SteveD3 @thepacketrat https://t.co/e9d3R7fzIq. Most recent link (May 28, 2019): https://twitter.com/PhishingAi/statuses/1133376801831436289\\\", \\\"Sources\\\": [\\\"XV7DoD\\\", \\\"Ym7dzt\\\", \\\"LKKAV1\\\", \\\"VeioBt\\\", \\\"Y7TWfI\\\", \\\"KGS-xC\\\"], \\\"Timestamp\\\": \\\"2019-05-28T14:17:41.000Z\\\", \\\"Name\\\": \\\"linkedToCyberAttack\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Malware\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"119 sightings on 42 sources including: Malware-Traffic-Analysis.net - Blog Entries, Doc Player, GhostBin, Data Breach Today.eu | Updates, Codex - Recent changes en. 43 related malware families including Dardesh, AZORult, Emotet, Ryuk Ransomware, GandCrab. Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se voc\\u00ea jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. T\\u00f4 rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321\\\", \\\"Sources\\\": [\\\"TvGJYk\\\", \\\"LErKlJ\\\", \\\"QWOrKl\\\", \\\"LKKAV1\\\", \\\"W4ygGi\\\", \\\"PATKM7\\\", \\\"T1bwMv\\\", \\\"TY6igj\\\", \\\"LjkJhE\\\", \\\"kuKt0c\\\", \\\"QAy9GA\\\", \\\"LbYmLr\\\", \\\"K20lXV\\\", \\\"QZe7TG\\\", \\\"idn:droppdf.com\\\", \\\"QAmbRP\\\", \\\"V_o1DL\\\", \\\"TbciDE\\\", \\\"XV7DoD\\\", \\\"P_j5Dw\\\", \\\"QNmgPm\\\", \\\"TGXqeD\\\", \\\"KGS-xC\\\", \\\"L3kVdM\\\", \\\"QMfGAr\\\", \\\"h6VVAH\\\", \\\"doLlw5\\\", \\\"UrsUKT\\\", \\\"JOU\\\", \\\"MIKjae\\\", \\\"P_oIyV\\\", \\\"QJ6TQK\\\", \\\"RfVd0T\\\", \\\"J6UzbO\\\", \\\"Ql9O5c\\\", \\\"USKpXp\\\", \\\"TP1vbk\\\", \\\"SrKvJ0\\\", \\\"Tq2nAb\\\", \\\"P_ov9o\\\", \\\"VXaDYo\\\", \\\"idn:index-of.es\\\"], \\\"Timestamp\\\": \\\"2021-11-27T23:07:37.000Z\\\", \\\"Name\\\": \\\"linkedToMalware\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Reported by DHS AIS\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-12195723-7c56-4c63-b828-fc340dd4050a (Dec 20, 2018).\\\", \\\"Sources\\\": [\\\"UZNze8\\\"], \\\"Timestamp\\\": \\\"2018-12-20T21:13:36.000Z\\\", \\\"Name\\\": \\\"dhsAis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}, {\\\"Rule\\\": \\\"Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"5 sightings on 3 sources: Malware-Traffic-Analysis.net - Blog Entries, ReversingLabs, PolySwarm. Most recent link (Dec 15, 2018): https://www.malware-traffic-analysis.net/2018/12/14/index.html\\\", \\\"Sources\\\": [\\\"LErKlJ\\\", \\\"TbciDE\\\", \\\"doLlw5\\\"], \\\"Timestamp\\\": \\\"2020-07-11T09:55:23.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"38e992eb852ab0c4ac03955fb0dc9bb38e64010fdf9c05331d2b02b6e05689c2\", \"Risk\": \"89\", \"RiskString\": \"6/14\"}", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "50 sightings on 10 sources including: Security Bloggers Network, TechTarget Search Security, Bleeping Computer, Guided Collection, Bleepingcomputer Forums. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561", "MitigationString": "", @@ -984,7 +984,7 @@ "Timestamp": "2021-12-21T08:40:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "32 sightings on 27 sources including: Carder Forum (carder.uk), wordpress.com, AAPKS.com, malwareresearch, @phishingalert, @GelosSnake, @neonprimetime, @rpsanch. 7 related attack vectors including Crimeware, Phishing, Remote Code Execution, Malvertising, Click Fraud. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752", "MitigationString": "", @@ -1022,7 +1022,7 @@ "Timestamp": "2021-12-25T03:23:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "6 sightings on 6 sources including: Messaging Platforms - Uncategorized, @_mr_touch. Most recent tweet: Active cred #phishing/malware distribution campaign on 185.186.245.101 with kits targeting @Office365 and @WeTransfer brands. Windows malware submitted to VT here: https://t.co/edCd4sOnAI domains: https://t.co/4GdqctLwkY cc: @malwrhunterteam @JayTHL @SteveD3 @thepacketrat https://t.co/e9d3R7fzIq. Most recent link (May 28, 2019): https://twitter.com/PhishingAi/statuses/1133376801831436289", "MitigationString": "", @@ -1039,7 +1039,7 @@ "Timestamp": "2019-05-28T14:17:41.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "119 sightings on 42 sources including: Malware-Traffic-Analysis.net - Blog Entries, Doc Player, GhostBin, Data Breach Today.eu | Updates, Codex - Recent changes en. 43 related malware families including Dardesh, AZORult, Emotet, Ryuk Ransomware, GandCrab. Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se você jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. Tô rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321", "MitigationString": "", @@ -1092,7 +1092,7 @@ "Timestamp": "2021-11-27T23:07:37.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-12195723-7c56-4c63-b828-fc340dd4050a (Dec 20, 2018).", "MitigationString": "", @@ -1104,7 +1104,7 @@ "Timestamp": "2018-12-20T21:13:36.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "5 sightings on 3 sources: Malware-Traffic-Analysis.net - Blog Entries, ReversingLabs, PolySwarm. Most recent link (Dec 15, 2018): https://www.malware-traffic-analysis.net/2018/12/14/index.html", "MitigationString": "", @@ -1139,20 +1139,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"Algorithm\": \"SHA-256\", \"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"28 sightings on 8 sources including: Dancho Danchev's Blog, SecureWorks, Talos Intel, Unit 42 Palo Alto Networks, Cisco Japan Blog. Most recent link (Mar 12, 2021): https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group?es_p=13420131\\\", \\\"Sources\\\": [\\\"JfqIbv\\\", \\\"Z2mQh2\\\", \\\"PA-rR4\\\", \\\"jjf3_B\\\", \\\"clDYM8\\\", \\\"T5\\\", \\\"rN\\\", \\\"J5NRun\\\"], \\\"Timestamp\\\": \\\"2021-03-12T20:30:37.672Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Linked to Attack Vector\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"69 sightings on 18 sources including: Stock market news Company News MarketScreenercom, HackDig Posts, Sesin at, US CERT CISA Alerts, citizensudo.com. 6 related attack vectors including Powershell Attack, Supply Chain Attack, Target Destination Manipulation, Reconnaissance, C\u0026C Server. Most recent link (Apr 15, 2021): https://www.cisa.gov/uscert/ncas/alerts/aa20-352a\\\", \\\"Sources\\\": [\\\"XBl0xf\\\", \\\"POs2u-\\\", \\\"Z3TZAQ\\\", \\\"hhY_oz\\\", \\\"idn:citizensudo.com\\\", \\\"VKz42X\\\", \\\"PA-rR4\\\", \\\"POs2tz\\\", \\\"idn:firsthackersnews.com\\\", \\\"KcjdRW\\\", \\\"dCotni\\\", \\\"idn:comodo.com\\\", \\\"gI8s5W\\\", \\\"hibUwt\\\", \\\"rN\\\", \\\"idn:reportcybercrime.com\\\", \\\"idn:eshielder.com\\\", \\\"idn:edsitrend.com\\\"], \\\"Timestamp\\\": \\\"2021-04-15T00:00:00.000Z\\\", \\\"Name\\\": \\\"linkedToVector\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Vulnerability\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"11 sightings on 2 sources: GitHub, Insikt Group. 5 related cyber vulnerabilities: CWE-20, CWE-287, CVE-2020-10148, CVE-2020-1938, CWE-269. Most recent link (Dec 27, 2021): https://github.com/teamt5-it/official-website-v2/blob/master/_site/_next/data/64e2c6f134e73517d6ff737822e83cd75cf633c6/tw/posts/ithome-ghostcat-apache-tomcat-ajp-vulnerability.json\\\", \\\"Sources\\\": [\\\"MIKjae\\\", \\\"VKz42X\\\"], \\\"Timestamp\\\": \\\"2021-12-27T07:36:54.000Z\\\", \\\"Name\\\": \\\"linkedToVuln\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Malware\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"175 sightings on 31 sources including: 4-traders.com, SentinelLabs, Sesin at, Cisco Japan Blog, McAfee. 8 related malware families including WebShell, Ransomware, Backdoor, Backdoor Shell, SUNBURST. Most recent tweet: Malcode highlighted in 'App_Web_logoimagehandler.ashx.b6031896.dll' (c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71) #SolarWinds #SUNBURST https://t.co/lyvnVHuTb2. Most recent link (Dec 16, 2020): https://twitter.com/_mynameisgeff/statuses/1339070792705830913\\\", \\\"Sources\\\": [\\\"TuWseX\\\", \\\"KBTQ2e\\\", \\\"eP3CYX\\\", \\\"Z3TZAQ\\\", \\\"clDYM8\\\", \\\"rN\\\", \\\"VKz42X\\\", \\\"idn:elemendar.com\\\", \\\"idn:securitysummitperu.com\\\", \\\"PA-rR4\\\", \\\"idn:terabitweb.com\\\", \\\"eTNyK6\\\", \\\"gBQB48\\\", \\\"bMZlEg\\\", \\\"idn:edsitrend.com\\\", \\\"idn:infoblox.com\\\", \\\"UZNze8\\\", \\\"Z2mQh2\\\", \\\"XBl0xf\\\", \\\"dCpZqs\\\", \\\"jmpFm1\\\", \\\"T5\\\", \\\"doLlw5\\\", \\\"gBDK5G\\\", \\\"MIKjae\\\", \\\"idn:firsthackersnews.com\\\", \\\"jjf3_B\\\", \\\"Jv_xrR\\\", \\\"dCotni\\\", \\\"idn:comodo.com\\\", \\\"hibUwt\\\"], \\\"Timestamp\\\": \\\"2020-12-16T04:52:10.000Z\\\", \\\"Name\\\": \\\"linkedToMalware\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Reported by DHS AIS\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"3 sightings on 1 source: DHS Automated Indicator Sharing. 3 reports including AA20-352A APT Compromise of Govt Agencies, Critical Infrastructure, and Private Sector Organizations, from CISA, Government Facilities Sector, CISA, Government Facilities Sector, NCCIC:STIX_Package-673aacd1-1852-4d44-bd93-0c44940a6358 (Feb 3, 2021).\\\", \\\"Sources\\\": [\\\"UZNze8\\\"], \\\"Timestamp\\\": \\\"2021-02-03T21:32:08.000Z\\\", \\\"Name\\\": \\\"dhsAis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}, {\\\"Rule\\\": \\\"Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"6 sightings on 2 sources: Sophos Virus and Spyware Threats, PolySwarm. Most recent link (Dec 17, 2020): https://news.sophos.com/fr-fr/2020/12/15/cyberattaque-contre-solarwinds-comment-savoir-si-vous-etes-concerne/\\\", \\\"Sources\\\": [\\\"K16tAG\\\", \\\"doLlw5\\\"], \\\"Timestamp\\\": \\\"2020-12-20T15:18:53.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}, {\\\"Rule\\\": \\\"Reported by Insikt Group\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"13 sightings on 1 source: Insikt Group. 4 reports including Researchers Linked Supernova Malware to Spiral Group. Most recent link (Mar 08, 2021): https://app.recordedfuture.com/live/sc/5DIp4RIUiJz6\\\", \\\"Sources\\\": [\\\"VKz42X\\\"], \\\"Timestamp\\\": \\\"2021-03-08T00:00:00.000Z\\\", \\\"Name\\\": \\\"analystNote\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71\", \"Risk\": \"89\", \"RiskString\": \"7/14\"}", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "28 sightings on 8 sources including: Dancho Danchev's Blog, SecureWorks, Talos Intel, Unit 42 Palo Alto Networks, Cisco Japan Blog. Most recent link (Mar 12, 2021): https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group?es_p=13420131", "MitigationString": "", @@ -1171,7 +1171,7 @@ "Timestamp": "2021-03-12T20:30:37.672Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "69 sightings on 18 sources including: Stock market news Company News MarketScreenercom, HackDig Posts, Sesin at, US CERT CISA Alerts, citizensudo.com. 6 related attack vectors including Powershell Attack, Supply Chain Attack, Target Destination Manipulation, Reconnaissance, C\u0026C Server. Most recent link (Apr 15, 2021): https://www.cisa.gov/uscert/ncas/alerts/aa20-352a", "MitigationString": "", @@ -1200,7 +1200,7 @@ "Timestamp": "2021-04-15T00:00:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "11 sightings on 2 sources: GitHub, Insikt Group. 5 related cyber vulnerabilities: CWE-20, CWE-287, CVE-2020-10148, CVE-2020-1938, CWE-269. Most recent link (Dec 27, 2021): https://github.com/teamt5-it/official-website-v2/blob/master/_site/_next/data/64e2c6f134e73517d6ff737822e83cd75cf633c6/tw/posts/ithome-ghostcat-apache-tomcat-ajp-vulnerability.json", "MitigationString": "", @@ -1213,7 +1213,7 @@ "Timestamp": "2021-12-27T07:36:54.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "175 sightings on 31 sources including: 4-traders.com, SentinelLabs, Sesin at, Cisco Japan Blog, McAfee. 8 related malware families including WebShell, Ransomware, Backdoor, Backdoor Shell, SUNBURST. Most recent tweet: Malcode highlighted in 'App_Web_logoimagehandler.ashx.b6031896.dll' (c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71) #SolarWinds #SUNBURST https://t.co/lyvnVHuTb2. Most recent link (Dec 16, 2020): https://twitter.com/_mynameisgeff/statuses/1339070792705830913", "MitigationString": "", @@ -1255,7 +1255,7 @@ "Timestamp": "2020-12-16T04:52:10.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "3 sightings on 1 source: DHS Automated Indicator Sharing. 3 reports including AA20-352A APT Compromise of Govt Agencies, Critical Infrastructure, and Private Sector Organizations, from CISA, Government Facilities Sector, CISA, Government Facilities Sector, NCCIC:STIX_Package-673aacd1-1852-4d44-bd93-0c44940a6358 (Feb 3, 2021).", "MitigationString": "", @@ -1267,7 +1267,7 @@ "Timestamp": "2021-02-03T21:32:08.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "6 sightings on 2 sources: Sophos Virus and Spyware Threats, PolySwarm. Most recent link (Dec 17, 2020): https://news.sophos.com/fr-fr/2020/12/15/cyberattaque-contre-solarwinds-comment-savoir-si-vous-etes-concerne/", "MitigationString": "", @@ -1280,7 +1280,7 @@ "Timestamp": "2020-12-20T15:18:53.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "13 sightings on 1 source: Insikt Group. 4 reports including Researchers Linked Supernova Malware to Spiral Group. Most recent link (Mar 08, 2021): https://app.recordedfuture.com/live/sc/5DIp4RIUiJz6", "MitigationString": "", @@ -1313,20 +1313,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"Algorithm\": \"MD5\", \"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"10 sightings on 7 sources including: ISC Sans Diary Archive, SecureWorks, InfoCON: green, ISC | Latest Headlines, SANS Internet Storm Center. Most recent link (Dec 20, 2021): https://www.jpcert.or.jp/english/at/2021/at210050.html\\\", \\\"Sources\\\": [\\\"TCw6v6\\\", \\\"Z2mQh2\\\", \\\"2d\\\", \\\"cJuZvt\\\", \\\"JYxY8X\\\", \\\"J2_htN\\\", \\\"jXNbON\\\"], \\\"Timestamp\\\": \\\"2021-12-20T04:54:00.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Linked to Attack Vector\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"6 sightings on 5 sources: GitHub, SANS Internet Storm Center, Messaging Platforms - Uncategorized, @decalage2, @simonwargniez. 3 related attack vectors: Remote Code Execution, Zero Day Exploit, Cyberattack. Most recent tweet: Great lists of software affected by #Log4Shell / CVE-2021-44228 / Log4J RCE: https://t.co/TpEQXKgMGW by @ncsc_nl https://t.co/FA5i8zR5Z1 by @CISAgov https://t.co/0xVZJvMcpU by @SwitHak https://t.co/788knvztWV https://t.co/WMkXslhgWS #log4j #log4j2. Most recent link (Dec 15, 2021): https://twitter.com/decalage2/statuses/1471121875816353800\\\", \\\"Sources\\\": [\\\"LUf99I\\\", \\\"MIKjae\\\", \\\"JYxY8X\\\", \\\"Y7TWfI\\\", \\\"KIRe_w\\\"], \\\"Timestamp\\\": \\\"2021-12-15T14:16:01.000Z\\\", \\\"Name\\\": \\\"linkedToVector\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Vulnerability\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"108 sightings on 78 sources including: bund.de, tistory.com, PasteBin, Sesin at, Messaging Platforms - Uncategorized. 24 related cyber vulnerabilities including CWE-22, CWE-611, CVE-2019-19781, CVE-2020-16898, CWE-20. Most recent tweet: Security advisories, bulletins, and vendor responses related to Log4Shell #Log4Shell #Log4j #cybersecurity #infosec #vendorsecurity https://t.co/Vpwrhdppm7. Most recent link (Dec 22, 2021): https://twitter.com/arrgibbs/statuses/1473733864459841538\\\", \\\"Sources\\\": [\\\"VQpQDR\\\", \\\"KFu3Rc\\\", \\\"LUf99I\\\", \\\"SGCsBG\\\", \\\"U94lUG\\\", \\\"KFcv42\\\", \\\"QT0CFv\\\", \\\"UHvtcg\\\", \\\"KFUbjU\\\", \\\"KHwUI5\\\", \\\"KKSt8d\\\", \\\"idn:bund.de\\\", \\\"VmIbAC\\\", \\\"QGT0Vy\\\", \\\"ejfM20\\\", \\\"KGlTEd\\\", \\\"QCoXJo\\\", \\\"RXSwU8\\\", \\\"idn:tistory.com\\\", \\\"LpdVul\\\", \\\"K-eKsL\\\", \\\"TKYCSz\\\", \\\"SkABVK\\\", \\\"SdGk_x\\\", \\\"LI6d7O\\\", \\\"LQIfBf\\\", \\\"U6B2hC\\\", \\\"f7_CfD\\\", \\\"LKt0HB\\\", \\\"RHS4v8\\\", \\\"KKmN5m\\\", \\\"YfJqp2\\\", \\\"Jv_xrR\\\", \\\"RJ2_NX\\\", \\\"VZXzSv\\\", \\\"k0QC11\\\", \\\"KFWBRs\\\", \\\"LRk_pt\\\", \\\"Qn2VRQ\\\", \\\"kGHFKP\\\", \\\"ShBO5M\\\", \\\"T-GSBp\\\", \\\"KNdyHF\\\", \\\"QLCTXP\\\", \\\"Z3TZAQ\\\", \\\"Khf99v\\\", \\\"KHZhjO\\\", \\\"SHH61D\\\", \\\"Knx_su\\\", \\\"LL8-pr\\\", \\\"QpmWTf\\\", \\\"KIRe_w\\\", \\\"QIea7F\\\", \\\"SlhG3F\\\", \\\"KIdj8R\\\", \\\"SQqKS8\\\", \\\"Lq6DNq\\\", \\\"QpYsBa\\\", \\\"d-ZMP2\\\", \\\"LOoye8\\\", \\\"QEUmiJ\\\", \\\"ewfPjC\\\", \\\"LBNFpV\\\", \\\"QTpbKE\\\", \\\"Y7TWfI\\\", \\\"KGS-xC\\\", \\\"eifkGz\\\", \\\"au2SGr\\\", \\\"SKw4tT\\\", \\\"KGW5kn\\\", \\\"Q9y5Ki\\\", \\\"KGxw1d\\\", \\\"MIKjae\\\", \\\"LO5p1C\\\", \\\"JYxY8X\\\", \\\"KJsMEF\\\", \\\"QBLBHH\\\", \\\"k7WJ2k\\\"], \\\"Timestamp\\\": \\\"2021-12-22T19:15:08.000Z\\\", \\\"Name\\\": \\\"linkedToVuln\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Malware\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"11 sightings on 3 sources: bund.de, SANS Internet Storm Center, Sesin at. 2 related malware families: Ransomware, Botnet. Most recent link (Dec 20, 2021): https://www.jpcert.or.jp/english/at/2021/at210050.html\\\", \\\"Sources\\\": [\\\"idn:bund.de\\\", \\\"JYxY8X\\\", \\\"Z3TZAQ\\\"], \\\"Timestamp\\\": \\\"2021-12-20T04:54:00.000Z\\\", \\\"Name\\\": \\\"linkedToMalware\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Naked Security. Most recent link (Dec 18, 2021): https://news.sophos.com/en-us/2021/12/17/log4shell-response-and-mitigation-recommendations/\\\", \\\"Sources\\\": [\\\"J2_htN\\\"], \\\"Timestamp\\\": \\\"2021-12-18T00:20:04.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"b66db3a06c2955a9cb71a8718970c592\", \"Risk\": \"89\", \"RiskString\": \"5/14\"}", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "10 sightings on 7 sources including: ISC Sans Diary Archive, SecureWorks, InfoCON: green, ISC | Latest Headlines, SANS Internet Storm Center. Most recent link (Dec 20, 2021): https://www.jpcert.or.jp/english/at/2021/at210050.html", "MitigationString": "", @@ -1344,7 +1344,7 @@ "Timestamp": "2021-12-20T04:54:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "6 sightings on 5 sources: GitHub, SANS Internet Storm Center, Messaging Platforms - Uncategorized, @decalage2, @simonwargniez. 3 related attack vectors: Remote Code Execution, Zero Day Exploit, Cyberattack. Most recent tweet: Great lists of software affected by #Log4Shell / CVE-2021-44228 / Log4J RCE: https://t.co/TpEQXKgMGW by @ncsc_nl https://t.co/FA5i8zR5Z1 by @CISAgov https://t.co/0xVZJvMcpU by @SwitHak https://t.co/788knvztWV https://t.co/WMkXslhgWS #log4j #log4j2. Most recent link (Dec 15, 2021): https://twitter.com/decalage2/statuses/1471121875816353800", "MitigationString": "", @@ -1360,7 +1360,7 @@ "Timestamp": "2021-12-15T14:16:01.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "108 sightings on 78 sources including: bund.de, tistory.com, PasteBin, Sesin at, Messaging Platforms - Uncategorized. 24 related cyber vulnerabilities including CWE-22, CWE-611, CVE-2019-19781, CVE-2020-16898, CWE-20. Most recent tweet: Security advisories, bulletins, and vendor responses related to Log4Shell #Log4Shell #Log4j #cybersecurity #infosec #vendorsecurity https://t.co/Vpwrhdppm7. Most recent link (Dec 22, 2021): https://twitter.com/arrgibbs/statuses/1473733864459841538", "MitigationString": "", @@ -1449,7 +1449,7 @@ "Timestamp": "2021-12-22T19:15:08.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "11 sightings on 3 sources: bund.de, SANS Internet Storm Center, Sesin at. 2 related malware families: Ransomware, Botnet. Most recent link (Dec 20, 2021): https://www.jpcert.or.jp/english/at/2021/at210050.html", "MitigationString": "", @@ -1463,7 +1463,7 @@ "Timestamp": "2021-12-20T04:54:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Naked Security. Most recent link (Dec 18, 2021): https://news.sophos.com/en-us/2021/12/17/log4shell-response-and-mitigation-recommendations/", "MitigationString": "", @@ -1496,20 +1496,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"Algorithm\": \"SHA-256\", \"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"91 sightings on 19 sources including: Security News Concentrator, Fortinet, Trend Micro, CrowdStrike, FireEye Threat Research Blog. Most recent link (Dec 20, 2019): https://threatvector.cylance.com/en_us/home/threat-spotlight-petya-like-ransomware-is-nasty-wiper.html\\\", \\\"Sources\\\": [\\\"QS89Bd\\\", \\\"KVP0jz\\\", \\\"T5\\\", \\\"JYxY5G\\\", \\\"WR_Ohh\\\", \\\"Jt4ExJ\\\", \\\"Kzw0Pm\\\", \\\"JQH96m\\\", \\\"2d\\\", \\\"JYxY8X\\\", \\\"rN\\\", \\\"PA-rR4\\\", \\\"VyWQM7\\\", \\\"Lp_esG\\\", \\\"ONMgMx\\\", \\\"4n\\\", \\\"QMTzEI\\\", \\\"83\\\", \\\"K0TN7r\\\"], \\\"Timestamp\\\": \\\"2019-12-20T01:04:11.602Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported in Threat List\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Jul 6, 2017, and Jul 17, 2017.\\\", \\\"Sources\\\": [\\\"report:Tluf00\\\"], \\\"Timestamp\\\": \\\"2021-12-24T20:03:09.087Z\\\", \\\"Name\\\": \\\"historicalThreatListMembership\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Linked to Attack Vector\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"14 sightings on 5 sources including: Assiste.Forum, @arturodicorinto. 2 related attack vectors: ShellCode, Cyberattack. Most recent tweet: They're getting quicker at updating.. #petya #cyberattack https://t.co/px0g9BSpod. Most recent link (Jun 27, 2017): https://twitter.com/SupersizedSam/statuses/879764638845587461\\\", \\\"Sources\\\": [\\\"LP7dc7\\\", \\\"LRlngp\\\", \\\"Sl8XTb\\\", \\\"QMfGAr\\\", \\\"J-y3tn\\\"], \\\"Timestamp\\\": \\\"2017-06-27T18:13:29.000Z\\\", \\\"Name\\\": \\\"linkedToVector\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Vulnerability\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: GitHub. 2 related cyber vulnerabilities: CWE-20, CVE-2017-0143. Most recent link (Oct 10, 2021): https://github.com/demisto/content/blob/master/Packs/RecordedFuture/Integrations/RecordedFuture/example_commands.txt\\\", \\\"Sources\\\": [\\\"MIKjae\\\"], \\\"Timestamp\\\": \\\"2021-10-10T08:21:25.825Z\\\", \\\"Name\\\": \\\"linkedToVuln\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Cyber Attack\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"10 sightings on 9 sources including: BitcoinTalk.org, @Noemi_hcke. Most recent tweet: #petya related hashes in #virustotal https://t.co/Cv7Pltjhia https://t.co/P3otYPoxBj #ransomware #malware #sha256. Most recent link (Jun 28, 2017): https://twitter.com/Menardconnect/statuses/879885997831368705\\\", \\\"Sources\\\": [\\\"ThowaF\\\", \\\"KUtKjP\\\", \\\"K84j7t\\\", \\\"MghdWI\\\", \\\"K8rrfe\\\", \\\"QlWPRW\\\", \\\"KFsPRz\\\", \\\"S-Anbb\\\", \\\"KE9dMF\\\"], \\\"Timestamp\\\": \\\"2017-06-28T02:15:44.000Z\\\", \\\"Name\\\": \\\"linkedToCyberAttack\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Malware\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"834 sightings on 201 sources including: New Jersey Cybersecurity \u0026amp; Communications Integration Cell, lnkd.in, avtech24h.com, Malwr.com, Talos Intel. 21 related malware families including ICS Malware, PetrWrap, Emotet, Trojan, NotPetya. Most recent tweet: #ransomware 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745 f65a7dadff844f2dc44a3bd43e1c0d600b1a6c66f6d02734d8f385872ccab0bc b6e8dc95ec939a1f3b184da559c8010ab3dc773e426e63e5aa7ffc44174d8a9d 9e1609ab7f01b56a9476494d9b3bf5997380d466744b07ec5d9b20e416b10f08. Most recent link (Apr 9, 2021): https://twitter.com/RedBeardIOCs/statuses/1380600677249003521\\\", \\\"Sources\\\": [\\\"jbVMcB\\\", \\\"idn:lnkd.in\\\", \\\"idn:avtech24h.com\\\", \\\"K84j7t\\\", \\\"Sl8XTb\\\", \\\"KGRhOC\\\", \\\"NKaUXl\\\", \\\"KIoGAG\\\", \\\"PA-rR4\\\", \\\"LRlngp\\\", \\\"rN\\\", \\\"Jxh46H\\\", \\\"KFL44X\\\", \\\"TbciDE\\\", \\\"KFNVB9\\\", \\\"OJpx5g\\\", \\\"K-CGye\\\", \\\"KK6oqV\\\", \\\"WR_Ohh\\\", \\\"idn:twitter.com\\\", \\\"fgwEcq\\\", \\\"QYsx0D\\\", \\\"KIFtR_\\\", \\\"Lp_esG\\\", \\\"TSFWTw\\\", \\\"KGHzAY\\\", \\\"P_oEH3\\\", \\\"KBTQ2e\\\", \\\"QCGHCy\\\", \\\"JYxY5G\\\", \\\"UQsrUj\\\", \\\"idn:cert.ro\\\", \\\"idn:bluvector.io\\\", \\\"KFUJTL\\\", \\\"TFUkSW\\\", \\\"P0Gs9I\\\", \\\"K8ofB1\\\", \\\"KVnnHP\\\", \\\"TpaXxw\\\", \\\"U5qdTI\\\", \\\"idn:zscaler.com\\\", \\\"L3kVdM\\\", \\\"QMfGAr\\\", \\\"KIk8aS\\\", \\\"Kzw0Pm\\\", \\\"hcELIE\\\", \\\"POs2tz\\\", \\\"KD6Na4\\\", \\\"idn:globalsecuritymag.com\\\", \\\"LDd0sl\\\", \\\"KVP0jz\\\", \\\"Lj8CsQ\\\", \\\"K8rrfe\\\", \\\"LDejRI\\\", \\\"J-y3tn\\\", \\\"WXutod\\\", \\\"idn:infosecurityfactory.nl\\\", \\\"LBlc7C\\\", \\\"idn:bg.org.tr\\\", \\\"QS89Bd\\\", \\\"K9SiDc\\\", \\\"Qe89bv\\\", \\\"TiY1wu\\\", \\\"idn:undernews.fr\\\", \\\"idn:iteefactory.nl\\\", \\\"KFRGd_\\\", \\\"KFVuR_\\\", \\\"4n\\\", \\\"S-Anbb\\\", \\\"KFNZEC\\\", \\\"TSazOG\\\", \\\"K9Skh1\\\", \\\"MghdWI\\\", \\\"idn:securityiscoming.com\\\", \\\"QS89BG\\\", \\\"LVg9nH\\\", \\\"KFiGli\\\", \\\"K9Vq9B\\\", \\\"KLbNtt\\\", \\\"VyWQM7\\\", \\\"NTakwX\\\", \\\"KGoarP\\\", \\\"idn:gelsene.net\\\", \\\"LwURWv\\\", \\\"KGX8VB\\\", \\\"ThoB0I\\\", \\\"TAIz7D\\\", \\\"QBHQ61\\\", \\\"TiY1w7\\\", \\\"idn:kompasiana.com\\\", \\\"idn:t.co\\\", \\\"KfDTG0\\\", \\\"idn:ictsecuritymagazine.com\\\", \\\"Liz5-u\\\", \\\"MIKjae\\\", \\\"JYxY8X\\\", \\\"KUtKjP\\\", \\\"idn:cert.pl\\\", \\\"Lpm4nc\\\", \\\"idn:boozallen.com\\\", \\\"RVFHk_\\\", \\\"KGmazP\\\", \\\"M_7iBk\\\", \\\"TStw1W\\\", \\\"LFcJLk\\\", \\\"K0TN7r\\\", \\\"KVRURg\\\", \\\"UNe62M\\\", \\\"iL8bPu\\\", \\\"K76BjK\\\", \\\"VRixQe\\\", \\\"idn:dfir.pro\\\", \\\"KF-l77\\\", \\\"idn:gixtools.net\\\", \\\"P_oIyV\\\", \\\"KGzicb\\\", \\\"LGryD9\\\", \\\"idn:fb.me\\\", \\\"K5nCn5\\\", \\\"ThKuX0\\\", \\\"SYrUYn\\\", \\\"KFKbZE\\\", \\\"MAe5tQ\\\", \\\"KGm6gS\\\", \\\"W4ygGi\\\", \\\"g9rk5F\\\", \\\"idn:menshaway.blogspot.com\\\", \\\"KFsPRz\\\", \\\"LDm9iS\\\", \\\"RV8KWp\\\", \\\"KTuH6e\\\", \\\"P_uJi3\\\", \\\"KG_Bgt\\\", \\\"QAmbRP\\\", \\\"idn:csirt.cz\\\", \\\"LZYvHh\\\", \\\"L0HtmN\\\", \\\"KWLqO-\\\", \\\"LtUj1D\\\", \\\"QMTzDr\\\", \\\"idn:dy.si\\\", \\\"Lo8Box\\\", \\\"K-4reD\\\", \\\"KFTeBZ\\\", \\\"KKzFno\\\", \\\"QMTzEI\\\", \\\"KFYLd8\\\", \\\"KGABt4\\\", \\\"LIizBt\\\", \\\"idn:herjavecgroup.com\\\", \\\"QAAZRn\\\", \\\"K66Zgw\\\", \\\"KWz-My\\\", \\\"Lb0b3F\\\", \\\"idn:emsisoft.vn\\\", \\\"LodOTm\\\", \\\"KE9dMF\\\", \\\"O-Wf5x\\\", \\\"LG2dQX\\\", \\\"P_-RZy\\\", \\\"LK7o9D\\\", \\\"K60PUk\\\", \\\"KKUqfz\\\", \\\"idn:logrhythm.com\\\", \\\"Jv_xrR\\\", \\\"LP7dc7\\\", \\\"MFNOaz\\\", \\\"TefIES\\\", \\\"KGdGg3\\\", \\\"KHNdvY\\\", \\\"QBTxvB\\\", \\\"idn:swordshield.com\\\", \\\"ThowaF\\\", \\\"idn:binarydefense.com\\\", \\\"idn:indusface.com\\\", \\\"QBtnC2\\\", \\\"QlWPRW\\\", \\\"KHZhjO\\\", \\\"idn:idcloudhost.com\\\", \\\"LRFVsB\\\", \\\"KG2JTH\\\", \\\"KIm1im\\\", \\\"LAfpKN\\\", \\\"BaV\\\", \\\"KGW3VP\\\", \\\"KFcp5q\\\", \\\"LCN_6T\\\", \\\"idn:avastvn.com\\\", \\\"KFTnbG\\\", \\\"TiCWjw\\\", \\\"Lmhpq3\\\", \\\"KGS-xC\\\", \\\"KFVthB\\\", \\\"idn:finyear.com\\\", \\\"KFji4N\\\", \\\"P_7M19\\\", \\\"K-b0DI\\\", \\\"LV1UMS\\\", \\\"idn:safe-cyberdefense.com\\\", \\\"Kjk3fx\\\", \\\"Q1wlJN\\\"], \\\"Timestamp\\\": \\\"2021-04-09T19:17:06.000Z\\\", \\\"Name\\\": \\\"linkedToMalware\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Reported by DHS AIS\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-21cebba6-46ed-464e-ad5a-32a8063e1400 (Jun 27, 2017).\\\", \\\"Sources\\\": [\\\"UZNze8\\\"], \\\"Timestamp\\\": \\\"2017-06-27T17:18:01.000Z\\\", \\\"Name\\\": \\\"dhsAis\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}, {\\\"Rule\\\": \\\"Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"5 sightings on 3 sources: Recorded Future Malware Detonation, ReversingLabs, PolySwarm. Most recent link (Jun 27, 2017): ReversingLabs malware file analysis.\\\", \\\"Sources\\\": [\\\"TAIz7D\\\", \\\"TbciDE\\\", \\\"doLlw5\\\"], \\\"Timestamp\\\": \\\"2020-12-17T22:59:03.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745\", \"Risk\": \"89\", \"RiskString\": \"8/14\"}", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "91 sightings on 19 sources including: Security News Concentrator, Fortinet, Trend Micro, CrowdStrike, FireEye Threat Research Blog. Most recent link (Dec 20, 2019): https://threatvector.cylance.com/en_us/home/threat-spotlight-petya-like-ransomware-is-nasty-wiper.html", "MitigationString": "", @@ -1539,7 +1539,7 @@ "Timestamp": "2019-12-20T01:04:11.602Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between Jul 6, 2017, and Jul 17, 2017.", "MitigationString": "", @@ -1551,7 +1551,7 @@ "Timestamp": "2021-12-24T20:03:09.087Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "14 sightings on 5 sources including: Assiste.Forum, @arturodicorinto. 2 related attack vectors: ShellCode, Cyberattack. Most recent tweet: They're getting quicker at updating.. #petya #cyberattack https://t.co/px0g9BSpod. Most recent link (Jun 27, 2017): https://twitter.com/SupersizedSam/statuses/879764638845587461", "MitigationString": "", @@ -1567,7 +1567,7 @@ "Timestamp": "2017-06-27T18:13:29.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: GitHub. 2 related cyber vulnerabilities: CWE-20, CVE-2017-0143. Most recent link (Oct 10, 2021): https://github.com/demisto/content/blob/master/Packs/RecordedFuture/Integrations/RecordedFuture/example_commands.txt", "MitigationString": "", @@ -1579,7 +1579,7 @@ "Timestamp": "2021-10-10T08:21:25.825Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "10 sightings on 9 sources including: BitcoinTalk.org, @Noemi_hcke. Most recent tweet: #petya related hashes in #virustotal https://t.co/Cv7Pltjhia https://t.co/P3otYPoxBj #ransomware #malware #sha256. Most recent link (Jun 28, 2017): https://twitter.com/Menardconnect/statuses/879885997831368705", "MitigationString": "", @@ -1599,7 +1599,7 @@ "Timestamp": "2017-06-28T02:15:44.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "834 sightings on 201 sources including: New Jersey Cybersecurity \u0026amp; Communications Integration Cell, lnkd.in, avtech24h.com, Malwr.com, Talos Intel. 21 related malware families including ICS Malware, PetrWrap, Emotet, Trojan, NotPetya. Most recent tweet: #ransomware 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745 f65a7dadff844f2dc44a3bd43e1c0d600b1a6c66f6d02734d8f385872ccab0bc b6e8dc95ec939a1f3b184da559c8010ab3dc773e426e63e5aa7ffc44174d8a9d 9e1609ab7f01b56a9476494d9b3bf5997380d466744b07ec5d9b20e416b10f08. Most recent link (Apr 9, 2021): https://twitter.com/RedBeardIOCs/statuses/1380600677249003521", "MitigationString": "", @@ -1811,7 +1811,7 @@ "Timestamp": "2021-04-09T19:17:06.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: DHS Automated Indicator Sharing. 1 report: STIX Package, from Anomali, Inc., Information Technology Sector, NCCIC:STIX_Package-21cebba6-46ed-464e-ad5a-32a8063e1400 (Jun 27, 2017).", "MitigationString": "", @@ -1823,7 +1823,7 @@ "Timestamp": "2017-06-27T17:18:01.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "5 sightings on 3 sources: Recorded Future Malware Detonation, ReversingLabs, PolySwarm. Most recent link (Jun 27, 2017): ReversingLabs malware file analysis.", "MitigationString": "", @@ -1858,20 +1858,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"Algorithm\": \"SHA-256\", \"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"16 sightings on 4 sources: Guided Collection, Bleepingcomputer Forums, ISC | All Updates, Malwarebytes Unpacked. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561\\\", \\\"Sources\\\": [\\\"Rlso4a\\\", \\\"hkE5DK\\\", \\\"TZRwk8\\\", \\\"J5NRun\\\"], \\\"Timestamp\\\": \\\"2021-12-21T08:40:00.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Linked to Attack Vector\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"6 sightings on 6 sources including: malwareresearch, AAPKS.com, @Shouvik95232310, @santGM. 3 related attack vectors: Phishing, Click Fraud, Typosquatting. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752\\\", \\\"Sources\\\": [\\\"WlbRkJ\\\", \\\"ha2FFj\\\", \\\"K7wUX2\\\", \\\"P_ivKa\\\", \\\"J-mrOR\\\", \\\"P_upBR\\\"], \\\"Timestamp\\\": \\\"2021-12-25T03:23:47.000Z\\\", \\\"Name\\\": \\\"linkedToVector\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Cyber Attack\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Messaging Platforms - Uncategorized. Most recent link (Oct 18, 2021): https://t.me/An0nymousTeam/1429\\\", \\\"Sources\\\": [\\\"Y7TWfI\\\"], \\\"Timestamp\\\": \\\"2021-10-18T12:09:43.000Z\\\", \\\"Name\\\": \\\"linkedToCyberAttack\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Malware\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"47 sightings on 16 sources including: Ichunqiu Forum, Doc Player, ArXiv, GitHub, droppdf.com. 18 related malware families including Fakespy, Trojan, Offensive Security Tools (OST), Spyware, Dardesh. Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se voc\\u00ea jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. T\\u00f4 rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321\\\", \\\"Sources\\\": [\\\"TGXqeD\\\", \\\"W4ygGi\\\", \\\"L3kVdM\\\", \\\"QMfGAr\\\", \\\"kuKt0c\\\", \\\"QAy9GA\\\", \\\"JOU\\\", \\\"MIKjae\\\", \\\"P_oIyV\\\", \\\"QJ6TQK\\\", \\\"idn:droppdf.com\\\", \\\"Ql9O5c\\\", \\\"QAmbRP\\\", \\\"Tq2nAb\\\", \\\"TbciDE\\\", \\\"idn:index-of.es\\\"], \\\"Timestamp\\\": \\\"2021-11-27T23:07:37.000Z\\\", \\\"Name\\\": \\\"linkedToMalware\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: ReversingLabs. Most recent link (Jul 1, 2019): ReversingLabs malware file analysis.\\\", \\\"Sources\\\": [\\\"TbciDE\\\"], \\\"Timestamp\\\": \\\"2019-07-01T00:00:00.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"ad2ad0249fafe85877bc79a01e1afd1a44d983c064ad8cb5bc694d29d166217b\", \"Risk\": \"89\", \"RiskString\": \"5/14\"}", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "16 sightings on 4 sources: Guided Collection, Bleepingcomputer Forums, ISC | All Updates, Malwarebytes Unpacked. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561", "MitigationString": "", @@ -1886,7 +1886,7 @@ "Timestamp": "2021-12-21T08:40:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "6 sightings on 6 sources including: malwareresearch, AAPKS.com, @Shouvik95232310, @santGM. 3 related attack vectors: Phishing, Click Fraud, Typosquatting. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752", "MitigationString": "", @@ -1903,7 +1903,7 @@ "Timestamp": "2021-12-25T03:23:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Messaging Platforms - Uncategorized. Most recent link (Oct 18, 2021): https://t.me/An0nymousTeam/1429", "MitigationString": "", @@ -1915,7 +1915,7 @@ "Timestamp": "2021-10-18T12:09:43.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "47 sightings on 16 sources including: Ichunqiu Forum, Doc Player, ArXiv, GitHub, droppdf.com. 18 related malware families including Fakespy, Trojan, Offensive Security Tools (OST), Spyware, Dardesh. Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se você jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. Tô rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321", "MitigationString": "", @@ -1942,7 +1942,7 @@ "Timestamp": "2021-11-27T23:07:37.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: ReversingLabs. Most recent link (Jul 1, 2019): ReversingLabs malware file analysis.", "MitigationString": "", @@ -1975,20 +1975,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"Algorithm\": \"SHA-256\", \"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Trend Micro. Most recent link (Mar 11, 2021): https://documents.trendmicro.com/assets/pdf/Technical_Brief_Uncleanable_and_Unkillable_The_Evolution_of_IoT_Botnets_Through_P2P_Networking.pdf\\\", \\\"Sources\\\": [\\\"T5\\\"], \\\"Timestamp\\\": \\\"2021-03-11T00:00:00.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Linked to Attack Vector\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"31 sightings on 4 sources: @m0rb, @bad_packets, @InfoSex11, @luc4m. 2 related attack vectors: DDOS, Command Injection. Most recent tweet: 2021-06-17T23:29:30 - Commented: https://t.co/j2a05iXOiI #malware #commandinjection. Most recent link (Jun 17, 2021): https://twitter.com/m0rb/statuses/1405668962462011401\\\", \\\"Sources\\\": [\\\"KFwzec\\\", \\\"TGgDPZ\\\", \\\"cgGiXI\\\", \\\"LMcjZ7\\\"], \\\"Timestamp\\\": \\\"2021-06-17T23:29:31.000Z\\\", \\\"Name\\\": \\\"linkedToVector\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Cyber Attack\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"3 sightings on 2 sources: @bad_packets, @swarmdotmarket. Most recent tweet: New #Mozi #malware targets #IoT devices -- research via @BlackLotusLabs -- Samples here in PolySwarm, free to download: https://t.co/JYkyEPPWmH https://t.co/jioPHPnJj9 #threatintel #botnet #infosec Most recent link (Apr 20, 2020): https://twitter.com/PolySwarm/statuses/1252347003457073155\\\", \\\"Sources\\\": [\\\"TGgDPZ\\\", \\\"UBjcy3\\\"], \\\"Timestamp\\\": \\\"2020-04-20T21:22:47.000Z\\\", \\\"Name\\\": \\\"linkedToCyberAttack\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Malware\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"87 sightings on 15 sources including: lumen.com, HackDig Posts, Anquanke News, Daily Dot, centurylink.com. 7 related malware families including Mozi Botnet, Trojan, Qbot, Mirai, DDOS Toolkit. Most recent tweet: New #Mozi #malware targets #IoT devices -- research via @BlackLotusLabs -- Samples here in PolySwarm, free to download: https://t.co/JYkyEPPWmH https://t.co/jioPHPnJj9 #threatintel #botnet #infosec. Most recent link (Apr 20, 2020): https://twitter.com/PolySwarm/statuses/1252347003457073155\\\", \\\"Sources\\\": [\\\"idn:lumen.com\\\", \\\"POs2u-\\\", \\\"U13S_U\\\", \\\"Jzl3yj\\\", \\\"idn:centurylink.com\\\", \\\"doLlw5\\\", \\\"POs2t2\\\", \\\"idn:cyberswachhtakendra.gov.in\\\", \\\"idn:hackxsecurity.com\\\", \\\"TGgDPZ\\\", \\\"Jv_xrR\\\", \\\"TSFWTv\\\", \\\"LMcjZ7\\\", \\\"UBjcy3\\\", \\\"TbciDE\\\"], \\\"Timestamp\\\": \\\"2020-04-20T21:22:47.000Z\\\", \\\"Name\\\": \\\"linkedToMalware\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"5 sightings on 3 sources: Recorded Future Malware Detonation, ReversingLabs, PolySwarm. Most recent link (Nov 28, 2019): ReversingLabs malware file analysis.\\\", \\\"Sources\\\": [\\\"TAIz7D\\\", \\\"TbciDE\\\", \\\"doLlw5\\\"], \\\"Timestamp\\\": \\\"2021-04-04T07:46:20.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"01ba1fb41632594997a41d0c3a911ae5b3034d566ebb991ef76ad76e6f9e283a\", \"Risk\": \"89\", \"RiskString\": \"5/14\"}", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Trend Micro. Most recent link (Mar 11, 2021): https://documents.trendmicro.com/assets/pdf/Technical_Brief_Uncleanable_and_Unkillable_The_Evolution_of_IoT_Botnets_Through_P2P_Networking.pdf", "MitigationString": "", @@ -2000,7 +2000,7 @@ "Timestamp": "2021-03-11T00:00:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "31 sightings on 4 sources: @m0rb, @bad_packets, @InfoSex11, @luc4m. 2 related attack vectors: DDOS, Command Injection. Most recent tweet: 2021-06-17T23:29:30 - Commented: https://t.co/j2a05iXOiI #malware #commandinjection. Most recent link (Jun 17, 2021): https://twitter.com/m0rb/statuses/1405668962462011401", "MitigationString": "", @@ -2015,7 +2015,7 @@ "Timestamp": "2021-06-17T23:29:31.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "3 sightings on 2 sources: @bad_packets, @swarmdotmarket. Most recent tweet: New #Mozi #malware targets #IoT devices -- research via @BlackLotusLabs -- Samples here in PolySwarm, free to download: https://t.co/JYkyEPPWmH https://t.co/jioPHPnJj9 #threatintel #botnet #infosec Most recent link (Apr 20, 2020): https://twitter.com/PolySwarm/statuses/1252347003457073155", "MitigationString": "", @@ -2028,7 +2028,7 @@ "Timestamp": "2020-04-20T21:22:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "87 sightings on 15 sources including: lumen.com, HackDig Posts, Anquanke News, Daily Dot, centurylink.com. 7 related malware families including Mozi Botnet, Trojan, Qbot, Mirai, DDOS Toolkit. Most recent tweet: New #Mozi #malware targets #IoT devices -- research via @BlackLotusLabs -- Samples here in PolySwarm, free to download: https://t.co/JYkyEPPWmH https://t.co/jioPHPnJj9 #threatintel #botnet #infosec. Most recent link (Apr 20, 2020): https://twitter.com/PolySwarm/statuses/1252347003457073155", "MitigationString": "", @@ -2054,7 +2054,7 @@ "Timestamp": "2020-04-20T21:22:47.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "5 sightings on 3 sources: Recorded Future Malware Detonation, ReversingLabs, PolySwarm. Most recent link (Nov 28, 2019): ReversingLabs malware file analysis.", "MitigationString": "", @@ -2089,20 +2089,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"Algorithm\": \"SHA-256\", \"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"45 sightings on 9 sources including: Security Bloggers Network, Bleeping Computer, Guided Collection, Bleepingcomputer Forums, TheServerSide.com | Updates. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561\\\", \\\"Sources\\\": [\\\"NSAcUx\\\", \\\"J6UzbO\\\", \\\"Rlso4a\\\", \\\"hkE5DK\\\", \\\"cJMUDF\\\", \\\"TZRwk8\\\", \\\"QMTzEI\\\", \\\"LUhTGd\\\", \\\"J5NRun\\\"], \\\"Timestamp\\\": \\\"2021-12-21T08:40:00.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Linked to Attack Vector\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"29 sightings on 24 sources including: Carder Forum (carder.uk), wordpress.com, AAPKS.com, malwareresearch, @phishingalert, @GelosSnake, @rpsanch, @rce_coder. 7 related attack vectors including Crimeware, Phishing, Remote Code Execution, Malvertising, Click Fraud. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752\\\", \\\"Sources\\\": [\\\"T1bwMv\\\", \\\"LC-zVm\\\", \\\"P_upBR\\\", \\\"T2OA5Q\\\", \\\"K20lXV\\\", \\\"TGgDPZ\\\", \\\"hkIDTa\\\", \\\"LqRZCN\\\", \\\"Vd51cf\\\", \\\"ha2FFj\\\", \\\"UmsU31\\\", \\\"ddafo3\\\", \\\"K7wUX2\\\", \\\"P_ivKa\\\", \\\"idn:wordpress.com\\\", \\\"J-mrOR\\\", \\\"QPbAan\\\", \\\"VeioBt\\\", \\\"WlbRkJ\\\", \\\"TvfQzk\\\", \\\"TP1vbk\\\", \\\"SrKvJ0\\\", \\\"SqCj4s\\\", \\\"VXaDYo\\\"], \\\"Timestamp\\\": \\\"2021-12-25T03:23:47.000Z\\\", \\\"Name\\\": \\\"linkedToVector\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Vulnerability\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Messaging Platforms - Uncategorized. 2 related cyber vulnerabilities: CVE-2016-6663, CWE-362.\\\", \\\"Sources\\\": [\\\"Y7TWfI\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:27:12.565Z\\\", \\\"Name\\\": \\\"linkedToVuln\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Cyber Attack\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"10 sightings on 7 sources including: SANS Institute Course Selector Results, Messaging Platforms - Uncategorized, @ecstatic_nobel, @Artilllerie. Most recent tweet: Active cred #phishing/malware distribution campaign on 185.186.245.101 with kits targeting @Office365 and @WeTransfer brands. Windows malware submitted to VT here: https://t.co/edCd4sOnAI domains: https://t.co/4GdqctLwkY cc: @malwrhunterteam @JayTHL @SteveD3 @thepacketrat https://t.co/e9d3R7fzIq. Most recent link (May 28, 2019): https://twitter.com/PhishingAi/statuses/1133376801831436289\\\", \\\"Sources\\\": [\\\"Ym7dzt\\\", \\\"LKKAV1\\\", \\\"OuKV3V\\\", \\\"VeioBt\\\", \\\"Y7TWfI\\\", \\\"KGS-xC\\\", \\\"KFSXln\\\"], \\\"Timestamp\\\": \\\"2019-05-28T14:17:41.000Z\\\", \\\"Name\\\": \\\"linkedToCyberAttack\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Malware\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"114 sightings on 42 sources including: Doc Player, GhostBin, Codex - Recent changes en, droppdf.com, ReversingLabs. 41 related malware families including Dardesh, AZORult, Emotet, GandCrab, Offensive Security Tools (OST). Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se voc\\u00ea jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. T\\u00f4 rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321\\\", \\\"Sources\\\": [\\\"QWOrKl\\\", \\\"LKKAV1\\\", \\\"W4ygGi\\\", \\\"PATKM7\\\", \\\"T1bwMv\\\", \\\"LjkJhE\\\", \\\"kuKt0c\\\", \\\"QAy9GA\\\", \\\"LbYmLr\\\", \\\"K20lXV\\\", \\\"QZe7TG\\\", \\\"idn:droppdf.com\\\", \\\"QAmbRP\\\", \\\"TbciDE\\\", \\\"P_j5Dw\\\", \\\"QNmgPm\\\", \\\"TGXqeD\\\", \\\"POs2u-\\\", \\\"KGS-xC\\\", \\\"L3kVdM\\\", \\\"QMfGAr\\\", \\\"h6VVAH\\\", \\\"doLlw5\\\", \\\"UrsUKT\\\", \\\"JOU\\\", \\\"MIKjae\\\", \\\"P_oIyV\\\", \\\"QJ6TQK\\\", \\\"RfVd0T\\\", \\\"J6UzbO\\\", \\\"POs2tz\\\", \\\"VfsacJ\\\", \\\"Jv_xrR\\\", \\\"Ql9O5c\\\", \\\"USKpXp\\\", \\\"TP1vbk\\\", \\\"SrKvJ0\\\", \\\"Tq2nAb\\\", \\\"KFSXln\\\", \\\"P_ov9o\\\", \\\"VXaDYo\\\", \\\"idn:index-of.es\\\"], \\\"Timestamp\\\": \\\"2021-11-27T23:07:37.000Z\\\", \\\"Name\\\": \\\"linkedToMalware\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"2 sightings on 2 sources: ReversingLabs, PolySwarm. Most recent link (Apr 19, 2018): ReversingLabs malware file analysis.\\\", \\\"Sources\\\": [\\\"TbciDE\\\", \\\"doLlw5\\\"], \\\"Timestamp\\\": \\\"2021-02-10T09:10:10.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"fecddb7f3fa478be4687ca542c0ecf232ec35a0c2418c8bfe4875686ec373c1e\", \"Risk\": \"89\", \"RiskString\": \"6/14\"}", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "45 sightings on 9 sources including: Security Bloggers Network, Bleeping Computer, Guided Collection, Bleepingcomputer Forums, TheServerSide.com | Updates. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561", "MitigationString": "", @@ -2122,7 +2122,7 @@ "Timestamp": "2021-12-21T08:40:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "29 sightings on 24 sources including: Carder Forum (carder.uk), wordpress.com, AAPKS.com, malwareresearch, @phishingalert, @GelosSnake, @rpsanch, @rce_coder. 7 related attack vectors including Crimeware, Phishing, Remote Code Execution, Malvertising, Click Fraud. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752", "MitigationString": "", @@ -2157,7 +2157,7 @@ "Timestamp": "2021-12-25T03:23:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Messaging Platforms - Uncategorized. 2 related cyber vulnerabilities: CVE-2016-6663, CWE-362.", "MitigationString": "", @@ -2169,7 +2169,7 @@ "Timestamp": "2021-12-29T07:27:12.565Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "10 sightings on 7 sources including: SANS Institute Course Selector Results, Messaging Platforms - Uncategorized, @ecstatic_nobel, @Artilllerie. Most recent tweet: Active cred #phishing/malware distribution campaign on 185.186.245.101 with kits targeting @Office365 and @WeTransfer brands. Windows malware submitted to VT here: https://t.co/edCd4sOnAI domains: https://t.co/4GdqctLwkY cc: @malwrhunterteam @JayTHL @SteveD3 @thepacketrat https://t.co/e9d3R7fzIq. Most recent link (May 28, 2019): https://twitter.com/PhishingAi/statuses/1133376801831436289", "MitigationString": "", @@ -2187,7 +2187,7 @@ "Timestamp": "2019-05-28T14:17:41.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "114 sightings on 42 sources including: Doc Player, GhostBin, Codex - Recent changes en, droppdf.com, ReversingLabs. 41 related malware families including Dardesh, AZORult, Emotet, GandCrab, Offensive Security Tools (OST). Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se você jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. Tô rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321", "MitigationString": "", @@ -2240,7 +2240,7 @@ "Timestamp": "2021-11-27T23:07:37.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "2 sightings on 2 sources: ReversingLabs, PolySwarm. Most recent link (Apr 19, 2018): ReversingLabs malware file analysis.", "MitigationString": "", @@ -2274,20 +2274,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"Algorithm\": \"SHA-256\", \"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"58 sightings on 5 sources: SecureWorks, InfoCON: green, McAfee, Talos Intel, Kaspersky Securelist and Lab. Most recent link (Jun 28, 2018): https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27077/en_US/McAfee_Labs_WannaCry_June24_2018.pdf\\\", \\\"Sources\\\": [\\\"Z2mQh2\\\", \\\"2d\\\", \\\"rN\\\", \\\"PA-rR4\\\", \\\"4n\\\"], \\\"Timestamp\\\": \\\"2018-06-28T08:11:36.570Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Linked to Malware\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1688 sightings on 26 sources including: lnkd.in, Doc Player, Cyber4Sight, voicebox.pt, VKontakte. 2 related malware families: Wcry, Ransomware. Most recent link (Sep 13, 2017): https://malwr.com/analysis/ZmIzN2E3MzQyM2I0NDYwODllOWRhMmQxODg3YzMxZDA/\\\", \\\"Sources\\\": [\\\"idn:lnkd.in\\\", \\\"W4ygGi\\\", \\\"S2tpaX\\\", \\\"idn:voicebox.pt\\\", \\\"SIjHV9\\\", \\\"PJHGaq\\\", \\\"PA-rR4\\\", \\\"Z2mQh2\\\", \\\"e_\\\", \\\"idn:gofastbuy.com\\\", \\\"idn:ziftsolutions.com\\\", \\\"POs2u-\\\", \\\"KHpcuE\\\", \\\"QccsRc\\\", \\\"idn:dfir.pro\\\", \\\"idn:nksc.lt\\\", \\\"idn:dy.si\\\", \\\"KZFCph\\\", \\\"rN\\\", \\\"QYsx0D\\\", \\\"idn:logrhythm.com\\\", \\\"Jv_xrR\\\", \\\"idn:safe-cyberdefense.com\\\", \\\"4n\\\", \\\"QS89Bx\\\", \\\"NKaUXl\\\"], \\\"Timestamp\\\": \\\"2017-09-13T00:00:00.000Z\\\", \\\"Name\\\": \\\"linkedToMalware\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: Recorded Future Malware Detonation.\\\", \\\"Sources\\\": [\\\"TAIz7D\\\"], \\\"Timestamp\\\": \\\"2020-10-13T10:46:31.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"a1d9cd6f189beff28a0a49b10f8fe4510128471f004b3e4283ddc7f78594906b\", \"Risk\": \"89\", \"RiskString\": \"3/14\"}", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "58 sightings on 5 sources: SecureWorks, InfoCON: green, McAfee, Talos Intel, Kaspersky Securelist and Lab. Most recent link (Jun 28, 2018): https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27077/en_US/McAfee_Labs_WannaCry_June24_2018.pdf", "MitigationString": "", @@ -2303,7 +2303,7 @@ "Timestamp": "2018-06-28T08:11:36.570Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1688 sightings on 26 sources including: lnkd.in, Doc Player, Cyber4Sight, voicebox.pt, VKontakte. 2 related malware families: Wcry, Ransomware. Most recent link (Sep 13, 2017): https://malwr.com/analysis/ZmIzN2E3MzQyM2I0NDYwODllOWRhMmQxODg3YzMxZDA/", "MitigationString": "", @@ -2340,7 +2340,7 @@ "Timestamp": "2017-09-13T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "2 sightings on 1 source: Recorded Future Malware Detonation.", "MitigationString": "", @@ -2373,20 +2373,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"Algorithm\": \"SHA-256\", \"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"16 sightings on 4 sources: Guided Collection, Bleepingcomputer Forums, ISC | All Updates, Malwarebytes Unpacked. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561\\\", \\\"Sources\\\": [\\\"Rlso4a\\\", \\\"hkE5DK\\\", \\\"TZRwk8\\\", \\\"J5NRun\\\"], \\\"Timestamp\\\": \\\"2021-12-21T08:40:00.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Linked to Attack Vector\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"6 sightings on 6 sources including: malwareresearch, AAPKS.com, @Shouvik95232310, @santGM. 3 related attack vectors: Phishing, Click Fraud, Typosquatting. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752\\\", \\\"Sources\\\": [\\\"WlbRkJ\\\", \\\"ha2FFj\\\", \\\"K7wUX2\\\", \\\"P_ivKa\\\", \\\"J-mrOR\\\", \\\"P_upBR\\\"], \\\"Timestamp\\\": \\\"2021-12-25T03:23:47.000Z\\\", \\\"Name\\\": \\\"linkedToVector\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Cyber Attack\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Messaging Platforms - Uncategorized. Most recent link (Oct 18, 2021): https://t.me/An0nymousTeam/1429\\\", \\\"Sources\\\": [\\\"Y7TWfI\\\"], \\\"Timestamp\\\": \\\"2021-10-18T12:09:43.000Z\\\", \\\"Name\\\": \\\"linkedToCyberAttack\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Malware\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"43 sightings on 14 sources including: Ichunqiu Forum, Doc Player, ArXiv, GitHub, droppdf.com. 19 related malware families including Fakespy, Trojan, Offensive Security Tools (OST), Spyware, Dardesh. Most recent tweet: RT @demonslay335: #STOP #Djvu #Ransomware extension \\\\\\\".mogera\\\\\\\" (v090): https://t.co/wlMcSE2EHj | https://t.co/XAYkOoOReU. Most recent link (May 27, 2019): https://twitter.com/DrolSecurity/statuses/1133117241388621825\\\", \\\"Sources\\\": [\\\"TGXqeD\\\", \\\"W4ygGi\\\", \\\"L3kVdM\\\", \\\"QMfGAr\\\", \\\"QAy9GA\\\", \\\"JOU\\\", \\\"MIKjae\\\", \\\"P_oIyV\\\", \\\"QJ6TQK\\\", \\\"idn:droppdf.com\\\", \\\"Ql9O5c\\\", \\\"QAmbRP\\\", \\\"Tq2nAb\\\", \\\"idn:index-of.es\\\"], \\\"Timestamp\\\": \\\"2019-05-27T21:06:17.000Z\\\", \\\"Name\\\": \\\"linkedToMalware\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: PolySwarm. Most recent link (Mar 8, 2021): https://polyswarm.network/scan/results/file/85aba198a0ba204e8549ea0c8980447249d30dece0d430e3f517315ad10f32ce\\\", \\\"Sources\\\": [\\\"doLlw5\\\"], \\\"Timestamp\\\": \\\"2021-03-08T13:00:15.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"85aba198a0ba204e8549ea0c8980447249d30dece0d430e3f517315ad10f32ce\", \"Risk\": \"89\", \"RiskString\": \"5/14\"}", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "16 sightings on 4 sources: Guided Collection, Bleepingcomputer Forums, ISC | All Updates, Malwarebytes Unpacked. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561", "MitigationString": "", @@ -2401,7 +2401,7 @@ "Timestamp": "2021-12-21T08:40:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "6 sightings on 6 sources including: malwareresearch, AAPKS.com, @Shouvik95232310, @santGM. 3 related attack vectors: Phishing, Click Fraud, Typosquatting. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752", "MitigationString": "", @@ -2418,7 +2418,7 @@ "Timestamp": "2021-12-25T03:23:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Messaging Platforms - Uncategorized. Most recent link (Oct 18, 2021): https://t.me/An0nymousTeam/1429", "MitigationString": "", @@ -2430,7 +2430,7 @@ "Timestamp": "2021-10-18T12:09:43.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "43 sightings on 14 sources including: Ichunqiu Forum, Doc Player, ArXiv, GitHub, droppdf.com. 19 related malware families including Fakespy, Trojan, Offensive Security Tools (OST), Spyware, Dardesh. Most recent tweet: RT @demonslay335: #STOP #Djvu #Ransomware extension \".mogera\" (v090): https://t.co/wlMcSE2EHj | https://t.co/XAYkOoOReU. Most recent link (May 27, 2019): https://twitter.com/DrolSecurity/statuses/1133117241388621825", "MitigationString": "", @@ -2455,7 +2455,7 @@ "Timestamp": "2019-05-27T21:06:17.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: PolySwarm. Most recent link (Mar 8, 2021): https://polyswarm.network/scan/results/file/85aba198a0ba204e8549ea0c8980447249d30dece0d430e3f517315ad10f32ce", "MitigationString": "", @@ -2488,20 +2488,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"Algorithm\": \"SHA-256\", \"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"16 sightings on 4 sources: Guided Collection, Bleepingcomputer Forums, ISC | All Updates, Malwarebytes Unpacked. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561\\\", \\\"Sources\\\": [\\\"Rlso4a\\\", \\\"hkE5DK\\\", \\\"TZRwk8\\\", \\\"J5NRun\\\"], \\\"Timestamp\\\": \\\"2021-12-21T08:40:00.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Linked to Attack Vector\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"7 sightings on 7 sources including: malwareresearch, Malwr.com, AAPKS.com, @Shouvik95232310, @santGM, @aa419. 4 related attack vectors: Phishing, Click Fraud, Typosquatting, Keylogger. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752\\\", \\\"Sources\\\": [\\\"WlbRkJ\\\", \\\"ha2FFj\\\", \\\"K7wUX2\\\", \\\"NKaUXl\\\", \\\"P_ivKa\\\", \\\"J-mrOR\\\", \\\"P_upBR\\\"], \\\"Timestamp\\\": \\\"2021-12-25T03:23:47.000Z\\\", \\\"Name\\\": \\\"linkedToVector\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Cyber Attack\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Messaging Platforms - Uncategorized. Most recent link (Oct 18, 2021): https://t.me/An0nymousTeam/1429\\\", \\\"Sources\\\": [\\\"Y7TWfI\\\"], \\\"Timestamp\\\": \\\"2021-10-18T12:09:43.000Z\\\", \\\"Name\\\": \\\"linkedToCyberAttack\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Linked to Malware\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"54 sightings on 17 sources including: Ichunqiu Forum, Doc Player, Malwr.com, ArXiv, GitHub. 19 related malware families including Fakespy, Dardesh, Djvu Ransomware, SAVEfiles, Trojan. Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se voc\\u00ea jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. T\\u00f4 rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321\\\", \\\"Sources\\\": [\\\"TGXqeD\\\", \\\"W4ygGi\\\", \\\"L3kVdM\\\", \\\"QMfGAr\\\", \\\"NKaUXl\\\", \\\"kuKt0c\\\", \\\"QAy9GA\\\", \\\"JOU\\\", \\\"MIKjae\\\", \\\"P_oIyV\\\", \\\"QJ6TQK\\\", \\\"idn:droppdf.com\\\", \\\"Ql9O5c\\\", \\\"QAmbRP\\\", \\\"Tq2nAb\\\", \\\"TbciDE\\\", \\\"idn:index-of.es\\\"], \\\"Timestamp\\\": \\\"2021-11-27T23:07:37.000Z\\\", \\\"Name\\\": \\\"linkedToMalware\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: ReversingLabs. Most recent link (Aug 13, 2017): ReversingLabs malware file analysis.\\\", \\\"Sources\\\": [\\\"TbciDE\\\"], \\\"Timestamp\\\": \\\"2017-08-13T00:33:27.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"7531fcea7002c8b52a8d023d0f3bb938efb2cbfec91d2433694930b426d84865\", \"Risk\": \"89\", \"RiskString\": \"5/14\"}", - "risk_score": 89, + "risk_score": 89.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "16 sightings on 4 sources: Guided Collection, Bleepingcomputer Forums, ISC | All Updates, Malwarebytes Unpacked. Most recent link (Dec 21, 2021): https://www.bleepingcomputer.com/forums/t/765398/gmer-scan-reveals-chinese-letter-characters/#entry5298561", "MitigationString": "", @@ -2516,7 +2516,7 @@ "Timestamp": "2021-12-21T08:40:00.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "7 sightings on 7 sources including: malwareresearch, Malwr.com, AAPKS.com, @Shouvik95232310, @santGM, @aa419. 4 related attack vectors: Phishing, Click Fraud, Typosquatting, Keylogger. Most recent tweet: Many People sending me this type of link and it's a phishing link @stufflistings @trolling_isart @yabhishekhd Thanks @virustotal for checking. Website where I Checked it https://t.co/q0pzRgZFuW If you clicked you should reset your phone. Am I RIGHT @trolling_isart @stufflistings https://t.co/yINsBtAJhr. Most recent link (Dec 25, 2021): https://twitter.com/galaxyshouvik/statuses/1474581610959818752", "MitigationString": "", @@ -2534,7 +2534,7 @@ "Timestamp": "2021-12-25T03:23:47.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Messaging Platforms - Uncategorized. Most recent link (Oct 18, 2021): https://t.me/An0nymousTeam/1429", "MitigationString": "", @@ -2546,7 +2546,7 @@ "Timestamp": "2021-10-18T12:09:43.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "54 sightings on 17 sources including: Ichunqiu Forum, Doc Player, Malwr.com, ArXiv, GitHub. 19 related malware families including Fakespy, Dardesh, Djvu Ransomware, SAVEfiles, Trojan. Most recent tweet: @Enfenogo @ThetanArena @KardiaChain @wolffungame Se você jogar o .exe do instalador no site https://t.co/yxgkgU58Hr, vai encontrar um trojan minerador. Estou sem acreditar. Tô rodando o Malware Byte no meu PC pra tentar limpar a merda que eles fizeram. Most recent link (Nov 27, 2021): https://twitter.com/Ronan30451924/statuses/1464732674891960321", "MitigationString": "", @@ -2574,7 +2574,7 @@ "Timestamp": "2021-11-27T23:07:37.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: ReversingLabs. Most recent link (Aug 13, 2017): ReversingLabs malware file analysis.", "MitigationString": "", @@ -2607,20 +2607,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Linked to Intrusion Method\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"7 sightings on 1 source: PasteBin. 3 related intrusion methods: Trojan, Banking Trojan, QakBot. Most recent link (Nov 8, 2021): https://pastebin.com/G1Jvm5T0\\\", \\\"Sources\\\": [\\\"Jv_xrR\\\"], \\\"Timestamp\\\": \\\"2021-11-08T16:27:15.000Z\\\", \\\"Name\\\": \\\"linkedIntrusion\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported as a Defanged IP\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: GitHub. Most recent link (Nov 16, 2021): https://github.com/pan-unit42/tweets/blob/master/2021-11-15-IOCs-for-Matanbuchus-Qakbot-CobaltStrike-and-spambot-activity.txt\\\", \\\"Sources\\\": [\\\"MIKjae\\\"], \\\"Timestamp\\\": \\\"2021-11-16T00:00:00.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Current C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"164 sightings on 4 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions, Abuse.ch: Feodo IP Blocklist, Polyswarm Sandbox Analysis - Malware C2 Extractions. Joe Security malware sandbox identified 103.143.8.71:443 as TA0011 (Command and Control) QakBot using configuration extraction on sample 8f97195fc90ce520e75db6785204da0adbda9be5464bb27cd4dcc5b23b547651\\\", \\\"Sources\\\": [\\\"b5tNVA\\\", \\\"h_iZX8\\\", \\\"report:OtiCOp\\\", \\\"hyihHO\\\"], \\\"Timestamp\\\": \\\"2021-12-29T02:11:16.658Z\\\", \\\"Name\\\": \\\"recentCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}, {\\\"Rule\\\": \\\"Actively Communicating C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Qakbot. Communication observed on TCP:443, TCP:6881, TCP:995. Exfiltration behavior observed. Last observed on Dec 27, 2021.\\\", \\\"Sources\\\": [\\\"report:aEft3k\\\"], \\\"Timestamp\\\": \\\"2021-12-29T02:11:16.663Z\\\", \\\"Name\\\": \\\"recentActiveCnc\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"67.43.156.12\", \"Risk\": \"99\", \"RiskString\": \"4/64\"}", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "7 sightings on 1 source: PasteBin. 3 related intrusion methods: Trojan, Banking Trojan, QakBot. Most recent link (Nov 8, 2021): https://pastebin.com/G1Jvm5T0", "MitigationString": "", @@ -2632,7 +2632,7 @@ "Timestamp": "2021-11-08T16:27:15.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: GitHub. Most recent link (Nov 16, 2021): https://github.com/pan-unit42/tweets/blob/master/2021-11-15-IOCs-for-Matanbuchus-Qakbot-CobaltStrike-and-spambot-activity.txt", "MitigationString": "", @@ -2644,7 +2644,7 @@ "Timestamp": "2021-11-16T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "164 sightings on 4 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions, Abuse.ch: Feodo IP Blocklist, Polyswarm Sandbox Analysis - Malware C2 Extractions. Joe Security malware sandbox identified 103.143.8.71:443 as TA0011 (Command and Control) QakBot using configuration extraction on sample 8f97195fc90ce520e75db6785204da0adbda9be5464bb27cd4dcc5b23b547651", "MitigationString": "", @@ -2659,7 +2659,7 @@ "Timestamp": "2021-12-29T02:11:16.658Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Qakbot. Communication observed on TCP:443, TCP:6881, TCP:995. Exfiltration behavior observed. Last observed on Dec 27, 2021.", "MitigationString": "", @@ -2688,20 +2688,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Linked to Intrusion Method\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: GitHub. 2 related intrusion methods: Nanocore, Remote Access Trojan. Most recent link (Jan 1, 2021): https://github.com/GlacierSheep/DomainBlockList/blob/master/trail/static_nanocore_(malware).domainset\\\", \\\"Sources\\\": [\\\"MIKjae\\\"], \\\"Timestamp\\\": \\\"2021-01-01T16:56:57.000Z\\\", \\\"Name\\\": \\\"linkedIntrusion\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Multicategory Blocklist\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 2 sources: Bitdefender IP Reputation, hpHosts Latest Additions. Bitdefender detected suspicious traffic involving 185.19.85.136 associated with Bitdefender threat name Trojan.GenericKD.34300483 on Apr 30, 2021\\\", \\\"Sources\\\": [\\\"iFMVSl\\\", \\\"Ol_aRZ\\\"], \\\"Timestamp\\\": \\\"2021-04-30T04:50:06.000Z\\\", \\\"Name\\\": \\\"multiBlacklist\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported in Threat List\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"Previous sightings on 1 source: Recorded Future Fast Flux DNS IP List. Observed between Feb 13, 2021, and Feb 13, 2021.\\\", \\\"Sources\\\": [\\\"report:SW8xpk\\\"], \\\"Timestamp\\\": \\\"2021-12-28T19:20:46.641Z\\\", \\\"Name\\\": \\\"historicalThreatListMembership\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"9 sightings on 2 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions. Command \u0026 Control host identified on Oct 29, 2021.\\\", \\\"Sources\\\": [\\\"b5tNVA\\\", \\\"h_iZX8\\\"], \\\"Timestamp\\\": \\\"2021-10-29T08:07:54.495Z\\\", \\\"Name\\\": \\\"intermediateCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Recently Active C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Asyncrat. Communication observed on TCP:6060. Last observed on Dec 21, 2021.\\\", \\\"Sources\\\": [\\\"report:aEft3k\\\"], \\\"Timestamp\\\": \\\"2021-12-28T19:20:46.639Z\\\", \\\"Name\\\": \\\"intermediateActiveCnc\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Current C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"12 sightings on 2 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions. Command \u0026 Control host identified on Dec 24, 2021.\\\", \\\"Sources\\\": [\\\"b5tNVA\\\", \\\"h_iZX8\\\"], \\\"Timestamp\\\": \\\"2021-12-24T08:07:09.925Z\\\", \\\"Name\\\": \\\"recentCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"67.43.156.13\", \"Risk\": \"99\", \"RiskString\": \"6/64\"}", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: GitHub. 2 related intrusion methods: Nanocore, Remote Access Trojan. Most recent link (Jan 1, 2021): https://github.com/GlacierSheep/DomainBlockList/blob/master/trail/static_nanocore_(malware).domainset", "MitigationString": "", @@ -2713,7 +2713,7 @@ "Timestamp": "2021-01-01T16:56:57.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 2 sources: Bitdefender IP Reputation, hpHosts Latest Additions. Bitdefender detected suspicious traffic involving 185.19.85.136 associated with Bitdefender threat name Trojan.GenericKD.34300483 on Apr 30, 2021", "MitigationString": "", @@ -2726,7 +2726,7 @@ "Timestamp": "2021-04-30T04:50:06.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 1 source: Recorded Future Fast Flux DNS IP List. Observed between Feb 13, 2021, and Feb 13, 2021.", "MitigationString": "", @@ -2738,7 +2738,7 @@ "Timestamp": "2021-12-28T19:20:46.641Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "9 sightings on 2 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions. Command \u0026 Control host identified on Oct 29, 2021.", "MitigationString": "", @@ -2751,7 +2751,7 @@ "Timestamp": "2021-10-29T08:07:54.495Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Asyncrat. Communication observed on TCP:6060. Last observed on Dec 21, 2021.", "MitigationString": "", @@ -2763,7 +2763,7 @@ "Timestamp": "2021-12-28T19:20:46.639Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "12 sightings on 2 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions. Command \u0026 Control host identified on Dec 24, 2021.", "MitigationString": "", @@ -2793,20 +2793,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Linked to Intrusion Method\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"12 sightings on 2 sources: C2IntelFeeds IPC2s, @drb_ra. 2 related intrusion methods: Cobalt Strike, Offensive Security Tools (OST). Most recent tweet: Cobalt Strike server found C2: HTTPS @ 45[.]112[.]206[.]18:443 C2 Server: 45[.]112[.]206[.]13,/IE9CompatViewList[.]xml Country: Hong Kong ASN: HK kwaifong group limited #C2 #cobaltstrike. Most recent link (Nov 26, 2021): https://twitter.com/drb_ra/statuses/1464248045118590978\\\", \\\"Sources\\\": [\\\"k_7zaW\\\", \\\"jqWX2B\\\"], \\\"Timestamp\\\": \\\"2021-11-26T15:01:53.000Z\\\", \\\"Name\\\": \\\"linkedIntrusion\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Linked to Cyber Attack\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: C2IntelFeeds IPC2s. Most recent link (Aug 15, 2021): https://github.com/drb-ra/C2IntelFeeds/blob/master/feeds/IPC2s-30day.csv?q=45.112.206.18_20210815\\\", \\\"Sources\\\": [\\\"k_7zaW\\\"], \\\"Timestamp\\\": \\\"2021-08-15T00:00:00.000Z\\\", \\\"Name\\\": \\\"linkedToCyberAttack\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported as a Defanged IP\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"10 sightings on 1 source: @drb_ra. Most recent tweet: Cobalt Strike server found C2: HTTPS @ 45[.]112[.]206[.]18:443 C2 Server: 45[.]112[.]206[.]13,/IE9CompatViewList[.]xml Country: Hong Kong ASN: HK kwaifong group limited #C2 #cobaltstrike. Most recent link (Nov 26, 2021): https://twitter.com/drb_ra/statuses/1464248045118590978\\\", \\\"Sources\\\": [\\\"jqWX2B\\\"], \\\"Timestamp\\\": \\\"2021-11-26T15:01:53.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported in Threat List\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"Previous sightings on 2 sources: Cobalt Strike Default Certificate Detected - Shodan / Recorded Future, Recorded Future Analyst Community Trending Indicators. Observed between Jul 8, 2021, and Dec 9, 2021.\\\", \\\"Sources\\\": [\\\"report:aD1qtM\\\", \\\"report:Tluf00\\\"], \\\"Timestamp\\\": \\\"2021-12-28T18:45:41.877Z\\\", \\\"Name\\\": \\\"historicalThreatListMembership\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Current C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: Recorded Future Command \u0026 Control List. Command \u0026 Control host identified on Jul 5, 2021.\\\", \\\"Sources\\\": [\\\"b5tNVA\\\"], \\\"Timestamp\\\": \\\"2021-07-05T08:04:23.139Z\\\", \\\"Name\\\": \\\"recentCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}, {\\\"Rule\\\": \\\"Actively Communicating C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Cobalt Strike Team Servers. Communication observed on TCP:443, TCP:8443. Last observed on Dec 26, 2021.\\\", \\\"Sources\\\": [\\\"report:aEft3k\\\"], \\\"Timestamp\\\": \\\"2021-12-28T18:45:41.875Z\\\", \\\"Name\\\": \\\"recentActiveCnc\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"67.43.156.14\", \"Risk\": \"99\", \"RiskString\": \"6/64\"}", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "12 sightings on 2 sources: C2IntelFeeds IPC2s, @drb_ra. 2 related intrusion methods: Cobalt Strike, Offensive Security Tools (OST). Most recent tweet: Cobalt Strike server found C2: HTTPS @ 45[.]112[.]206[.]18:443 C2 Server: 45[.]112[.]206[.]13,/IE9CompatViewList[.]xml Country: Hong Kong ASN: HK kwaifong group limited #C2 #cobaltstrike. Most recent link (Nov 26, 2021): https://twitter.com/drb_ra/statuses/1464248045118590978", "MitigationString": "", @@ -2819,7 +2819,7 @@ "Timestamp": "2021-11-26T15:01:53.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: C2IntelFeeds IPC2s. Most recent link (Aug 15, 2021): https://github.com/drb-ra/C2IntelFeeds/blob/master/feeds/IPC2s-30day.csv?q=45.112.206.18_20210815", "MitigationString": "", @@ -2831,7 +2831,7 @@ "Timestamp": "2021-08-15T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "10 sightings on 1 source: @drb_ra. Most recent tweet: Cobalt Strike server found C2: HTTPS @ 45[.]112[.]206[.]18:443 C2 Server: 45[.]112[.]206[.]13,/IE9CompatViewList[.]xml Country: Hong Kong ASN: HK kwaifong group limited #C2 #cobaltstrike. Most recent link (Nov 26, 2021): https://twitter.com/drb_ra/statuses/1464248045118590978", "MitigationString": "", @@ -2843,7 +2843,7 @@ "Timestamp": "2021-11-26T15:01:53.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 2 sources: Cobalt Strike Default Certificate Detected - Shodan / Recorded Future, Recorded Future Analyst Community Trending Indicators. Observed between Jul 8, 2021, and Dec 9, 2021.", "MitigationString": "", @@ -2856,7 +2856,7 @@ "Timestamp": "2021-12-28T18:45:41.877Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "2 sightings on 1 source: Recorded Future Command \u0026 Control List. Command \u0026 Control host identified on Jul 5, 2021.", "MitigationString": "", @@ -2868,7 +2868,7 @@ "Timestamp": "2021-07-05T08:04:23.139Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Cobalt Strike Team Servers. Communication observed on TCP:443, TCP:8443. Last observed on Dec 26, 2021.", "MitigationString": "", @@ -2897,20 +2897,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Linked to Intrusion Method\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"239 sightings on 5 sources: paloaltonetworks.jp, Palo Alto Networks, Unit 42 Palo Alto Networks, PasteBin, Cryptolaemus Pastedump. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Mar 14, 2021): https://unit42.paloaltonetworks.jp/attack-chain-overview-emotet-in-december-2020-and-january-2021/\\\", \\\"Sources\\\": [\\\"idn:paloaltonetworks.jp\\\", \\\"JwO7jp\\\", \\\"jjf3_B\\\", \\\"Jv_xrR\\\", \\\"Z7kln2\\\"], \\\"Timestamp\\\": \\\"2021-03-14T00:00:00.000Z\\\", \\\"Name\\\": \\\"linkedIntrusion\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: Unit 42 Palo Alto Networks. Most recent link (Apr 9, 2021): https://unit42.paloaltonetworks.com/emotet-command-and-control/\\\", \\\"Sources\\\": [\\\"jjf3_B\\\"], \\\"Timestamp\\\": \\\"2021-04-09T12:00:00.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Multicategory Blocklist\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"5 sightings on 1 source: AbuseIP Database. Most recent link (Aug 25, 2020): https://www.abuseipdb.com/check/190.55.186.229\\\", \\\"Sources\\\": [\\\"UneVVu\\\"], \\\"Timestamp\\\": \\\"2020-08-25T20:01:29.075Z\\\", \\\"Name\\\": \\\"multiBlacklist\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported as a Defanged IP\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"6 sightings on 3 sources: paloaltonetworks.jp, Palo Alto Networks, Unit 42 Palo Alto Networks. Most recent link (Apr 9, 2021): https://unit42.paloaltonetworks.com/emotet-command-and-control/\\\", \\\"Sources\\\": [\\\"idn:paloaltonetworks.jp\\\", \\\"JwO7jp\\\", \\\"jjf3_B\\\"], \\\"Timestamp\\\": \\\"2021-04-09T12:00:00.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Positive Malware Verdict\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"87 sightings on 1 source: Cryptolaemus Pastedump. Most recent link (Jan 25, 2021): https://paste.cryptolaemus.com/emotet/2021/01/25/emotet-malware-IoCs_01-25-21.html\\\", \\\"Sources\\\": [\\\"Z7kln2\\\"], \\\"Timestamp\\\": \\\"2021-01-25T23:59:00.000Z\\\", \\\"Name\\\": \\\"positiveMalwareVerdict\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Spam Source\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: External Sensor Spam. 190.55.186.229 was historically observed as spam. No longer observed as of Nov 16, 2021.\\\", \\\"Sources\\\": [\\\"kBCI-b\\\"], \\\"Timestamp\\\": \\\"2021-11-16T01:06:21.965Z\\\", \\\"Name\\\": \\\"spam\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported in Threat List\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"Previous sightings on 2 sources: University of Science and Technology of China Black IP List, Abuse.ch: Feodo IP Blocklist. Observed between Feb 26, 2021, and Dec 27, 2021.\\\", \\\"Sources\\\": [\\\"report:Q1ghC0\\\", \\\"report:OtiCOp\\\"], \\\"Timestamp\\\": \\\"2021-12-28T19:33:55.849Z\\\", \\\"Name\\\": \\\"historicalThreatListMembership\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"31 sightings on 3 sources: Palo Alto Networks, Polyswarm Sandbox Analysis - Malware C2 Extractions, Unit 42 Palo Alto Networks. Polyswarm malware sandbox identified 190.55.186.229:80 as TA0011 (Command and Control) for Emotet using configuration extraction on sample a88734cd5c38211a4168bc7701516a50e6aef5ef20d2b1a915edae23c1b345db\\\", \\\"Sources\\\": [\\\"JwO7jp\\\", \\\"hyihHO\\\", \\\"jjf3_B\\\"], \\\"Timestamp\\\": \\\"2021-10-19T12:21:34.268Z\\\", \\\"Name\\\": \\\"intermediateCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Recent Multicategory Blocklist\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Talos IP Blacklist.\\\", \\\"Sources\\\": [\\\"report:VW6jeN\\\"], \\\"Timestamp\\\": \\\"2021-12-28T19:33:55.846Z\\\", \\\"Name\\\": \\\"recentMultiBlacklist\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Current C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"5 sightings on 2 sources: Polyswarm Sandbox Analysis - Malware C2 Extractions, Joe Security Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 190.55.186.229:80 as TA0011 (Command and Control) for Emotet using configuration extraction on sample c9709d56b92047cd55fb097feb6cb7a8de6f3edc5ea79a429363938a69aae580\\\", \\\"Sources\\\": [\\\"hyihHO\\\", \\\"h_iZX8\\\"], \\\"Timestamp\\\": \\\"2021-12-27T19:00:49.975Z\\\", \\\"Name\\\": \\\"recentCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"67.43.156.15\", \"Risk\": \"99\", \"RiskString\": \"10/64\"}", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "239 sightings on 5 sources: paloaltonetworks.jp, Palo Alto Networks, Unit 42 Palo Alto Networks, PasteBin, Cryptolaemus Pastedump. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Mar 14, 2021): https://unit42.paloaltonetworks.jp/attack-chain-overview-emotet-in-december-2020-and-january-2021/", "MitigationString": "", @@ -2926,7 +2926,7 @@ "Timestamp": "2021-03-14T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Unit 42 Palo Alto Networks. Most recent link (Apr 9, 2021): https://unit42.paloaltonetworks.com/emotet-command-and-control/", "MitigationString": "", @@ -2938,7 +2938,7 @@ "Timestamp": "2021-04-09T12:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "5 sightings on 1 source: AbuseIP Database. Most recent link (Aug 25, 2020): https://www.abuseipdb.com/check/190.55.186.229", "MitigationString": "", @@ -2950,7 +2950,7 @@ "Timestamp": "2020-08-25T20:01:29.075Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "6 sightings on 3 sources: paloaltonetworks.jp, Palo Alto Networks, Unit 42 Palo Alto Networks. Most recent link (Apr 9, 2021): https://unit42.paloaltonetworks.com/emotet-command-and-control/", "MitigationString": "", @@ -2964,7 +2964,7 @@ "Timestamp": "2021-04-09T12:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "87 sightings on 1 source: Cryptolaemus Pastedump. Most recent link (Jan 25, 2021): https://paste.cryptolaemus.com/emotet/2021/01/25/emotet-malware-IoCs_01-25-21.html", "MitigationString": "", @@ -2976,7 +2976,7 @@ "Timestamp": "2021-01-25T23:59:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: External Sensor Spam. 190.55.186.229 was historically observed as spam. No longer observed as of Nov 16, 2021.", "MitigationString": "", @@ -2988,7 +2988,7 @@ "Timestamp": "2021-11-16T01:06:21.965Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 2 sources: University of Science and Technology of China Black IP List, Abuse.ch: Feodo IP Blocklist. Observed between Feb 26, 2021, and Dec 27, 2021.", "MitigationString": "", @@ -3001,7 +3001,7 @@ "Timestamp": "2021-12-28T19:33:55.849Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "31 sightings on 3 sources: Palo Alto Networks, Polyswarm Sandbox Analysis - Malware C2 Extractions, Unit 42 Palo Alto Networks. Polyswarm malware sandbox identified 190.55.186.229:80 as TA0011 (Command and Control) for Emotet using configuration extraction on sample a88734cd5c38211a4168bc7701516a50e6aef5ef20d2b1a915edae23c1b345db", "MitigationString": "", @@ -3015,7 +3015,7 @@ "Timestamp": "2021-10-19T12:21:34.268Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Talos IP Blacklist.", "MitigationString": "", @@ -3027,7 +3027,7 @@ "Timestamp": "2021-12-28T19:33:55.846Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "5 sightings on 2 sources: Polyswarm Sandbox Analysis - Malware C2 Extractions, Joe Security Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 190.55.186.229:80 as TA0011 (Command and Control) for Emotet using configuration extraction on sample c9709d56b92047cd55fb097feb6cb7a8de6f3edc5ea79a429363938a69aae580", "MitigationString": "", @@ -3057,20 +3057,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Linked to Intrusion Method\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: PasteBin. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Dec 2, 2021): https://pastebin.com/SusxCK2b\\\", \\\"Sources\\\": [\\\"Jv_xrR\\\"], \\\"Timestamp\\\": \\\"2021-12-02T15:58:10.000Z\\\", \\\"Name\\\": \\\"linkedIntrusion\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Current C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"2 sightings on 2 sources: Recorded Future Command \u0026 Control List, Abuse.ch: Feodo IP Blocklist. Command \u0026 Control host identified on Dec 1, 2021.\\\", \\\"Sources\\\": [\\\"b5tNVA\\\", \\\"report:OtiCOp\\\"], \\\"Timestamp\\\": \\\"2021-12-01T08:06:11.827Z\\\", \\\"Name\\\": \\\"recentCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}, {\\\"Rule\\\": \\\"Actively Communicating C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Emotet. Communication observed on TCP:443. Exfiltration behavior observed. Last observed on Dec 26, 2021.\\\", \\\"Sources\\\": [\\\"report:aEft3k\\\"], \\\"Timestamp\\\": \\\"2021-12-28T22:05:35.688Z\\\", \\\"Name\\\": \\\"recentActiveCnc\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"67.43.156.12\", \"Risk\": \"99\", \"RiskString\": \"3/64\"}", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: PasteBin. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Dec 2, 2021): https://pastebin.com/SusxCK2b", "MitigationString": "", @@ -3082,7 +3082,7 @@ "Timestamp": "2021-12-02T15:58:10.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "2 sightings on 2 sources: Recorded Future Command \u0026 Control List, Abuse.ch: Feodo IP Blocklist. Command \u0026 Control host identified on Dec 1, 2021.", "MitigationString": "", @@ -3095,7 +3095,7 @@ "Timestamp": "2021-12-01T08:06:11.827Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Emotet. Communication observed on TCP:443. Exfiltration behavior observed. Last observed on Dec 26, 2021.", "MitigationString": "", @@ -3124,20 +3124,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historical Honeypot Sighting\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 2 sources: Project Honey Pot, @HoneyFog. Most recent tweet: Fog44: 87.120.254.96-\u0026gt;22. Most recent link (Dec 14, 2016): https://twitter.com/HoneyFog/statuses/809032869792378880\\\", \\\"Sources\\\": [\\\"P_izv4\\\", \\\"OSz1F0\\\"], \\\"Timestamp\\\": \\\"2016-12-14T13:50:41.000Z\\\", \\\"Name\\\": \\\"honeypot\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported as a Defanged IP\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: GitHub. Most recent link (Nov 8, 2021): https://github.com/pan-unit42/tweets/blob/master/2021-11-05-TA551-IOCs.txt\\\", \\\"Sources\\\": [\\\"MIKjae\\\"], \\\"Timestamp\\\": \\\"2021-11-08T00:00:00.000Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Spam Source\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: External Sensor Spam. 87.120.254.96 was historically observed as spam. No longer observed as of Nov 16, 2021.\\\", \\\"Sources\\\": [\\\"kBCI-b\\\"], \\\"Timestamp\\\": \\\"2021-11-16T03:19:58.721Z\\\", \\\"Name\\\": \\\"spam\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recently Linked to Intrusion Method\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: CloudSEK. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Dec 22, 2021): https://cloudsek.com/emotet-2-0-everything-you-need-to-know-about-the-new-variant-of-thbanking-trojan/\\\", \\\"Sources\\\": [\\\"k837l0\\\"], \\\"Timestamp\\\": \\\"2021-12-22T09:45:33.000Z\\\", \\\"Name\\\": \\\"recentLinkedIntrusion\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Recent Multicategory Blocklist\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: University of Science and Technology of China Black IP List.\\\", \\\"Sources\\\": [\\\"report:Q1ghC0\\\"], \\\"Timestamp\\\": \\\"2021-12-29T06:21:27.693Z\\\", \\\"Name\\\": \\\"recentMultiBlacklist\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Current C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"2 sightings on 2 sources: Recorded Future Command \u0026 Control List, Abuse.ch: Feodo IP Blocklist. Command \u0026 Control host identified on Nov 25, 2021.\\\", \\\"Sources\\\": [\\\"b5tNVA\\\", \\\"report:OtiCOp\\\"], \\\"Timestamp\\\": \\\"2021-11-25T08:06:42.384Z\\\", \\\"Name\\\": \\\"recentCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}, {\\\"Rule\\\": \\\"Actively Communicating C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Bazarloader. Communication observed on TCP:443. Exfiltration behavior observed. Last observed on Dec 25, 2021.\\\", \\\"Sources\\\": [\\\"report:aEft3k\\\"], \\\"Timestamp\\\": \\\"2021-12-29T06:21:27.731Z\\\", \\\"Name\\\": \\\"recentActiveCnc\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"67.43.156.13\", \"Risk\": \"99\", \"RiskString\": \"7/64\"}", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 2 sources: Project Honey Pot, @HoneyFog. Most recent tweet: Fog44: 87.120.254.96-\u0026gt;22. Most recent link (Dec 14, 2016): https://twitter.com/HoneyFog/statuses/809032869792378880", "MitigationString": "", @@ -3150,7 +3150,7 @@ "Timestamp": "2016-12-14T13:50:41.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: GitHub. Most recent link (Nov 8, 2021): https://github.com/pan-unit42/tweets/blob/master/2021-11-05-TA551-IOCs.txt", "MitigationString": "", @@ -3162,7 +3162,7 @@ "Timestamp": "2021-11-08T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: External Sensor Spam. 87.120.254.96 was historically observed as spam. No longer observed as of Nov 16, 2021.", "MitigationString": "", @@ -3174,7 +3174,7 @@ "Timestamp": "2021-11-16T03:19:58.721Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: CloudSEK. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Dec 22, 2021): https://cloudsek.com/emotet-2-0-everything-you-need-to-know-about-the-new-variant-of-thbanking-trojan/", "MitigationString": "", @@ -3186,7 +3186,7 @@ "Timestamp": "2021-12-22T09:45:33.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: University of Science and Technology of China Black IP List.", "MitigationString": "", @@ -3198,7 +3198,7 @@ "Timestamp": "2021-12-29T06:21:27.693Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "2 sightings on 2 sources: Recorded Future Command \u0026 Control List, Abuse.ch: Feodo IP Blocklist. Command \u0026 Control host identified on Nov 25, 2021.", "MitigationString": "", @@ -3211,7 +3211,7 @@ "Timestamp": "2021-11-25T08:06:42.384Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Bazarloader. Communication observed on TCP:443. Exfiltration behavior observed. Last observed on Dec 25, 2021.", "MitigationString": "", @@ -3240,20 +3240,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported in Threat List\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"Previous sightings on 3 sources: Cobalt Strike Default Certificate Detected - Shodan / Recorded Future, CINS: CI Army List, Recorded Future Analyst Community Trending Indicators. Observed between Jan 22, 2021, and Sep 25, 2021.\\\", \\\"Sources\\\": [\\\"report:aD1qtM\\\", \\\"report:OchJ-t\\\", \\\"report:Tluf00\\\"], \\\"Timestamp\\\": \\\"2021-12-28T18:42:08.925Z\\\", \\\"Name\\\": \\\"historicalThreatListMembership\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent Multicategory Blocklist\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: DShield: Recommended Block List.\\\", \\\"Sources\\\": [\\\"report:OchJ-o\\\"], \\\"Timestamp\\\": \\\"2021-12-28T18:42:08.917Z\\\", \\\"Name\\\": \\\"recentMultiBlacklist\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Current C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"19 sightings on 2 sources: Recorded Future Command \u0026 Control List, @TheDFIRReport. Most recent tweet: Here's some newer C2 servers we're tracking: #BazarLoader 64.227.73.80 64.225.71.198 #Covenant 167.71.67.196 45.146.165.76 #PoshC2 193.36.15.192 #Empire 64.227.21.255 #Metasploit 91.221.70.143 Full list available @ https://t.co/QT6o626hsR #ThreatFeed. Most recent link (Sep 1, 2021): https://twitter.com/TheDFIRReport/statuses/1433055791964049412\\\", \\\"Sources\\\": [\\\"b5tNVA\\\", \\\"dZgcRz\\\"], \\\"Timestamp\\\": \\\"2021-09-01T13:15:00.000Z\\\", \\\"Name\\\": \\\"recentCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}, {\\\"Rule\\\": \\\"Actively Communicating C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Covenant. Communication observed on TCP:7443. Exfiltration behavior observed. Last observed on Dec 27, 2021.\\\", \\\"Sources\\\": [\\\"report:aEft3k\\\"], \\\"Timestamp\\\": \\\"2021-12-28T18:42:08.923Z\\\", \\\"Name\\\": \\\"recentActiveCnc\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"67.43.156.14\", \"Risk\": \"99\", \"RiskString\": \"4/64\"}", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 3 sources: Cobalt Strike Default Certificate Detected - Shodan / Recorded Future, CINS: CI Army List, Recorded Future Analyst Community Trending Indicators. Observed between Jan 22, 2021, and Sep 25, 2021.", "MitigationString": "", @@ -3267,7 +3267,7 @@ "Timestamp": "2021-12-28T18:42:08.925Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: DShield: Recommended Block List.", "MitigationString": "", @@ -3279,7 +3279,7 @@ "Timestamp": "2021-12-28T18:42:08.917Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "19 sightings on 2 sources: Recorded Future Command \u0026 Control List, @TheDFIRReport. Most recent tweet: Here's some newer C2 servers we're tracking: #BazarLoader 64.227.73.80 64.225.71.198 #Covenant 167.71.67.196 45.146.165.76 #PoshC2 193.36.15.192 #Empire 64.227.21.255 #Metasploit 91.221.70.143 Full list available @ https://t.co/QT6o626hsR #ThreatFeed. Most recent link (Sep 1, 2021): https://twitter.com/TheDFIRReport/statuses/1433055791964049412", "MitigationString": "", @@ -3292,7 +3292,7 @@ "Timestamp": "2021-09-01T13:15:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Covenant. Communication observed on TCP:7443. Exfiltration behavior observed. Last observed on Dec 27, 2021.", "MitigationString": "", @@ -3321,20 +3321,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historical Open Proxies\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2339 sightings on 9 sources including: TBN, BlackHatWorld Forum, Carding Mafia Forum, Inforge Forum Hacker Trucchi Giochi Informatica, ProxyFire - The Best Proxy Software and Forum. Most recent link (Jun 29, 2019): https://Black%20Hat%20World%20Forum%20(Obfuscated)/seo/ssl-proxies-occasional-update.927669/page-44#post-12210196\\\", \\\"Sources\\\": [\\\"RqhhJr\\\", \\\"KjGS3i\\\", \\\"VU4Qnc\\\", \\\"P7sZbk\\\", \\\"OQ_oQH\\\", \\\"Qk8WdX\\\", \\\"Qk8Wdg\\\", \\\"QqgtXJ\\\", \\\"KhvyCV\\\"], \\\"Timestamp\\\": \\\"2019-06-29T01:18:00.000Z\\\", \\\"Name\\\": \\\"openProxies\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Honeypot Sighting\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: @HoneyFog. Most recent tweet: Fog44: 181.112.52.26-\u0026gt;22. I've never seen this IP before. Most recent link (Oct 6, 2017): https://twitter.com/HoneyFog/statuses/916371734928019456\\\", \\\"Sources\\\": [\\\"P_izv4\\\"], \\\"Timestamp\\\": \\\"2017-10-06T18:37:01.000Z\\\", \\\"Name\\\": \\\"honeypot\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Linked to Intrusion Method\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"10 sightings on 3 sources: Manato Kumagai Hatena Blog, sentinelone.com, PasteBin. 6 related intrusion methods including TrickLoader, Trojan, Emotet, Banking Trojan, Trickbot. Most recent link (Feb 26, 2020): https://labs.sentinelone.com/revealing-the-trick-a-deep-dive-into-trickloader-obfuscation/\\\", \\\"Sources\\\": [\\\"TiY1wa\\\", \\\"idn:sentinelone.com\\\", \\\"Jv_xrR\\\"], \\\"Timestamp\\\": \\\"2020-02-26T15:00:17.035Z\\\", \\\"Name\\\": \\\"linkedIntrusion\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Multicategory Blocklist\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"4 sightings on 1 source: AbuseIP Database. Most recent link (Aug 17, 2018): https://www.abuseipdb.com/check/181.112.52.26\\\", \\\"Sources\\\": [\\\"UneVVu\\\"], \\\"Timestamp\\\": \\\"2018-08-17T00:30:42.194Z\\\", \\\"Name\\\": \\\"multiBlacklist\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical SSH/Dictionary Attacker\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"4 sightings on 1 source: AbuseIP Database. Most recent link (Aug 17, 2018): https://www.abuseipdb.com/check/181.112.52.26\\\", \\\"Sources\\\": [\\\"UneVVu\\\"], \\\"Timestamp\\\": \\\"2018-08-17T00:30:42.194Z\\\", \\\"Name\\\": \\\"sshDictAttacker\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported in Threat List\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"Previous sightings on 3 sources: BlockList.de: Fail2ban Reporting Service, Abuse.ch: Feodo IP Blocklist, Proxies: SOCKS Open Proxies. Observed between Jun 15, 2019, and Oct 3, 2020.\\\", \\\"Sources\\\": [\\\"report:OhgwUx\\\", \\\"report:OtiCOp\\\", \\\"report:SYQe08\\\"], \\\"Timestamp\\\": \\\"2021-12-28T22:05:41.272Z\\\", \\\"Name\\\": \\\"historicalThreatListMembership\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"3 sightings on 1 source: Polyswarm Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 181.112.52.26:449 as TA0011 (Command and Control) for Trickbot using configuration extraction on sample dcc42c0bd075f283c71ac327c845498454dcd9528386df5b296fdf89ba105bfa\\\", \\\"Sources\\\": [\\\"hyihHO\\\"], \\\"Timestamp\\\": \\\"2021-07-15T12:42:04.656Z\\\", \\\"Name\\\": \\\"intermediateCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Current C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"5 sightings on 1 source: Polyswarm Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 181.112.52.26:449 as TA0011 (Command and Control) for Trickbot using configuration extraction on sample b827a4587bc6162715693c71e432769ec6272c130bb87e14bc683f5bd7caf834\\\", \\\"Sources\\\": [\\\"hyihHO\\\"], \\\"Timestamp\\\": \\\"2021-12-22T04:10:08.558Z\\\", \\\"Name\\\": \\\"recentCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"67.43.156.15\", \"Risk\": \"99\", \"RiskString\": \"8/64\"}", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2339 sightings on 9 sources including: TBN, BlackHatWorld Forum, Carding Mafia Forum, Inforge Forum Hacker Trucchi Giochi Informatica, ProxyFire - The Best Proxy Software and Forum. Most recent link (Jun 29, 2019): https://Black%20Hat%20World%20Forum%20(Obfuscated)/seo/ssl-proxies-occasional-update.927669/page-44#post-12210196", "MitigationString": "", @@ -3354,7 +3354,7 @@ "Timestamp": "2019-06-29T01:18:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @HoneyFog. Most recent tweet: Fog44: 181.112.52.26-\u0026gt;22. I've never seen this IP before. Most recent link (Oct 6, 2017): https://twitter.com/HoneyFog/statuses/916371734928019456", "MitigationString": "", @@ -3366,7 +3366,7 @@ "Timestamp": "2017-10-06T18:37:01.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "10 sightings on 3 sources: Manato Kumagai Hatena Blog, sentinelone.com, PasteBin. 6 related intrusion methods including TrickLoader, Trojan, Emotet, Banking Trojan, Trickbot. Most recent link (Feb 26, 2020): https://labs.sentinelone.com/revealing-the-trick-a-deep-dive-into-trickloader-obfuscation/", "MitigationString": "", @@ -3380,7 +3380,7 @@ "Timestamp": "2020-02-26T15:00:17.035Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "4 sightings on 1 source: AbuseIP Database. Most recent link (Aug 17, 2018): https://www.abuseipdb.com/check/181.112.52.26", "MitigationString": "", @@ -3392,7 +3392,7 @@ "Timestamp": "2018-08-17T00:30:42.194Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "4 sightings on 1 source: AbuseIP Database. Most recent link (Aug 17, 2018): https://www.abuseipdb.com/check/181.112.52.26", "MitigationString": "", @@ -3404,7 +3404,7 @@ "Timestamp": "2018-08-17T00:30:42.194Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 3 sources: BlockList.de: Fail2ban Reporting Service, Abuse.ch: Feodo IP Blocklist, Proxies: SOCKS Open Proxies. Observed between Jun 15, 2019, and Oct 3, 2020.", "MitigationString": "", @@ -3418,7 +3418,7 @@ "Timestamp": "2021-12-28T22:05:41.272Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "3 sightings on 1 source: Polyswarm Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 181.112.52.26:449 as TA0011 (Command and Control) for Trickbot using configuration extraction on sample dcc42c0bd075f283c71ac327c845498454dcd9528386df5b296fdf89ba105bfa", "MitigationString": "", @@ -3430,7 +3430,7 @@ "Timestamp": "2021-07-15T12:42:04.656Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "5 sightings on 1 source: Polyswarm Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 181.112.52.26:449 as TA0011 (Command and Control) for Trickbot using configuration extraction on sample b827a4587bc6162715693c71e432769ec6272c130bb87e14bc683f5bd7caf834", "MitigationString": "", @@ -3459,20 +3459,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Linked to Intrusion Method\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"4 sightings on 1 source: PasteBin. 3 related intrusion methods: Trojan, Banking Trojan, QakBot. Most recent link (Nov 7, 2021): https://pastebin.com/u8neEVnz\\\", \\\"Sources\\\": [\\\"Jv_xrR\\\"], \\\"Timestamp\\\": \\\"2021-11-07T09:05:40.000Z\\\", \\\"Name\\\": \\\"linkedIntrusion\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported in Threat List\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"Previous sightings on 1 source: Abuse.ch: Feodo IP Blocklist. Observed between Nov 29, 2021, and Dec 10, 2021.\\\", \\\"Sources\\\": [\\\"report:OtiCOp\\\"], \\\"Timestamp\\\": \\\"2021-12-29T02:11:39.014Z\\\", \\\"Name\\\": \\\"historicalThreatListMembership\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent Honeypot Sighting\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Project Honey Pot. Most recent link (Dec 19, 2021): https://www.projecthoneypot.org/ip_77.79.56.210\\\", \\\"Sources\\\": [\\\"OSz1F0\\\"], \\\"Timestamp\\\": \\\"2021-12-19T11:30:02.000Z\\\", \\\"Name\\\": \\\"recentHoneypot\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Recent C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"12 sightings on 2 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions. Joe Security malware sandbox identified 77.79.56.210:443 as TA0011 (Command and Control) QakBot using configuration extraction on sample 8f97195fc90ce520e75db6785204da0adbda9be5464bb27cd4dcc5b23b547651\\\", \\\"Sources\\\": [\\\"b5tNVA\\\", \\\"h_iZX8\\\"], \\\"Timestamp\\\": \\\"2021-11-03T16:57:54.000Z\\\", \\\"Name\\\": \\\"intermediateCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Recently Active C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Qakbot. Communication observed on TCP:443. Last observed on Dec 23, 2021.\\\", \\\"Sources\\\": [\\\"report:aEft3k\\\"], \\\"Timestamp\\\": \\\"2021-12-29T02:11:39.012Z\\\", \\\"Name\\\": \\\"intermediateActiveCnc\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Current C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"10 sightings on 2 sources: Recorded Future Command \u0026 Control List, Polyswarm Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 77.79.56.210:443 as TA0011 (Command and Control) for QakBot using configuration extraction on sample 77b34084de82afac57fbe2c6442dbe7d07c53da5ec87eaf2210b852f0d943cd5\\\", \\\"Sources\\\": [\\\"b5tNVA\\\", \\\"hyihHO\\\"], \\\"Timestamp\\\": \\\"2021-12-29T02:00:05.439Z\\\", \\\"Name\\\": \\\"recentCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"67.43.156.12\", \"Risk\": \"99\", \"RiskString\": \"6/64\"}", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "4 sightings on 1 source: PasteBin. 3 related intrusion methods: Trojan, Banking Trojan, QakBot. Most recent link (Nov 7, 2021): https://pastebin.com/u8neEVnz", "MitigationString": "", @@ -3484,7 +3484,7 @@ "Timestamp": "2021-11-07T09:05:40.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 1 source: Abuse.ch: Feodo IP Blocklist. Observed between Nov 29, 2021, and Dec 10, 2021.", "MitigationString": "", @@ -3496,7 +3496,7 @@ "Timestamp": "2021-12-29T02:11:39.014Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Project Honey Pot. Most recent link (Dec 19, 2021): https://www.projecthoneypot.org/ip_77.79.56.210", "MitigationString": "", @@ -3508,7 +3508,7 @@ "Timestamp": "2021-12-19T11:30:02.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "12 sightings on 2 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions. Joe Security malware sandbox identified 77.79.56.210:443 as TA0011 (Command and Control) QakBot using configuration extraction on sample 8f97195fc90ce520e75db6785204da0adbda9be5464bb27cd4dcc5b23b547651", "MitigationString": "", @@ -3521,7 +3521,7 @@ "Timestamp": "2021-11-03T16:57:54.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Qakbot. Communication observed on TCP:443. Last observed on Dec 23, 2021.", "MitigationString": "", @@ -3533,7 +3533,7 @@ "Timestamp": "2021-12-29T02:11:39.012Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "10 sightings on 2 sources: Recorded Future Command \u0026 Control List, Polyswarm Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 77.79.56.210:443 as TA0011 (Command and Control) for QakBot using configuration extraction on sample 77b34084de82afac57fbe2c6442dbe7d07c53da5ec87eaf2210b852f0d943cd5", "MitigationString": "", @@ -3563,20 +3563,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Linked to Intrusion Method\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"34 sightings on 5 sources: Malware News - Malware Analysis, News and Indicators, PasteBin, Segurana Informtica, The Cyber Feed, Kaspersky Securelist and Lab. 3 related intrusion methods: Trojan, Banking Trojan, QakBot. Most recent link (Dec 3, 2021): https://pastebin.com/xJ0kmeYQ\\\", \\\"Sources\\\": [\\\"gBDK5G\\\", \\\"Jv_xrR\\\", \\\"VW7VQs\\\", \\\"g162EU\\\", \\\"4n\\\"], \\\"Timestamp\\\": \\\"2021-12-03T16:51:53.000Z\\\", \\\"Name\\\": \\\"linkedIntrusion\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historical Threat Researcher\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"4 sightings on 1 source: Kaspersky Securelist and Lab. Most recent link (Sep 2, 2021): https://securelist.com/qakbot-technical-analysis/103931/\\\", \\\"Sources\\\": [\\\"4n\\\"], \\\"Timestamp\\\": \\\"2021-09-02T10:00:32.000Z\\\", \\\"Name\\\": \\\"threatResearcher\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported as a Defanged IP\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"6 sightings on 3 sources: Malware News - Malware Analysis, News and Indicators, urlscan.io, Kaspersky Securelist and Lab. Most recent link (Dec 1, 2021): https://urlscan.io/result/c5b4e2d5-acf0-4fc5-b7bd-e8afac3e5f5a/\\\", \\\"Sources\\\": [\\\"gBDK5G\\\", \\\"WNRa7q\\\", \\\"4n\\\"], \\\"Timestamp\\\": \\\"2021-12-01T10:54:33.863Z\\\", \\\"Name\\\": \\\"defanged\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Reported in Threat List\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"Previous sightings on 1 source: Abuse.ch: Feodo IP Blocklist. Observed between Nov 19, 2021, and Nov 21, 2021.\\\", \\\"Sources\\\": [\\\"report:OtiCOp\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:17:33.217Z\\\", \\\"Name\\\": \\\"historicalThreatListMembership\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recent C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"234 sightings on 4 sources: Recorded Future Command \u0026 Control List, Polyswarm Sandbox Analysis - Malware C2 Extractions, PasteBin, Joe Security Sandbox Analysis - Malware C2 Extractions. Joe Security malware sandbox identified 24.139.72.117:443 as TA0011 (Command and Control) QakBot using configuration extraction on sample 8f97195fc90ce520e75db6785204da0adbda9be5464bb27cd4dcc5b23b547651\\\", \\\"Sources\\\": [\\\"b5tNVA\\\", \\\"hyihHO\\\", \\\"Jv_xrR\\\", \\\"h_iZX8\\\"], \\\"Timestamp\\\": \\\"2021-11-03T16:57:54.000Z\\\", \\\"Name\\\": \\\"intermediateCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Recently Active C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Suspicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Qakbot. Communication observed on TCP:443. Last observed on Dec 23, 2021.\\\", \\\"Sources\\\": [\\\"report:aEft3k\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:17:33.215Z\\\", \\\"Name\\\": \\\"intermediateActiveCnc\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 2.0}, {\\\"Rule\\\": \\\"Current C\u0026C Server\\\", \\\"CriticalityLabel\\\": \\\"Very Malicious\\\", \\\"EvidenceString\\\": \\\"87 sightings on 2 sources: Polyswarm Sandbox Analysis - Malware C2 Extractions, Joe Security Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 24.139.72.117:443 as TA0011 (Command and Control) for QakBot using configuration extraction on sample 7ea5720ac7efeb49873f95870d546632d6c8c187ee6e2fc515acfe974483ee0e\\\", \\\"Sources\\\": [\\\"hyihHO\\\", \\\"h_iZX8\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:00:21.416Z\\\", \\\"Name\\\": \\\"recentCncServer\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 4.0}]}\", \"Name\": \"67.43.156.13\", \"Risk\": \"99\", \"RiskString\": \"7/64\"}", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "34 sightings on 5 sources: Malware News - Malware Analysis, News and Indicators, PasteBin, Segurana Informtica, The Cyber Feed, Kaspersky Securelist and Lab. 3 related intrusion methods: Trojan, Banking Trojan, QakBot. Most recent link (Dec 3, 2021): https://pastebin.com/xJ0kmeYQ", "MitigationString": "", @@ -3592,7 +3592,7 @@ "Timestamp": "2021-12-03T16:51:53.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "4 sightings on 1 source: Kaspersky Securelist and Lab. Most recent link (Sep 2, 2021): https://securelist.com/qakbot-technical-analysis/103931/", "MitigationString": "", @@ -3604,7 +3604,7 @@ "Timestamp": "2021-09-02T10:00:32.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "6 sightings on 3 sources: Malware News - Malware Analysis, News and Indicators, urlscan.io, Kaspersky Securelist and Lab. Most recent link (Dec 1, 2021): https://urlscan.io/result/c5b4e2d5-acf0-4fc5-b7bd-e8afac3e5f5a/", "MitigationString": "", @@ -3618,7 +3618,7 @@ "Timestamp": "2021-12-01T10:54:33.863Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 1 source: Abuse.ch: Feodo IP Blocklist. Observed between Nov 19, 2021, and Nov 21, 2021.", "MitigationString": "", @@ -3630,7 +3630,7 @@ "Timestamp": "2021-12-29T07:17:33.217Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "234 sightings on 4 sources: Recorded Future Command \u0026 Control List, Polyswarm Sandbox Analysis - Malware C2 Extractions, PasteBin, Joe Security Sandbox Analysis - Malware C2 Extractions. Joe Security malware sandbox identified 24.139.72.117:443 as TA0011 (Command and Control) QakBot using configuration extraction on sample 8f97195fc90ce520e75db6785204da0adbda9be5464bb27cd4dcc5b23b547651", "MitigationString": "", @@ -3645,7 +3645,7 @@ "Timestamp": "2021-11-03T16:57:54.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Qakbot. Communication observed on TCP:443. Last observed on Dec 23, 2021.", "MitigationString": "", @@ -3657,7 +3657,7 @@ "Timestamp": "2021-12-29T07:17:33.215Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "87 sightings on 2 sources: Polyswarm Sandbox Analysis - Malware C2 Extractions, Joe Security Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 24.139.72.117:443 as TA0011 (Command and Control) for QakBot using configuration extraction on sample 7ea5720ac7efeb49873f95870d546632d6c8c187ee6e2fc515acfe974483ee0e", "MitigationString": "", @@ -3687,20 +3687,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged URL\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"66 sightings on 22 sources including: Ars Technica, fook.news, urdupresss.com, HackDig Posts, apple.news. Most recent link (Jul 20, 2021): https://techsecuritenews.com/solarwinds-pirates-utilisent-nouvelle-faille-zero-day-attaques/\\\", \\\"Sources\\\": [\\\"Ctq\\\", \\\"idn:fook.news\\\", \\\"idn:urdupresss.com\\\", \\\"POs2u-\\\", \\\"idn:apple.news\\\", \\\"idn:cryptoinfoos.com.ng\\\", \\\"g9rk5F\\\", \\\"idn:thewindowsupdate.com\\\", \\\"idn:nationalcybersecuritynews.today\\\", \\\"gBDK5G\\\", \\\"idn:microsoft.com\\\", \\\"idn:techsecuritenews.com\\\", \\\"idn:mblogs.info\\\", \\\"J6UzbO\\\", \\\"idn:viralamo.com\\\", \\\"idn:sellorbuyhomefast.com\\\", \\\"idn:crazyboy.tech\\\", \\\"idn:times24h.com\\\", \\\"idn:buzzfeeg.com\\\", \\\"idn:dsmenders.com\\\", \\\"WroSbs\\\", \\\"idn:vzonetvgh.com\\\"], \\\"Timestamp\\\": \\\"2021-07-20T00:00:00.000Z\\\", \\\"Name\\\": \\\"defangedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recently Reported by Insikt Group\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Insikt Group. 1 report: SolarWinds Fixes Critical Vulnerability in Serv-U Managed File Transfer and Secure FTP Products. Most recent link (Jul 10, 2021): https://app.recordedfuture.com/live/sc/1GnDrn8zigTd\\\", \\\"Sources\\\": [\\\"VKz42X\\\"], \\\"Timestamp\\\": \\\"2021-07-10T00:00:00.000Z\\\", \\\"Name\\\": \\\"recentAnalystNote\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"http://144.34.179.162/a\", \"Risk\": \"87\", \"RiskString\": \"2/24\"}", - "risk_score": 87, + "risk_score": 87.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "66 sightings on 22 sources including: Ars Technica, fook.news, urdupresss.com, HackDig Posts, apple.news. Most recent link (Jul 20, 2021): https://techsecuritenews.com/solarwinds-pirates-utilisent-nouvelle-faille-zero-day-attaques/", "MitigationString": "", @@ -3733,7 +3733,7 @@ "Timestamp": "2021-07-20T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: SolarWinds Fixes Critical Vulnerability in Serv-U Managed File Transfer and Secure FTP Products. Most recent link (Jul 10, 2021): https://app.recordedfuture.com/live/sc/1GnDrn8zigTd", "MitigationString": "", @@ -3767,20 +3767,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged URL\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"41 sightings on 19 sources including: Stock market news Company News MarketScreenercom, GlobeNewswire | Software, Yahoo!, globenewswirecom, otcdynamics.com. Most recent link (Oct 3, 2021): https://telecomkh.info/?p=4004\\\", \\\"Sources\\\": [\\\"XBl0xf\\\", \\\"c2unu0\\\", \\\"DVW\\\", \\\"NPgRlV\\\", \\\"idn:otcdynamics.com\\\", \\\"idn:norteenlinea.com\\\", \\\"N4OmGX\\\", \\\"idn:snewsonline.com\\\", \\\"idn:nationalcybersecuritynews.today\\\", \\\"dCod5e\\\", \\\"hZ14Az\\\", \\\"idn:securityopenlab.it\\\", \\\"idn:clevertechmx.blogspot.com\\\", \\\"cJzvLR\\\", \\\"eNeV39\\\", \\\"dCotni\\\", \\\"dCo6X1\\\", \\\"jB6Hnn\\\", \\\"idn:telecomkh.info\\\"], \\\"Timestamp\\\": \\\"2021-10-03T12:53:49.605Z\\\", \\\"Name\\\": \\\"defangedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Phishing Techniques\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Nov 14, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-11-14T00:00:00.000Z\\\", \\\"Name\\\": \\\"phishingSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Distribution\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Nov 14, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-11-14T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recently Active URL on Weaponized Domain\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: No-IP. Behavior observed: Malware Distribution, Phishing Techniques. Last observed on Dec 20, 2021.\\\", \\\"Sources\\\": [\\\"report:aRJ1CU\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:08:29.105Z\\\", \\\"Name\\\": \\\"recentWeaponizedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"http://adminsys.serveftp.com/nensa/fabio/ex/478632215/zer7855/nuns566623\", \"Risk\": \"85\", \"RiskString\": \"4/24\"}", - "risk_score": 85, + "risk_score": 85.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "41 sightings on 19 sources including: Stock market news Company News MarketScreenercom, GlobeNewswire | Software, Yahoo!, globenewswirecom, otcdynamics.com. Most recent link (Oct 3, 2021): https://telecomkh.info/?p=4004", "MitigationString": "", @@ -3810,7 +3810,7 @@ "Timestamp": "2021-10-03T12:53:49.605Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Nov 14, 2021.", "MitigationString": "", @@ -3822,7 +3822,7 @@ "Timestamp": "2021-11-14T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Nov 14, 2021.", "MitigationString": "", @@ -3834,7 +3834,7 @@ "Timestamp": "2021-11-14T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: No-IP. Behavior observed: Malware Distribution, Phishing Techniques. Last observed on Dec 20, 2021.", "MitigationString": "", @@ -3868,20 +3868,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged URL\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"17 sightings on 14 sources including: Security Affairs, sensorstechforum.com, Heimdal Security Blog, securitynewspaper, BBS Kafan Card Forum. Most recent link (Dec 22, 2021): https://d335luupugsy2.cloudfront.net/cms%2Ffiles%2F183750%2F1640120040Log4j_-_Explorao_por_grupos_APT.pdf\\\", \\\"Sources\\\": [\\\"JNe6Hu\\\", \\\"TQnwKJ\\\", \\\"OfMf0W\\\", \\\"TefIEN\\\", \\\"VyuDZP\\\", \\\"Z7kln5\\\", \\\"bd-Dtt\\\", \\\"kKLjNc\\\", \\\"Y7TWfI\\\", \\\"idn:redpacketsecurity.com\\\", \\\"idn:eccouncil.org\\\", \\\"idn:comparaland.com\\\", \\\"idn:d335luupugsy2.cloudfront.net\\\", \\\"KVRURg\\\"], \\\"Timestamp\\\": \\\"2021-12-22T16:01:42.134Z\\\", \\\"Name\\\": \\\"defangedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recently Reported by Insikt Group\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Insikt Group. 1 report: Khonsari Ransomware and Orcus RAT Exploit Log4Shell (CVE-2021-44228), Samples Uploaded on MalwareBazaar. Most recent link (Dec 17, 2021): https://app.recordedfuture.com/live/sc/4SWiMAS816Gj\\\", \\\"Sources\\\": [\\\"VKz42X\\\"], \\\"Timestamp\\\": \\\"2021-12-17T00:00:00.000Z\\\", \\\"Name\\\": \\\"recentAnalystNote\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"http://3.145.115.94/zambo/groenhuyzen.exe\", \"Risk\": \"79\", \"RiskString\": \"2/24\"}", - "risk_score": 79, + "risk_score": 79.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "17 sightings on 14 sources including: Security Affairs, sensorstechforum.com, Heimdal Security Blog, securitynewspaper, BBS Kafan Card Forum. Most recent link (Dec 22, 2021): https://d335luupugsy2.cloudfront.net/cms%2Ffiles%2F183750%2F1640120040Log4j_-_Explorao_por_grupos_APT.pdf", "MitigationString": "", @@ -3906,7 +3906,7 @@ "Timestamp": "2021-12-22T16:01:42.134Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: Khonsari Ransomware and Orcus RAT Exploit Log4Shell (CVE-2021-44228), Samples Uploaded on MalwareBazaar. Most recent link (Dec 17, 2021): https://app.recordedfuture.com/live/sc/4SWiMAS816Gj", "MitigationString": "", @@ -3941,20 +3941,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged URL\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"53 sightings on 14 sources including: HackDig Posts, Anquanke News, mrhacker.co, Sesin at, Check Point Research. Most recent link (Feb 6, 2021): https://cdn.www.gob.pe/uploads/document/file/1580907/Alerta%20integrada%20de%20seguridad%20digital%20N%C2%B0%xxx-xx-xxxx-PECERT%20.pdf\\\", \\\"Sources\\\": [\\\"POs2u-\\\", \\\"U13S_U\\\", \\\"idn:mrhacker.co\\\", \\\"Z3TZAQ\\\", \\\"N4OmGX\\\", \\\"UqKvRr\\\", \\\"gBDK5G\\\", \\\"JExgHv\\\", \\\"QxXv_c\\\", \\\"J6UzbO\\\", \\\"eTNyK6\\\", \\\"idn:privacy.com.sg\\\", \\\"e6Ewt_\\\", \\\"idn:reportcybercrime.com\\\"], \\\"Timestamp\\\": \\\"2021-02-06T12:52:09.042Z\\\", \\\"Name\\\": \\\"defangedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recently Detected Malware Distribution\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-12-28T00:00:00.000Z\\\", \\\"Name\\\": \\\"recentMalwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"http://gxbrowser.net\", \"Risk\": \"79\", \"RiskString\": \"2/24\"}", - "risk_score": 79, + "risk_score": 79.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "53 sightings on 14 sources including: HackDig Posts, Anquanke News, mrhacker.co, Sesin at, Check Point Research. Most recent link (Feb 6, 2021): https://cdn.www.gob.pe/uploads/document/file/1580907/Alerta%20integrada%20de%20seguridad%20digital%20N%C2%B0%xxx-xx-xxxx-PECERT%20.pdf", "MitigationString": "", @@ -3979,7 +3979,7 @@ "Timestamp": "2021-02-06T12:52:09.042Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.", "MitigationString": "", @@ -4013,20 +4013,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged URL\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"33 sightings on 12 sources including: Palo Alto Networks, tistory.com, HackDig Posts, Anquanke News, airmagnet.technology. Most recent tweet: Continued MR.Dropper's attack. (Targething korean cryptocurrency exchange) #hcapital #ioc MD5 : eb459b47be479b61375d7b3c7c568425 URL : hxxps://881[.]000webhostapp[.]com/1.txt PDB : D:\\\\\\\\Attack\\\\\\\\DropperBuild\\\\\\\\x64\\\\\\\\Release\\\\\\\\Dropper.pdb https://t.co/FpsinliQqx [Beyond The Binary]. Most recent link (Sep 3, 2018): https://twitter.com/wugeej/statuses/1036413512732426240\\\", \\\"Sources\\\": [\\\"JwO7jp\\\", \\\"idn:tistory.com\\\", \\\"POs2u-\\\", \\\"U13S_U\\\", \\\"ThoB0I\\\", \\\"idn:airmagnet.technology\\\", \\\"LErKlN\\\", \\\"WuLz1r\\\", \\\"KdwTwF\\\", \\\"VfsacJ\\\", \\\"jjf3_B\\\", \\\"idn:brica.de\\\"], \\\"Timestamp\\\": \\\"2018-09-03T00:40:11.000Z\\\", \\\"Name\\\": \\\"defangedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Referenced by Insikt Group\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"2 sightings on 1 source: Insikt Group. 2 reports including \\\\\\\"Fractured Block\\u201d Campaign Targets Korean Users. Most recent link (Dec 09, 2018): https://app.recordedfuture.com/live/sc/1RuTxKrDf8Qt\\\", \\\"Sources\\\": [\\\"VKz42X\\\"], \\\"Timestamp\\\": \\\"2018-12-09T00:00:00.000Z\\\", \\\"Name\\\": \\\"relatedNote\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recently Active URL on Weaponized Domain\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: 000Webhost. Behavior observed: Malware Distribution. Last observed on Oct 16, 2021.\\\", \\\"Sources\\\": [\\\"report:aRJ1CU\\\"], \\\"Timestamp\\\": \\\"2021-12-29T07:07:42.477Z\\\", \\\"Name\\\": \\\"recentWeaponizedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"https://881.000webhostapp.com/1.txt\", \"Risk\": \"78\", \"RiskString\": \"3/24\"}", - "risk_score": 78, + "risk_score": 78.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "33 sightings on 12 sources including: Palo Alto Networks, tistory.com, HackDig Posts, Anquanke News, airmagnet.technology. Most recent tweet: Continued MR.Dropper's attack. (Targething korean cryptocurrency exchange) #hcapital #ioc MD5 : eb459b47be479b61375d7b3c7c568425 URL : hxxps://881[.]000webhostapp[.]com/1.txt PDB : D:\\Attack\\DropperBuild\\x64\\Release\\Dropper.pdb https://t.co/FpsinliQqx [Beyond The Binary]. Most recent link (Sep 3, 2018): https://twitter.com/wugeej/statuses/1036413512732426240", "MitigationString": "", @@ -4049,7 +4049,7 @@ "Timestamp": "2018-09-03T00:40:11.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Insikt Group. 2 reports including \"Fractured Block” Campaign Targets Korean Users. Most recent link (Dec 09, 2018): https://app.recordedfuture.com/live/sc/1RuTxKrDf8Qt", "MitigationString": "", @@ -4061,7 +4061,7 @@ "Timestamp": "2018-12-09T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: 000Webhost. Behavior observed: Malware Distribution. Last observed on Oct 16, 2021.", "MitigationString": "", @@ -4096,20 +4096,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged URL\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"38 sightings on 7 sources including: cybersecdn.com, WeLiveSecurity Spain, deepcheck.one, hackeridiot.com, PasteBin. Most recent link (May 27, 2021): https://cybersecdn.com/index.php/2021/05/27/janeleiro-the-time-traveler-a-new-old-banking-trojan-in-brazil/\\\", \\\"Sources\\\": [\\\"idn:cybersecdn.com\\\", \\\"fWD1r9\\\", \\\"idn:deepcheck.one\\\", \\\"idn:hackeridiot.com\\\", \\\"Jv_xrR\\\", \\\"ONMgMx\\\", \\\"idn:nationalcybersecuritynews.today\\\"], \\\"Timestamp\\\": \\\"2021-05-27T22:48:00.256Z\\\", \\\"Name\\\": \\\"defangedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Distribution\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 15, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-06-15T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recently Reported by Insikt Group\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Insikt Group. 1 report: New Janeleiro Banking Trojan Targets Corporate Users in Brazil. Most recent link (Apr 06, 2021): https://app.recordedfuture.com/live/sc/4wolQHrxLiwd\\\", \\\"Sources\\\": [\\\"VKz42X\\\"], \\\"Timestamp\\\": \\\"2021-04-06T00:00:00.000Z\\\", \\\"Name\\\": \\\"recentAnalystNote\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}, {\\\"Rule\\\": \\\"Recently Active URL on Weaponized Domain\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: DuckDNS. Behavior observed: Malware Distribution. Last observed on Oct 15, 2021.\\\", \\\"Sources\\\": [\\\"report:aRJ1CU\\\"], \\\"Timestamp\\\": \\\"2021-12-29T06:34:00.698Z\\\", \\\"Name\\\": \\\"recentWeaponizedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"http://comunicador.duckdns.org/catalista/lixo/index.php\", \"Risk\": \"78\", \"RiskString\": \"4/24\"}", - "risk_score": 78, + "risk_score": 78.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "38 sightings on 7 sources including: cybersecdn.com, WeLiveSecurity Spain, deepcheck.one, hackeridiot.com, PasteBin. Most recent link (May 27, 2021): https://cybersecdn.com/index.php/2021/05/27/janeleiro-the-time-traveler-a-new-old-banking-trojan-in-brazil/", "MitigationString": "", @@ -4127,7 +4127,7 @@ "Timestamp": "2021-05-27T22:48:00.256Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 15, 2021.", "MitigationString": "", @@ -4139,7 +4139,7 @@ "Timestamp": "2021-06-15T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: New Janeleiro Banking Trojan Targets Corporate Users in Brazil. Most recent link (Apr 06, 2021): https://app.recordedfuture.com/live/sc/4wolQHrxLiwd", "MitigationString": "", @@ -4151,7 +4151,7 @@ "Timestamp": "2021-04-06T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: DuckDNS. Behavior observed: Malware Distribution. Last observed on Oct 15, 2021.", "MitigationString": "", @@ -4186,20 +4186,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Recently Active URL on Weaponized Domain\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: Afraid.org. Behavior observed: Malware Distribution, Phishing Techniques. Last observed on Dec 28, 2021.\\\", \\\"Sources\\\": [\\\"report:aRJ1CU\\\"], \\\"Timestamp\\\": \\\"2021-12-28T22:15:49.631Z\\\", \\\"Name\\\": \\\"recentWeaponizedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}, {\\\"Rule\\\": \\\"Recently Detected Phishing Techniques\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"2 sightings on 2 sources: Bitdefender, Urlscan.io. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\", \\\"eKv4Jm\\\"], \\\"Timestamp\\\": \\\"2021-12-28T00:00:00.000Z\\\", \\\"Name\\\": \\\"recentPhishingSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}, {\\\"Rule\\\": \\\"Recently Detected Malware Distribution\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-12-28T00:00:00.000Z\\\", \\\"Name\\\": \\\"recentMalwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"https://www.jeanninecatddns.chickenkiller.com/signin-authflow\", \"Risk\": \"75\", \"RiskString\": \"3/24\"}", - "risk_score": 75, + "risk_score": 75.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: Afraid.org. Behavior observed: Malware Distribution, Phishing Techniques. Last observed on Dec 28, 2021.", "MitigationString": "", @@ -4211,7 +4211,7 @@ "Timestamp": "2021-12-28T22:15:49.631Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "2 sightings on 2 sources: Bitdefender, Urlscan.io. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.", "MitigationString": "", @@ -4224,7 +4224,7 @@ "Timestamp": "2021-12-28T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.", "MitigationString": "", @@ -4258,20 +4258,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged URL\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"24 sightings on 9 sources including: Malware News - Malware Analysis, News and Indicators, microsoft.com, sociabble.com, 4-traders.com, MarketScreener.com | Stock Market News. Most recent link (Aug 13, 2021): https://www.marketscreener.com/quote/stock/MICROSOFT-CORPORATION-4835/news/Microsoft-Attackers-use-Morse-code-other-encryption-methods-in-evasive-phishing-campaign-36161110/?utm_medium=RSS\u0026utm_content=20210813\\\", \\\"Sources\\\": [\\\"gBDK5G\\\", \\\"idn:microsoft.com\\\", \\\"idn:sociabble.com\\\", \\\"KBTQ2e\\\", \\\"dCotni\\\", \\\"g9rk5F\\\", \\\"Z7kln5\\\", \\\"idn:cda.ms\\\", \\\"idn:thewindowsupdate.com\\\"], \\\"Timestamp\\\": \\\"2021-08-13T17:03:19.000Z\\\", \\\"Name\\\": \\\"defangedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Malware Distribution\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Aug 13, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-08-13T00:00:00.000Z\\\", \\\"Name\\\": \\\"malwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recently Reported by Insikt Group\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Insikt Group. 1 report: Microsoft Warns of Attacks Targeting Microsoft Office 365 Users. Most recent link (Aug 12, 2021): https://app.recordedfuture.com/live/sc/4BBhpn1ApBQR\\\", \\\"Sources\\\": [\\\"VKz42X\\\"], \\\"Timestamp\\\": \\\"2021-08-12T00:00:00.000Z\\\", \\\"Name\\\": \\\"recentAnalystNote\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"http://coollab.jp/dir/root/p/09908.js\", \"Risk\": \"75\", \"RiskString\": \"3/24\"}", - "risk_score": 75, + "risk_score": 75.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "24 sightings on 9 sources including: Malware News - Malware Analysis, News and Indicators, microsoft.com, sociabble.com, 4-traders.com, MarketScreener.com | Stock Market News. Most recent link (Aug 13, 2021): https://www.marketscreener.com/quote/stock/MICROSOFT-CORPORATION-4835/news/Microsoft-Attackers-use-Morse-code-other-encryption-methods-in-evasive-phishing-campaign-36161110/?utm_medium=RSS\u0026utm_content=20210813", "MitigationString": "", @@ -4291,7 +4291,7 @@ "Timestamp": "2021-08-13T17:03:19.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Aug 13, 2021.", "MitigationString": "", @@ -4303,7 +4303,7 @@ "Timestamp": "2021-08-13T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: Microsoft Warns of Attacks Targeting Microsoft Office 365 Users. Most recent link (Aug 12, 2021): https://app.recordedfuture.com/live/sc/4BBhpn1ApBQR", "MitigationString": "", @@ -4338,20 +4338,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged URL\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"23 sightings on 9 sources including: The Official Google Blog, eccouncil.org, frsecure.com, SoyaCincau, PasteBin. Most recent tweet: Actor controlled sites and accounts Research Blog https://blog.br0vvnn[.]io. Most recent link (Jan 27, 2021): https://twitter.com/techn0m4nc3r/statuses/1354296736357953539\\\", \\\"Sources\\\": [\\\"Gzt\\\", \\\"idn:eccouncil.org\\\", \\\"idn:frsecure.com\\\", \\\"J-8-Nr\\\", \\\"Jv_xrR\\\", \\\"g9rk5F\\\", \\\"cUg0pv\\\", \\\"K5LKj8\\\", \\\"fVAueu\\\"], \\\"Timestamp\\\": \\\"2021-01-27T05:14:38.000Z\\\", \\\"Name\\\": \\\"defangedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Historically Detected Phishing Techniques\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on May 30, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-05-30T00:00:00.000Z\\\", \\\"Name\\\": \\\"phishingSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recently Reported by Insikt Group\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Insikt Group. 1 report: Google Warns of Ongoing Attacks Targeting Security Researchers. Most recent link (Jan 25, 2021): https://app.recordedfuture.com/live/sc/5QCqZ2ZH4lwc\\\", \\\"Sources\\\": [\\\"VKz42X\\\"], \\\"Timestamp\\\": \\\"2021-01-25T00:00:00.000Z\\\", \\\"Name\\\": \\\"recentAnalystNote\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"https://blog.br0vvnn.io\", \"Risk\": \"75\", \"RiskString\": \"3/24\"}", - "risk_score": 75, + "risk_score": 75.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "23 sightings on 9 sources including: The Official Google Blog, eccouncil.org, frsecure.com, SoyaCincau, PasteBin. Most recent tweet: Actor controlled sites and accounts Research Blog https://blog.br0vvnn[.]io. Most recent link (Jan 27, 2021): https://twitter.com/techn0m4nc3r/statuses/1354296736357953539", "MitigationString": "", @@ -4371,7 +4371,7 @@ "Timestamp": "2021-01-27T05:14:38.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on May 30, 2021.", "MitigationString": "", @@ -4383,7 +4383,7 @@ "Timestamp": "2021-05-30T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: Google Warns of Ongoing Attacks Targeting Security Researchers. Most recent link (Jan 25, 2021): https://app.recordedfuture.com/live/sc/5QCqZ2ZH4lwc", "MitigationString": "", @@ -4417,20 +4417,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "{\"EvidenceDetails\": \"{\\\"EvidenceDetails\\\": [{\\\"Rule\\\": \\\"Historically Reported as a Defanged URL\\\", \\\"CriticalityLabel\\\": \\\"Unusual\\\", \\\"EvidenceString\\\": \\\"24 sightings on 10 sources including: lnkd.in, digitalforensicsmagazineblog PH, mediosdemexico.com, Palo Alto Networks, Security Art Work. Most recent link (Mar 4, 2016): https://lnkd.in/egi-nMa\\\", \\\"Sources\\\": [\\\"idn:lnkd.in\\\", \\\"JNe6Gc\\\", \\\"idn:mediosdemexico.com\\\", \\\"JwO7jp\\\", \\\"LCN_6T\\\", \\\"KA0p6S\\\", \\\"LErKlN\\\", \\\"jjf3_B\\\", \\\"KE9Xit\\\", \\\"J4bouj\\\"], \\\"Timestamp\\\": \\\"2016-03-04T14:33:36.543Z\\\", \\\"Name\\\": \\\"defangedURL\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 1.0}, {\\\"Rule\\\": \\\"Recently Detected Malware Distribution\\\", \\\"CriticalityLabel\\\": \\\"Malicious\\\", \\\"EvidenceString\\\": \\\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 27, 2021.\\\", \\\"Sources\\\": [\\\"d3Awkm\\\"], \\\"Timestamp\\\": \\\"2021-12-27T00:00:00.000Z\\\", \\\"Name\\\": \\\"recentMalwareSiteDetected\\\", \\\"MitigationString\\\": \\\"\\\", \\\"Criticality\\\": 3.0}]}\", \"Name\": \"http://init.icloud-analysis.com\", \"Risk\": \"75\", \"RiskString\": \"2/24\"}", - "risk_score": 75, + "risk_score": 75.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "24 sightings on 10 sources including: lnkd.in, digitalforensicsmagazineblog PH, mediosdemexico.com, Palo Alto Networks, Security Art Work. Most recent link (Mar 4, 2016): https://lnkd.in/egi-nMa", "MitigationString": "", @@ -4451,7 +4451,7 @@ "Timestamp": "2016-03-04T14:33:36.543Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 27, 2021.", "MitigationString": "", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json index b26d6c7092f..284be8c44c3 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json @@ -3,20 +3,20 @@ null, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"1.128.3.4\",\"99\",\"4/64\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Linked to Intrusion Method\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"7 sightings on 1 source: PasteBin. 3 related intrusion methods: Trojan, Banking Trojan, QakBot. Most recent link (Nov 8, 2021): https://pastebin.com/G1Jvm5T0\"\", \"\"Sources\"\": [\"\"Jv_xrR\"\"], \"\"Timestamp\"\": \"\"2021-11-08T16:27:15.000Z\"\", \"\"Name\"\": \"\"linkedIntrusion\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported as a Defanged IP\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: GitHub. Most recent link (Nov 16, 2021): https://github.com/pan-unit42/tweets/blob/master/2021-11-15-IOCs-for-Matanbuchus-Qakbot-CobaltStrike-and-spambot-activity.txt\"\", \"\"Sources\"\": [\"\"MIKjae\"\"], \"\"Timestamp\"\": \"\"2021-11-16T00:00:00.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Current C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"164 sightings on 4 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions, Abuse.ch: Feodo IP Blocklist, Polyswarm Sandbox Analysis - Malware C2 Extractions. Joe Security malware sandbox identified 103.143.8.71:443 as TA0011 (Command and Control) QakBot using configuration extraction on sample 8f97195fc90ce520e75db6785204da0adbda9be5464bb27cd4dcc5b23b547651\"\", \"\"Sources\"\": [\"\"b5tNVA\"\", \"\"h_iZX8\"\", \"\"report:OtiCOp\"\", \"\"hyihHO\"\"], \"\"Timestamp\"\": \"\"2021-12-29T02:11:16.658Z\"\", \"\"Name\"\": \"\"recentCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}, {\"\"Rule\"\": \"\"Actively Communicating C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Qakbot. Communication observed on TCP:443, TCP:6881, TCP:995. Exfiltration behavior observed. Last observed on Dec 27, 2021.\"\", \"\"Sources\"\": [\"\"report:aEft3k\"\"], \"\"Timestamp\"\": \"\"2021-12-29T02:11:16.663Z\"\", \"\"Name\"\": \"\"recentActiveCnc\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "7 sightings on 1 source: PasteBin. 3 related intrusion methods: Trojan, Banking Trojan, QakBot. Most recent link (Nov 8, 2021): https://pastebin.com/G1Jvm5T0", "MitigationString": "", @@ -28,7 +28,7 @@ "Timestamp": "2021-11-08T16:27:15.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: GitHub. Most recent link (Nov 16, 2021): https://github.com/pan-unit42/tweets/blob/master/2021-11-15-IOCs-for-Matanbuchus-Qakbot-CobaltStrike-and-spambot-activity.txt", "MitigationString": "", @@ -40,7 +40,7 @@ "Timestamp": "2021-11-16T00:00:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "164 sightings on 4 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions, Abuse.ch: Feodo IP Blocklist, Polyswarm Sandbox Analysis - Malware C2 Extractions. Joe Security malware sandbox identified 103.143.8.71:443 as TA0011 (Command and Control) QakBot using configuration extraction on sample 8f97195fc90ce520e75db6785204da0adbda9be5464bb27cd4dcc5b23b547651", "MitigationString": "", @@ -55,7 +55,7 @@ "Timestamp": "2021-12-29T02:11:16.658Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Qakbot. Communication observed on TCP:443, TCP:6881, TCP:995. Exfiltration behavior observed. Last observed on Dec 27, 2021.", "MitigationString": "", @@ -84,20 +84,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\",\"68\",\"5/64\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historical Brute Force\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: AbuseIPDB Community Submissions. 2001:470:1:c84::17 was identified as Brute-Force by multiple unique community member submissions. Reported to Recorded Future on Nov 23, 2021.\"\", \"\"Sources\"\": [\"\"kAh9jV\"\"], \"\"Timestamp\"\": \"\"2021-11-24T10:21:58.872Z\"\", \"\"Name\"\": \"\"bruteForce\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent Spam Source\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: AbuseIPDB Spam. 2001:470:1:c84::17 was identified as Web Spam by multiple unique community member submissions. Reported to Recorded Future on Dec 21, 2021.\"\", \"\"Sources\"\": [\"\"kAiRKZ\"\"], \"\"Timestamp\"\": \"\"2021-12-23T10:18:14.025Z\"\", \"\"Name\"\": \"\"recentSpam\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Recent SSH/Dictionary Attacker\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: DataPlane SSH Client Connection List.\"\", \"\"Sources\"\": [\"\"report:U8nmOf\"\"], \"\"Timestamp\"\": \"\"2021-12-29T07:19:53.133Z\"\", \"\"Name\"\": \"\"recentSshDictAttacker\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Recent Multicategory Blocklist\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: BlockList.de: Fail2ban Reporting Service.\"\", \"\"Sources\"\": [\"\"report:OhgwUx\"\"], \"\"Timestamp\"\": \"\"2021-12-29T07:19:53.133Z\"\", \"\"Name\"\": \"\"recentMultiBlacklist\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Recent DDoS\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: AbuseIPDB Community Submissions. 2001:470:1:c84::17 was identified as DDoS Attack by multiple unique community member submissions. Reported to Recorded Future on Dec 21, 2021.\"\", \"\"Sources\"\": [\"\"kAh9jV\"\"], \"\"Timestamp\"\": \"\"2021-12-23T10:18:13.994Z\"\", \"\"Name\"\": \"\"recentDdos\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 68, + "risk_score": 68.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: AbuseIPDB Community Submissions. 2001:470:1:c84::17 was identified as Brute-Force by multiple unique community member submissions. Reported to Recorded Future on Nov 23, 2021.", "MitigationString": "", @@ -109,7 +109,7 @@ "Timestamp": "2021-11-24T10:21:58.872Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: AbuseIPDB Spam. 2001:470:1:c84::17 was identified as Web Spam by multiple unique community member submissions. Reported to Recorded Future on Dec 21, 2021.", "MitigationString": "", @@ -121,7 +121,7 @@ "Timestamp": "2021-12-23T10:18:14.025Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: DataPlane SSH Client Connection List.", "MitigationString": "", @@ -133,7 +133,7 @@ "Timestamp": "2021-12-29T07:19:53.133Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: BlockList.de: Fail2ban Reporting Service.", "MitigationString": "", @@ -145,7 +145,7 @@ "Timestamp": "2021-12-29T07:19:53.133Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: AbuseIPDB Community Submissions. 2001:470:1:c84::17 was identified as DDoS Attack by multiple unique community member submissions. Reported to Recorded Future on Dec 21, 2021.", "MitigationString": "", @@ -174,20 +174,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"175.16.199.1\",\"99\",\"6/64\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Linked to Intrusion Method\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: GitHub. 2 related intrusion methods: Nanocore, Remote Access Trojan. Most recent link (Jan 1, 2021): https://github.com/GlacierSheep/DomainBlockList/blob/master/trail/static_nanocore_(malware).domainset\"\", \"\"Sources\"\": [\"\"MIKjae\"\"], \"\"Timestamp\"\": \"\"2021-01-01T16:56:57.000Z\"\", \"\"Name\"\": \"\"linkedIntrusion\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Multicategory Blocklist\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 2 sources: Bitdefender IP Reputation, hpHosts Latest Additions. Bitdefender detected suspicious traffic involving 185.19.85.136 associated with Bitdefender threat name Trojan.GenericKD.34300483 on Apr 30, 2021\"\", \"\"Sources\"\": [\"\"iFMVSl\"\", \"\"Ol_aRZ\"\"], \"\"Timestamp\"\": \"\"2021-04-30T04:50:06.000Z\"\", \"\"Name\"\": \"\"multiBlacklist\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported in Threat List\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"Previous sightings on 1 source: Recorded Future Fast Flux DNS IP List. Observed between Feb 13, 2021, and Feb 13, 2021.\"\", \"\"Sources\"\": [\"\"report:SW8xpk\"\"], \"\"Timestamp\"\": \"\"2021-12-28T19:20:46.641Z\"\", \"\"Name\"\": \"\"historicalThreatListMembership\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"9 sightings on 2 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions. Command \u0026 Control host identified on Oct 29, 2021.\"\", \"\"Sources\"\": [\"\"b5tNVA\"\", \"\"h_iZX8\"\"], \"\"Timestamp\"\": \"\"2021-10-29T08:07:54.495Z\"\", \"\"Name\"\": \"\"intermediateCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Recently Active C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Asyncrat. Communication observed on TCP:6060. Last observed on Dec 21, 2021.\"\", \"\"Sources\"\": [\"\"report:aEft3k\"\"], \"\"Timestamp\"\": \"\"2021-12-28T19:20:46.639Z\"\", \"\"Name\"\": \"\"intermediateActiveCnc\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Current C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"12 sightings on 2 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions. Command \u0026 Control host identified on Dec 24, 2021.\"\", \"\"Sources\"\": [\"\"b5tNVA\"\", \"\"h_iZX8\"\"], \"\"Timestamp\"\": \"\"2021-12-24T08:07:09.925Z\"\", \"\"Name\"\": \"\"recentCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: GitHub. 2 related intrusion methods: Nanocore, Remote Access Trojan. Most recent link (Jan 1, 2021): https://github.com/GlacierSheep/DomainBlockList/blob/master/trail/static_nanocore_(malware).domainset", "MitigationString": "", @@ -199,7 +199,7 @@ "Timestamp": "2021-01-01T16:56:57.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 2 sources: Bitdefender IP Reputation, hpHosts Latest Additions. Bitdefender detected suspicious traffic involving 185.19.85.136 associated with Bitdefender threat name Trojan.GenericKD.34300483 on Apr 30, 2021", "MitigationString": "", @@ -212,7 +212,7 @@ "Timestamp": "2021-04-30T04:50:06.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 1 source: Recorded Future Fast Flux DNS IP List. Observed between Feb 13, 2021, and Feb 13, 2021.", "MitigationString": "", @@ -224,7 +224,7 @@ "Timestamp": "2021-12-28T19:20:46.641Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "9 sightings on 2 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions. Command \u0026 Control host identified on Oct 29, 2021.", "MitigationString": "", @@ -237,7 +237,7 @@ "Timestamp": "2021-10-29T08:07:54.495Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Asyncrat. Communication observed on TCP:6060. Last observed on Dec 21, 2021.", "MitigationString": "", @@ -249,7 +249,7 @@ "Timestamp": "2021-12-28T19:20:46.639Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "12 sightings on 2 sources: Recorded Future Command \u0026 Control List, Joe Security Sandbox Analysis - Malware C2 Extractions. Command \u0026 Control host identified on Dec 24, 2021.", "MitigationString": "", @@ -279,20 +279,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"216.160.83.57\",\"99\",\"6/64\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Linked to Intrusion Method\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"12 sightings on 2 sources: C2IntelFeeds IPC2s, @drb_ra. 2 related intrusion methods: Cobalt Strike, Offensive Security Tools (OST). Most recent tweet: Cobalt Strike server found C2: HTTPS @ 45[.]112[.]206[.]18:443 C2 Server: 45[.]112[.]206[.]13,/IE9CompatViewList[.]xml Country: Hong Kong ASN: HK kwaifong group limited #C2 #cobaltstrike. Most recent link (Nov 26, 2021): https://twitter.com/drb_ra/statuses/1464248045118590978\"\", \"\"Sources\"\": [\"\"k_7zaW\"\", \"\"jqWX2B\"\"], \"\"Timestamp\"\": \"\"2021-11-26T15:01:53.000Z\"\", \"\"Name\"\": \"\"linkedIntrusion\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Linked to Cyber Attack\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: C2IntelFeeds IPC2s. Most recent link (Aug 15, 2021): https://github.com/drb-ra/C2IntelFeeds/blob/master/feeds/IPC2s-30day.csv?q=45.112.206.18_20210815\"\", \"\"Sources\"\": [\"\"k_7zaW\"\"], \"\"Timestamp\"\": \"\"2021-08-15T00:00:00.000Z\"\", \"\"Name\"\": \"\"linkedToCyberAttack\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported as a Defanged IP\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"10 sightings on 1 source: @drb_ra. Most recent tweet: Cobalt Strike server found C2: HTTPS @ 45[.]112[.]206[.]18:443 C2 Server: 45[.]112[.]206[.]13,/IE9CompatViewList[.]xml Country: Hong Kong ASN: HK kwaifong group limited #C2 #cobaltstrike. Most recent link (Nov 26, 2021): https://twitter.com/drb_ra/statuses/1464248045118590978\"\", \"\"Sources\"\": [\"\"jqWX2B\"\"], \"\"Timestamp\"\": \"\"2021-11-26T15:01:53.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported in Threat List\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"Previous sightings on 2 sources: Cobalt Strike Default Certificate Detected - Shodan / Recorded Future, Recorded Future Analyst Community Trending Indicators. Observed between Jul 8, 2021, and Dec 9, 2021.\"\", \"\"Sources\"\": [\"\"report:aD1qtM\"\", \"\"report:Tluf00\"\"], \"\"Timestamp\"\": \"\"2021-12-28T18:45:41.877Z\"\", \"\"Name\"\": \"\"historicalThreatListMembership\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Current C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: Recorded Future Command \u0026 Control List. Command \u0026 Control host identified on Jul 5, 2021.\"\", \"\"Sources\"\": [\"\"b5tNVA\"\"], \"\"Timestamp\"\": \"\"2021-07-05T08:04:23.139Z\"\", \"\"Name\"\": \"\"recentCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}, {\"\"Rule\"\": \"\"Actively Communicating C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Cobalt Strike Team Servers. Communication observed on TCP:443, TCP:8443. Last observed on Dec 26, 2021.\"\", \"\"Sources\"\": [\"\"report:aEft3k\"\"], \"\"Timestamp\"\": \"\"2021-12-28T18:45:41.875Z\"\", \"\"Name\"\": \"\"recentActiveCnc\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "12 sightings on 2 sources: C2IntelFeeds IPC2s, @drb_ra. 2 related intrusion methods: Cobalt Strike, Offensive Security Tools (OST). Most recent tweet: Cobalt Strike server found C2: HTTPS @ 45[.]112[.]206[.]18:443 C2 Server: 45[.]112[.]206[.]13,/IE9CompatViewList[.]xml Country: Hong Kong ASN: HK kwaifong group limited #C2 #cobaltstrike. Most recent link (Nov 26, 2021): https://twitter.com/drb_ra/statuses/1464248045118590978", "MitigationString": "", @@ -305,7 +305,7 @@ "Timestamp": "2021-11-26T15:01:53.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: C2IntelFeeds IPC2s. Most recent link (Aug 15, 2021): https://github.com/drb-ra/C2IntelFeeds/blob/master/feeds/IPC2s-30day.csv?q=45.112.206.18_20210815", "MitigationString": "", @@ -317,7 +317,7 @@ "Timestamp": "2021-08-15T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "10 sightings on 1 source: @drb_ra. Most recent tweet: Cobalt Strike server found C2: HTTPS @ 45[.]112[.]206[.]18:443 C2 Server: 45[.]112[.]206[.]13,/IE9CompatViewList[.]xml Country: Hong Kong ASN: HK kwaifong group limited #C2 #cobaltstrike. Most recent link (Nov 26, 2021): https://twitter.com/drb_ra/statuses/1464248045118590978", "MitigationString": "", @@ -329,7 +329,7 @@ "Timestamp": "2021-11-26T15:01:53.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 2 sources: Cobalt Strike Default Certificate Detected - Shodan / Recorded Future, Recorded Future Analyst Community Trending Indicators. Observed between Jul 8, 2021, and Dec 9, 2021.", "MitigationString": "", @@ -342,7 +342,7 @@ "Timestamp": "2021-12-28T18:45:41.877Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "2 sightings on 1 source: Recorded Future Command \u0026 Control List. Command \u0026 Control host identified on Jul 5, 2021.", "MitigationString": "", @@ -354,7 +354,7 @@ "Timestamp": "2021-07-05T08:04:23.139Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Cobalt Strike Team Servers. Communication observed on TCP:443, TCP:8443. Last observed on Dec 26, 2021.", "MitigationString": "", @@ -383,20 +383,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"216.160.83.61\",\"99\",\"10/64\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Linked to Intrusion Method\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"239 sightings on 5 sources: paloaltonetworks.jp, Palo Alto Networks, Unit 42 Palo Alto Networks, PasteBin, Cryptolaemus Pastedump. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Mar 14, 2021): https://unit42.paloaltonetworks.jp/attack-chain-overview-emotet-in-december-2020-and-january-2021/\"\", \"\"Sources\"\": [\"\"idn:paloaltonetworks.jp\"\", \"\"JwO7jp\"\", \"\"jjf3_B\"\", \"\"Jv_xrR\"\", \"\"Z7kln2\"\"], \"\"Timestamp\"\": \"\"2021-03-14T00:00:00.000Z\"\", \"\"Name\"\": \"\"linkedIntrusion\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Threat Researcher\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: Unit 42 Palo Alto Networks. Most recent link (Apr 9, 2021): https://unit42.paloaltonetworks.com/emotet-command-and-control/\"\", \"\"Sources\"\": [\"\"jjf3_B\"\"], \"\"Timestamp\"\": \"\"2021-04-09T12:00:00.000Z\"\", \"\"Name\"\": \"\"threatResearcher\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Multicategory Blocklist\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"5 sightings on 1 source: AbuseIP Database. Most recent link (Aug 25, 2020): https://www.abuseipdb.com/check/190.55.186.229\"\", \"\"Sources\"\": [\"\"UneVVu\"\"], \"\"Timestamp\"\": \"\"2020-08-25T20:01:29.075Z\"\", \"\"Name\"\": \"\"multiBlacklist\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported as a Defanged IP\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"6 sightings on 3 sources: paloaltonetworks.jp, Palo Alto Networks, Unit 42 Palo Alto Networks. Most recent link (Apr 9, 2021): https://unit42.paloaltonetworks.com/emotet-command-and-control/\"\", \"\"Sources\"\": [\"\"idn:paloaltonetworks.jp\"\", \"\"JwO7jp\"\", \"\"jjf3_B\"\"], \"\"Timestamp\"\": \"\"2021-04-09T12:00:00.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Positive Malware Verdict\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"87 sightings on 1 source: Cryptolaemus Pastedump. Most recent link (Jan 25, 2021): https://paste.cryptolaemus.com/emotet/2021/01/25/emotet-malware-IoCs_01-25-21.html\"\", \"\"Sources\"\": [\"\"Z7kln2\"\"], \"\"Timestamp\"\": \"\"2021-01-25T23:59:00.000Z\"\", \"\"Name\"\": \"\"positiveMalwareVerdict\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Spam Source\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: External Sensor Spam. 190.55.186.229 was historically observed as spam. No longer observed as of Nov 16, 2021.\"\", \"\"Sources\"\": [\"\"kBCI-b\"\"], \"\"Timestamp\"\": \"\"2021-11-16T01:06:21.965Z\"\", \"\"Name\"\": \"\"spam\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported in Threat List\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"Previous sightings on 2 sources: University of Science and Technology of China Black IP List, Abuse.ch: Feodo IP Blocklist. Observed between Feb 26, 2021, and Dec 27, 2021.\"\", \"\"Sources\"\": [\"\"report:Q1ghC0\"\", \"\"report:OtiCOp\"\"], \"\"Timestamp\"\": \"\"2021-12-28T19:33:55.849Z\"\", \"\"Name\"\": \"\"historicalThreatListMembership\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"31 sightings on 3 sources: Palo Alto Networks, Polyswarm Sandbox Analysis - Malware C2 Extractions, Unit 42 Palo Alto Networks. Polyswarm malware sandbox identified 190.55.186.229:80 as TA0011 (Command and Control) for Emotet using configuration extraction on sample a88734cd5c38211a4168bc7701516a50e6aef5ef20d2b1a915edae23c1b345db\"\", \"\"Sources\"\": [\"\"JwO7jp\"\", \"\"hyihHO\"\", \"\"jjf3_B\"\"], \"\"Timestamp\"\": \"\"2021-10-19T12:21:34.268Z\"\", \"\"Name\"\": \"\"intermediateCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Recent Multicategory Blocklist\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Talos IP Blacklist.\"\", \"\"Sources\"\": [\"\"report:VW6jeN\"\"], \"\"Timestamp\"\": \"\"2021-12-28T19:33:55.846Z\"\", \"\"Name\"\": \"\"recentMultiBlacklist\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Current C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"5 sightings on 2 sources: Polyswarm Sandbox Analysis - Malware C2 Extractions, Joe Security Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 190.55.186.229:80 as TA0011 (Command and Control) for Emotet using configuration extraction on sample c9709d56b92047cd55fb097feb6cb7a8de6f3edc5ea79a429363938a69aae580\"\", \"\"Sources\"\": [\"\"hyihHO\"\", \"\"h_iZX8\"\"], \"\"Timestamp\"\": \"\"2021-12-27T19:00:49.975Z\"\", \"\"Name\"\": \"\"recentCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "239 sightings on 5 sources: paloaltonetworks.jp, Palo Alto Networks, Unit 42 Palo Alto Networks, PasteBin, Cryptolaemus Pastedump. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Mar 14, 2021): https://unit42.paloaltonetworks.jp/attack-chain-overview-emotet-in-december-2020-and-january-2021/", "MitigationString": "", @@ -412,7 +412,7 @@ "Timestamp": "2021-03-14T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Unit 42 Palo Alto Networks. Most recent link (Apr 9, 2021): https://unit42.paloaltonetworks.com/emotet-command-and-control/", "MitigationString": "", @@ -424,7 +424,7 @@ "Timestamp": "2021-04-09T12:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "5 sightings on 1 source: AbuseIP Database. Most recent link (Aug 25, 2020): https://www.abuseipdb.com/check/190.55.186.229", "MitigationString": "", @@ -436,7 +436,7 @@ "Timestamp": "2020-08-25T20:01:29.075Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "6 sightings on 3 sources: paloaltonetworks.jp, Palo Alto Networks, Unit 42 Palo Alto Networks. Most recent link (Apr 9, 2021): https://unit42.paloaltonetworks.com/emotet-command-and-control/", "MitigationString": "", @@ -450,7 +450,7 @@ "Timestamp": "2021-04-09T12:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "87 sightings on 1 source: Cryptolaemus Pastedump. Most recent link (Jan 25, 2021): https://paste.cryptolaemus.com/emotet/2021/01/25/emotet-malware-IoCs_01-25-21.html", "MitigationString": "", @@ -462,7 +462,7 @@ "Timestamp": "2021-01-25T23:59:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: External Sensor Spam. 190.55.186.229 was historically observed as spam. No longer observed as of Nov 16, 2021.", "MitigationString": "", @@ -474,7 +474,7 @@ "Timestamp": "2021-11-16T01:06:21.965Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 2 sources: University of Science and Technology of China Black IP List, Abuse.ch: Feodo IP Blocklist. Observed between Feb 26, 2021, and Dec 27, 2021.", "MitigationString": "", @@ -487,7 +487,7 @@ "Timestamp": "2021-12-28T19:33:55.849Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "31 sightings on 3 sources: Palo Alto Networks, Polyswarm Sandbox Analysis - Malware C2 Extractions, Unit 42 Palo Alto Networks. Polyswarm malware sandbox identified 190.55.186.229:80 as TA0011 (Command and Control) for Emotet using configuration extraction on sample a88734cd5c38211a4168bc7701516a50e6aef5ef20d2b1a915edae23c1b345db", "MitigationString": "", @@ -501,7 +501,7 @@ "Timestamp": "2021-10-19T12:21:34.268Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: Talos IP Blacklist.", "MitigationString": "", @@ -513,7 +513,7 @@ "Timestamp": "2021-12-28T19:33:55.846Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "5 sightings on 2 sources: Polyswarm Sandbox Analysis - Malware C2 Extractions, Joe Security Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 190.55.186.229:80 as TA0011 (Command and Control) for Emotet using configuration extraction on sample c9709d56b92047cd55fb097feb6cb7a8de6f3edc5ea79a429363938a69aae580", "MitigationString": "", @@ -543,20 +543,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"81.2.69.143\",\"99\",\"3/64\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Linked to Intrusion Method\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: PasteBin. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Dec 2, 2021): https://pastebin.com/SusxCK2b\"\", \"\"Sources\"\": [\"\"Jv_xrR\"\"], \"\"Timestamp\"\": \"\"2021-12-02T15:58:10.000Z\"\", \"\"Name\"\": \"\"linkedIntrusion\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Current C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"2 sightings on 2 sources: Recorded Future Command \u0026 Control List, Abuse.ch: Feodo IP Blocklist. Command \u0026 Control host identified on Dec 1, 2021.\"\", \"\"Sources\"\": [\"\"b5tNVA\"\", \"\"report:OtiCOp\"\"], \"\"Timestamp\"\": \"\"2021-12-01T08:06:11.827Z\"\", \"\"Name\"\": \"\"recentCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}, {\"\"Rule\"\": \"\"Actively Communicating C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Emotet. Communication observed on TCP:443. Exfiltration behavior observed. Last observed on Dec 26, 2021.\"\", \"\"Sources\"\": [\"\"report:aEft3k\"\"], \"\"Timestamp\"\": \"\"2021-12-28T22:05:35.688Z\"\", \"\"Name\"\": \"\"recentActiveCnc\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: PasteBin. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Dec 2, 2021): https://pastebin.com/SusxCK2b", "MitigationString": "", @@ -568,7 +568,7 @@ "Timestamp": "2021-12-02T15:58:10.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "2 sightings on 2 sources: Recorded Future Command \u0026 Control List, Abuse.ch: Feodo IP Blocklist. Command \u0026 Control host identified on Dec 1, 2021.", "MitigationString": "", @@ -581,7 +581,7 @@ "Timestamp": "2021-12-01T08:06:11.827Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Emotet. Communication observed on TCP:443. Exfiltration behavior observed. Last observed on Dec 26, 2021.", "MitigationString": "", @@ -610,20 +610,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"81.2.69.144\",\"99\",\"7/64\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historical Honeypot Sighting\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 2 sources: Project Honey Pot, @HoneyFog. Most recent tweet: Fog44: 87.120.254.96-\u0026gt;22. Most recent link (Dec 14, 2016): https://twitter.com/HoneyFog/statuses/809032869792378880\"\", \"\"Sources\"\": [\"\"P_izv4\"\", \"\"OSz1F0\"\"], \"\"Timestamp\"\": \"\"2016-12-14T13:50:41.000Z\"\", \"\"Name\"\": \"\"honeypot\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported as a Defanged IP\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: GitHub. Most recent link (Nov 8, 2021): https://github.com/pan-unit42/tweets/blob/master/2021-11-05-TA551-IOCs.txt\"\", \"\"Sources\"\": [\"\"MIKjae\"\"], \"\"Timestamp\"\": \"\"2021-11-08T00:00:00.000Z\"\", \"\"Name\"\": \"\"defanged\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Spam Source\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: External Sensor Spam. 87.120.254.96 was historically observed as spam. No longer observed as of Nov 16, 2021.\"\", \"\"Sources\"\": [\"\"kBCI-b\"\"], \"\"Timestamp\"\": \"\"2021-11-16T03:19:58.721Z\"\", \"\"Name\"\": \"\"spam\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recently Linked to Intrusion Method\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: CloudSEK. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Dec 22, 2021): https://cloudsek.com/emotet-2-0-everything-you-need-to-know-about-the-new-variant-of-thbanking-trojan/\"\", \"\"Sources\"\": [\"\"k837l0\"\"], \"\"Timestamp\"\": \"\"2021-12-22T09:45:33.000Z\"\", \"\"Name\"\": \"\"recentLinkedIntrusion\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Recent Multicategory Blocklist\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: University of Science and Technology of China Black IP List.\"\", \"\"Sources\"\": [\"\"report:Q1ghC0\"\"], \"\"Timestamp\"\": \"\"2021-12-29T06:21:27.693Z\"\", \"\"Name\"\": \"\"recentMultiBlacklist\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Current C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"2 sightings on 2 sources: Recorded Future Command \u0026 Control List, Abuse.ch: Feodo IP Blocklist. Command \u0026 Control host identified on Nov 25, 2021.\"\", \"\"Sources\"\": [\"\"b5tNVA\"\", \"\"report:OtiCOp\"\"], \"\"Timestamp\"\": \"\"2021-11-25T08:06:42.384Z\"\", \"\"Name\"\": \"\"recentCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}, {\"\"Rule\"\": \"\"Actively Communicating C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Bazarloader. Communication observed on TCP:443. Exfiltration behavior observed. Last observed on Dec 25, 2021.\"\", \"\"Sources\"\": [\"\"report:aEft3k\"\"], \"\"Timestamp\"\": \"\"2021-12-29T06:21:27.731Z\"\", \"\"Name\"\": \"\"recentActiveCnc\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 2 sources: Project Honey Pot, @HoneyFog. Most recent tweet: Fog44: 87.120.254.96-\u0026gt;22. Most recent link (Dec 14, 2016): https://twitter.com/HoneyFog/statuses/809032869792378880", "MitigationString": "", @@ -636,7 +636,7 @@ "Timestamp": "2016-12-14T13:50:41.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: GitHub. Most recent link (Nov 8, 2021): https://github.com/pan-unit42/tweets/blob/master/2021-11-05-TA551-IOCs.txt", "MitigationString": "", @@ -648,7 +648,7 @@ "Timestamp": "2021-11-08T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: External Sensor Spam. 87.120.254.96 was historically observed as spam. No longer observed as of Nov 16, 2021.", "MitigationString": "", @@ -660,7 +660,7 @@ "Timestamp": "2021-11-16T03:19:58.721Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: CloudSEK. 4 related intrusion methods: Trojan, Emotet, Banking Trojan, Botnet. Most recent link (Dec 22, 2021): https://cloudsek.com/emotet-2-0-everything-you-need-to-know-about-the-new-variant-of-thbanking-trojan/", "MitigationString": "", @@ -672,7 +672,7 @@ "Timestamp": "2021-12-22T09:45:33.000Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: University of Science and Technology of China Black IP List.", "MitigationString": "", @@ -684,7 +684,7 @@ "Timestamp": "2021-12-29T06:21:27.693Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "2 sightings on 2 sources: Recorded Future Command \u0026 Control List, Abuse.ch: Feodo IP Blocklist. Command \u0026 Control host identified on Nov 25, 2021.", "MitigationString": "", @@ -697,7 +697,7 @@ "Timestamp": "2021-11-25T08:06:42.384Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Bazarloader. Communication observed on TCP:443. Exfiltration behavior observed. Last observed on Dec 25, 2021.", "MitigationString": "", @@ -726,20 +726,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"81.2.69.145\",\"99\",\"4/64\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported in Threat List\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"Previous sightings on 3 sources: Cobalt Strike Default Certificate Detected - Shodan / Recorded Future, CINS: CI Army List, Recorded Future Analyst Community Trending Indicators. Observed between Jan 22, 2021, and Sep 25, 2021.\"\", \"\"Sources\"\": [\"\"report:aD1qtM\"\", \"\"report:OchJ-t\"\", \"\"report:Tluf00\"\"], \"\"Timestamp\"\": \"\"2021-12-28T18:42:08.925Z\"\", \"\"Name\"\": \"\"historicalThreatListMembership\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent Multicategory Blocklist\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: DShield: Recommended Block List.\"\", \"\"Sources\"\": [\"\"report:OchJ-o\"\"], \"\"Timestamp\"\": \"\"2021-12-28T18:42:08.917Z\"\", \"\"Name\"\": \"\"recentMultiBlacklist\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Current C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"19 sightings on 2 sources: Recorded Future Command \u0026 Control List, @TheDFIRReport. Most recent tweet: Here's some newer C2 servers we're tracking: #BazarLoader 64.227.73.80 64.225.71.198 #Covenant 167.71.67.196 45.146.165.76 #PoshC2 193.36.15.192 #Empire 64.227.21.255 #Metasploit 91.221.70.143 Full list available @ https://t.co/QT6o626hsR #ThreatFeed. Most recent link (Sep 1, 2021): https://twitter.com/TheDFIRReport/statuses/1433055791964049412\"\", \"\"Sources\"\": [\"\"b5tNVA\"\", \"\"dZgcRz\"\"], \"\"Timestamp\"\": \"\"2021-09-01T13:15:00.000Z\"\", \"\"Name\"\": \"\"recentCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}, {\"\"Rule\"\": \"\"Actively Communicating C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Covenant. Communication observed on TCP:7443. Exfiltration behavior observed. Last observed on Dec 27, 2021.\"\", \"\"Sources\"\": [\"\"report:aEft3k\"\"], \"\"Timestamp\"\": \"\"2021-12-28T18:42:08.923Z\"\", \"\"Name\"\": \"\"recentActiveCnc\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 3 sources: Cobalt Strike Default Certificate Detected - Shodan / Recorded Future, CINS: CI Army List, Recorded Future Analyst Community Trending Indicators. Observed between Jan 22, 2021, and Sep 25, 2021.", "MitigationString": "", @@ -753,7 +753,7 @@ "Timestamp": "2021-12-28T18:42:08.925Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "1 sighting on 1 source: DShield: Recommended Block List.", "MitigationString": "", @@ -765,7 +765,7 @@ "Timestamp": "2021-12-28T18:42:08.917Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "19 sightings on 2 sources: Recorded Future Command \u0026 Control List, @TheDFIRReport. Most recent tweet: Here's some newer C2 servers we're tracking: #BazarLoader 64.227.73.80 64.225.71.198 #Covenant 167.71.67.196 45.146.165.76 #PoshC2 193.36.15.192 #Empire 64.227.21.255 #Metasploit 91.221.70.143 Full list available @ https://t.co/QT6o626hsR #ThreatFeed. Most recent link (Sep 1, 2021): https://twitter.com/TheDFIRReport/statuses/1433055791964049412", "MitigationString": "", @@ -778,7 +778,7 @@ "Timestamp": "2021-09-01T13:15:00.000Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Network Traffic Analysis. Identified as C\u0026C server for 1 malware family: Covenant. Communication observed on TCP:7443. Exfiltration behavior observed. Last observed on Dec 27, 2021.", "MitigationString": "", @@ -807,20 +807,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"81.2.69.193\",\"99\",\"8/64\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historical Open Proxies\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2339 sightings on 9 sources including: TBN, BlackHatWorld Forum, Carding Mafia Forum, Inforge Forum Hacker Trucchi Giochi Informatica, ProxyFire - The Best Proxy Software and Forum. Most recent link (Jun 29, 2019): https://Black%20Hat%20World%20Forum%20(Obfuscated)/seo/ssl-proxies-occasional-update.927669/page-44#post-12210196\"\", \"\"Sources\"\": [\"\"RqhhJr\"\", \"\"KjGS3i\"\", \"\"VU4Qnc\"\", \"\"P7sZbk\"\", \"\"OQ_oQH\"\", \"\"Qk8WdX\"\", \"\"Qk8Wdg\"\", \"\"QqgtXJ\"\", \"\"KhvyCV\"\"], \"\"Timestamp\"\": \"\"2019-06-29T01:18:00.000Z\"\", \"\"Name\"\": \"\"openProxies\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Honeypot Sighting\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: @HoneyFog. Most recent tweet: Fog44: 181.112.52.26-\u0026gt;22. I've never seen this IP before. Most recent link (Oct 6, 2017): https://twitter.com/HoneyFog/statuses/916371734928019456\"\", \"\"Sources\"\": [\"\"P_izv4\"\"], \"\"Timestamp\"\": \"\"2017-10-06T18:37:01.000Z\"\", \"\"Name\"\": \"\"honeypot\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Linked to Intrusion Method\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"10 sightings on 3 sources: Manato Kumagai Hatena Blog, sentinelone.com, PasteBin. 6 related intrusion methods including TrickLoader, Trojan, Emotet, Banking Trojan, Trickbot. Most recent link (Feb 26, 2020): https://labs.sentinelone.com/revealing-the-trick-a-deep-dive-into-trickloader-obfuscation/\"\", \"\"Sources\"\": [\"\"TiY1wa\"\", \"\"idn:sentinelone.com\"\", \"\"Jv_xrR\"\"], \"\"Timestamp\"\": \"\"2020-02-26T15:00:17.035Z\"\", \"\"Name\"\": \"\"linkedIntrusion\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical Multicategory Blocklist\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"4 sightings on 1 source: AbuseIP Database. Most recent link (Aug 17, 2018): https://www.abuseipdb.com/check/181.112.52.26\"\", \"\"Sources\"\": [\"\"UneVVu\"\"], \"\"Timestamp\"\": \"\"2018-08-17T00:30:42.194Z\"\", \"\"Name\"\": \"\"multiBlacklist\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historical SSH/Dictionary Attacker\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"4 sightings on 1 source: AbuseIP Database. Most recent link (Aug 17, 2018): https://www.abuseipdb.com/check/181.112.52.26\"\", \"\"Sources\"\": [\"\"UneVVu\"\"], \"\"Timestamp\"\": \"\"2018-08-17T00:30:42.194Z\"\", \"\"Name\"\": \"\"sshDictAttacker\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Reported in Threat List\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"Previous sightings on 3 sources: BlockList.de: Fail2ban Reporting Service, Abuse.ch: Feodo IP Blocklist, Proxies: SOCKS Open Proxies. Observed between Jun 15, 2019, and Oct 3, 2020.\"\", \"\"Sources\"\": [\"\"report:OhgwUx\"\", \"\"report:OtiCOp\"\", \"\"report:SYQe08\"\"], \"\"Timestamp\"\": \"\"2021-12-28T22:05:41.272Z\"\", \"\"Name\"\": \"\"historicalThreatListMembership\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recent C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Suspicious\"\", \"\"EvidenceString\"\": \"\"3 sightings on 1 source: Polyswarm Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 181.112.52.26:449 as TA0011 (Command and Control) for Trickbot using configuration extraction on sample dcc42c0bd075f283c71ac327c845498454dcd9528386df5b296fdf89ba105bfa\"\", \"\"Sources\"\": [\"\"hyihHO\"\"], \"\"Timestamp\"\": \"\"2021-07-15T12:42:04.656Z\"\", \"\"Name\"\": \"\"intermediateCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 2.0}, {\"\"Rule\"\": \"\"Current C\u0026C Server\"\", \"\"CriticalityLabel\"\": \"\"Very Malicious\"\", \"\"EvidenceString\"\": \"\"5 sightings on 1 source: Polyswarm Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 181.112.52.26:449 as TA0011 (Command and Control) for Trickbot using configuration extraction on sample b827a4587bc6162715693c71e432769ec6272c130bb87e14bc683f5bd7caf834\"\", \"\"Sources\"\": [\"\"hyihHO\"\"], \"\"Timestamp\"\": \"\"2021-12-22T04:10:08.558Z\"\", \"\"Name\"\": \"\"recentCncServer\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 4.0}]}\"", - "risk_score": 99, + "risk_score": 99.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2339 sightings on 9 sources including: TBN, BlackHatWorld Forum, Carding Mafia Forum, Inforge Forum Hacker Trucchi Giochi Informatica, ProxyFire - The Best Proxy Software and Forum. Most recent link (Jun 29, 2019): https://Black%20Hat%20World%20Forum%20(Obfuscated)/seo/ssl-proxies-occasional-update.927669/page-44#post-12210196", "MitigationString": "", @@ -840,7 +840,7 @@ "Timestamp": "2019-06-29T01:18:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: @HoneyFog. Most recent tweet: Fog44: 181.112.52.26-\u0026gt;22. I've never seen this IP before. Most recent link (Oct 6, 2017): https://twitter.com/HoneyFog/statuses/916371734928019456", "MitigationString": "", @@ -852,7 +852,7 @@ "Timestamp": "2017-10-06T18:37:01.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "10 sightings on 3 sources: Manato Kumagai Hatena Blog, sentinelone.com, PasteBin. 6 related intrusion methods including TrickLoader, Trojan, Emotet, Banking Trojan, Trickbot. Most recent link (Feb 26, 2020): https://labs.sentinelone.com/revealing-the-trick-a-deep-dive-into-trickloader-obfuscation/", "MitigationString": "", @@ -866,7 +866,7 @@ "Timestamp": "2020-02-26T15:00:17.035Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "4 sightings on 1 source: AbuseIP Database. Most recent link (Aug 17, 2018): https://www.abuseipdb.com/check/181.112.52.26", "MitigationString": "", @@ -878,7 +878,7 @@ "Timestamp": "2018-08-17T00:30:42.194Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "4 sightings on 1 source: AbuseIP Database. Most recent link (Aug 17, 2018): https://www.abuseipdb.com/check/181.112.52.26", "MitigationString": "", @@ -890,7 +890,7 @@ "Timestamp": "2018-08-17T00:30:42.194Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "Previous sightings on 3 sources: BlockList.de: Fail2ban Reporting Service, Abuse.ch: Feodo IP Blocklist, Proxies: SOCKS Open Proxies. Observed between Jun 15, 2019, and Oct 3, 2020.", "MitigationString": "", @@ -904,7 +904,7 @@ "Timestamp": "2021-12-28T22:05:41.272Z" }, { - "Criticality": 2, + "Criticality": 2.0, "CriticalityLabel": "Suspicious", "EvidenceString": "3 sightings on 1 source: Polyswarm Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 181.112.52.26:449 as TA0011 (Command and Control) for Trickbot using configuration extraction on sample dcc42c0bd075f283c71ac327c845498454dcd9528386df5b296fdf89ba105bfa", "MitigationString": "", @@ -916,7 +916,7 @@ "Timestamp": "2021-07-15T12:42:04.656Z" }, { - "Criticality": 4, + "Criticality": 4.0, "CriticalityLabel": "Very Malicious", "EvidenceString": "5 sightings on 1 source: Polyswarm Sandbox Analysis - Malware C2 Extractions. Polyswarm malware sandbox identified 181.112.52.26:449 as TA0011 (Command and Control) for Trickbot using configuration extraction on sample b827a4587bc6162715693c71e432769ec6272c130bb87e14bc683f5bd7caf834", "MitigationString": "", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json index 5b18525b85e..cb1f1c014bb 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json @@ -3,20 +3,20 @@ null, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"http://144.34.179.162/a\",\"87\",\"2/24\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged URL\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"66 sightings on 22 sources including: Ars Technica, fook.news, urdupresss.com, HackDig Posts, apple.news. Most recent link (Jul 20, 2021): https://techsecuritenews.com/solarwinds-pirates-utilisent-nouvelle-faille-zero-day-attaques/\"\", \"\"Sources\"\": [\"\"Ctq\"\", \"\"idn:fook.news\"\", \"\"idn:urdupresss.com\"\", \"\"POs2u-\"\", \"\"idn:apple.news\"\", \"\"idn:cryptoinfoos.com.ng\"\", \"\"g9rk5F\"\", \"\"idn:thewindowsupdate.com\"\", \"\"idn:nationalcybersecuritynews.today\"\", \"\"gBDK5G\"\", \"\"idn:microsoft.com\"\", \"\"idn:techsecuritenews.com\"\", \"\"idn:mblogs.info\"\", \"\"J6UzbO\"\", \"\"idn:viralamo.com\"\", \"\"idn:sellorbuyhomefast.com\"\", \"\"idn:crazyboy.tech\"\", \"\"idn:times24h.com\"\", \"\"idn:buzzfeeg.com\"\", \"\"idn:dsmenders.com\"\", \"\"WroSbs\"\", \"\"idn:vzonetvgh.com\"\"], \"\"Timestamp\"\": \"\"2021-07-20T00:00:00.000Z\"\", \"\"Name\"\": \"\"defangedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recently Reported by Insikt Group\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Insikt Group. 1 report: SolarWinds Fixes Critical Vulnerability in Serv-U Managed File Transfer and Secure FTP Products. Most recent link (Jul 10, 2021): https://app.recordedfuture.com/live/sc/1GnDrn8zigTd\"\", \"\"Sources\"\": [\"\"VKz42X\"\"], \"\"Timestamp\"\": \"\"2021-07-10T00:00:00.000Z\"\", \"\"Name\"\": \"\"recentAnalystNote\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 87, + "risk_score": 87.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "66 sightings on 22 sources including: Ars Technica, fook.news, urdupresss.com, HackDig Posts, apple.news. Most recent link (Jul 20, 2021): https://techsecuritenews.com/solarwinds-pirates-utilisent-nouvelle-faille-zero-day-attaques/", "MitigationString": "", @@ -49,7 +49,7 @@ "Timestamp": "2021-07-20T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: SolarWinds Fixes Critical Vulnerability in Serv-U Managed File Transfer and Secure FTP Products. Most recent link (Jul 10, 2021): https://app.recordedfuture.com/live/sc/1GnDrn8zigTd", "MitigationString": "", @@ -83,20 +83,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"http://adminsys.serveftp.com/nensa/fabio/ex/478632215/zer7855/nuns566623\",\"85\",\"4/24\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged URL\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"41 sightings on 19 sources including: Stock market news Company News MarketScreenercom, GlobeNewswire | Software, Yahoo!, globenewswirecom, otcdynamics.com. Most recent link (Oct 3, 2021): https://telecomkh.info/?p=4004\"\", \"\"Sources\"\": [\"\"XBl0xf\"\", \"\"c2unu0\"\", \"\"DVW\"\", \"\"NPgRlV\"\", \"\"idn:otcdynamics.com\"\", \"\"idn:norteenlinea.com\"\", \"\"N4OmGX\"\", \"\"idn:snewsonline.com\"\", \"\"idn:nationalcybersecuritynews.today\"\", \"\"dCod5e\"\", \"\"hZ14Az\"\", \"\"idn:securityopenlab.it\"\", \"\"idn:clevertechmx.blogspot.com\"\", \"\"cJzvLR\"\", \"\"eNeV39\"\", \"\"dCotni\"\", \"\"dCo6X1\"\", \"\"jB6Hnn\"\", \"\"idn:telecomkh.info\"\"], \"\"Timestamp\"\": \"\"2021-10-03T12:53:49.605Z\"\", \"\"Name\"\": \"\"defangedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Phishing Techniques\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Nov 14, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-11-14T00:00:00.000Z\"\", \"\"Name\"\": \"\"phishingSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Distribution\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Nov 14, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-11-14T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recently Active URL on Weaponized Domain\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: No-IP. Behavior observed: Malware Distribution, Phishing Techniques. Last observed on Dec 20, 2021.\"\", \"\"Sources\"\": [\"\"report:aRJ1CU\"\"], \"\"Timestamp\"\": \"\"2021-12-29T07:08:29.105Z\"\", \"\"Name\"\": \"\"recentWeaponizedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 85, + "risk_score": 85.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "41 sightings on 19 sources including: Stock market news Company News MarketScreenercom, GlobeNewswire | Software, Yahoo!, globenewswirecom, otcdynamics.com. Most recent link (Oct 3, 2021): https://telecomkh.info/?p=4004", "MitigationString": "", @@ -126,7 +126,7 @@ "Timestamp": "2021-10-03T12:53:49.605Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Nov 14, 2021.", "MitigationString": "", @@ -138,7 +138,7 @@ "Timestamp": "2021-11-14T00:00:00.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Nov 14, 2021.", "MitigationString": "", @@ -150,7 +150,7 @@ "Timestamp": "2021-11-14T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: No-IP. Behavior observed: Malware Distribution, Phishing Techniques. Last observed on Dec 20, 2021.", "MitigationString": "", @@ -184,20 +184,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"http://3.145.115.94/zambo/groenhuyzen.exe\",\"79\",\"2/24\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged URL\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"17 sightings on 14 sources including: Security Affairs, sensorstechforum.com, Heimdal Security Blog, securitynewspaper, BBS Kafan Card Forum. Most recent link (Dec 22, 2021): https://d335luupugsy2.cloudfront.net/cms%2Ffiles%2F183750%2F1640120040Log4j_-_Explorao_por_grupos_APT.pdf\"\", \"\"Sources\"\": [\"\"JNe6Hu\"\", \"\"TQnwKJ\"\", \"\"OfMf0W\"\", \"\"TefIEN\"\", \"\"VyuDZP\"\", \"\"Z7kln5\"\", \"\"bd-Dtt\"\", \"\"kKLjNc\"\", \"\"Y7TWfI\"\", \"\"idn:redpacketsecurity.com\"\", \"\"idn:eccouncil.org\"\", \"\"idn:comparaland.com\"\", \"\"idn:d335luupugsy2.cloudfront.net\"\", \"\"KVRURg\"\"], \"\"Timestamp\"\": \"\"2021-12-22T16:01:42.134Z\"\", \"\"Name\"\": \"\"defangedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recently Reported by Insikt Group\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Insikt Group. 1 report: Khonsari Ransomware and Orcus RAT Exploit Log4Shell (CVE-2021-44228), Samples Uploaded on MalwareBazaar. Most recent link (Dec 17, 2021): https://app.recordedfuture.com/live/sc/4SWiMAS816Gj\"\", \"\"Sources\"\": [\"\"VKz42X\"\"], \"\"Timestamp\"\": \"\"2021-12-17T00:00:00.000Z\"\", \"\"Name\"\": \"\"recentAnalystNote\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 79, + "risk_score": 79.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "17 sightings on 14 sources including: Security Affairs, sensorstechforum.com, Heimdal Security Blog, securitynewspaper, BBS Kafan Card Forum. Most recent link (Dec 22, 2021): https://d335luupugsy2.cloudfront.net/cms%2Ffiles%2F183750%2F1640120040Log4j_-_Explorao_por_grupos_APT.pdf", "MitigationString": "", @@ -222,7 +222,7 @@ "Timestamp": "2021-12-22T16:01:42.134Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: Khonsari Ransomware and Orcus RAT Exploit Log4Shell (CVE-2021-44228), Samples Uploaded on MalwareBazaar. Most recent link (Dec 17, 2021): https://app.recordedfuture.com/live/sc/4SWiMAS816Gj", "MitigationString": "", @@ -257,20 +257,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"http://gxbrowser.net\",\"79\",\"2/24\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged URL\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"53 sightings on 14 sources including: HackDig Posts, Anquanke News, mrhacker.co, Sesin at, Check Point Research. Most recent link (Feb 6, 2021): https://cdn.www.gob.pe/uploads/document/file/1580907/Alerta%20integrada%20de%20seguridad%20digital%20N%C2%B0%xxx-xx-xxxx-PECERT%20.pdf\"\", \"\"Sources\"\": [\"\"POs2u-\"\", \"\"U13S_U\"\", \"\"idn:mrhacker.co\"\", \"\"Z3TZAQ\"\", \"\"N4OmGX\"\", \"\"UqKvRr\"\", \"\"gBDK5G\"\", \"\"JExgHv\"\", \"\"QxXv_c\"\", \"\"J6UzbO\"\", \"\"eTNyK6\"\", \"\"idn:privacy.com.sg\"\", \"\"e6Ewt_\"\", \"\"idn:reportcybercrime.com\"\"], \"\"Timestamp\"\": \"\"2021-02-06T12:52:09.042Z\"\", \"\"Name\"\": \"\"defangedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recently Detected Malware Distribution\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-12-28T00:00:00.000Z\"\", \"\"Name\"\": \"\"recentMalwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 79, + "risk_score": 79.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "53 sightings on 14 sources including: HackDig Posts, Anquanke News, mrhacker.co, Sesin at, Check Point Research. Most recent link (Feb 6, 2021): https://cdn.www.gob.pe/uploads/document/file/1580907/Alerta%20integrada%20de%20seguridad%20digital%20N%C2%B0%xxx-xx-xxxx-PECERT%20.pdf", "MitigationString": "", @@ -295,7 +295,7 @@ "Timestamp": "2021-02-06T12:52:09.042Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.", "MitigationString": "", @@ -329,20 +329,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"https://881.000webhostapp.com/1.txt\",\"78\",\"3/24\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged URL\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"33 sightings on 12 sources including: Palo Alto Networks, tistory.com, HackDig Posts, Anquanke News, airmagnet.technology. Most recent tweet: Continued MR.Dropper's attack. (Targething korean cryptocurrency exchange) #hcapital #ioc MD5 : eb459b47be479b61375d7b3c7c568425 URL : hxxps://881[.]000webhostapp[.]com/1.txt PDB : D:\\\\Attack\\\\DropperBuild\\\\x64\\\\Release\\\\Dropper.pdb https://t.co/FpsinliQqx [Beyond The Binary]. Most recent link (Sep 3, 2018): https://twitter.com/wugeej/statuses/1036413512732426240\"\", \"\"Sources\"\": [\"\"JwO7jp\"\", \"\"idn:tistory.com\"\", \"\"POs2u-\"\", \"\"U13S_U\"\", \"\"ThoB0I\"\", \"\"idn:airmagnet.technology\"\", \"\"LErKlN\"\", \"\"WuLz1r\"\", \"\"KdwTwF\"\", \"\"VfsacJ\"\", \"\"jjf3_B\"\", \"\"idn:brica.de\"\"], \"\"Timestamp\"\": \"\"2018-09-03T00:40:11.000Z\"\", \"\"Name\"\": \"\"defangedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Referenced by Insikt Group\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"2 sightings on 1 source: Insikt Group. 2 reports including \\\"\"Fractured Block” Campaign Targets Korean Users. Most recent link (Dec 09, 2018): https://app.recordedfuture.com/live/sc/1RuTxKrDf8Qt\"\", \"\"Sources\"\": [\"\"VKz42X\"\"], \"\"Timestamp\"\": \"\"2018-12-09T00:00:00.000Z\"\", \"\"Name\"\": \"\"relatedNote\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recently Active URL on Weaponized Domain\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: 000Webhost. Behavior observed: Malware Distribution. Last observed on Oct 16, 2021.\"\", \"\"Sources\"\": [\"\"report:aRJ1CU\"\"], \"\"Timestamp\"\": \"\"2021-12-29T07:07:42.477Z\"\", \"\"Name\"\": \"\"recentWeaponizedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 78, + "risk_score": 78.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "33 sightings on 12 sources including: Palo Alto Networks, tistory.com, HackDig Posts, Anquanke News, airmagnet.technology. Most recent tweet: Continued MR.Dropper's attack. (Targething korean cryptocurrency exchange) #hcapital #ioc MD5 : eb459b47be479b61375d7b3c7c568425 URL : hxxps://881[.]000webhostapp[.]com/1.txt PDB : D:\\Attack\\DropperBuild\\x64\\Release\\Dropper.pdb https://t.co/FpsinliQqx [Beyond The Binary]. Most recent link (Sep 3, 2018): https://twitter.com/wugeej/statuses/1036413512732426240", "MitigationString": "", @@ -365,7 +365,7 @@ "Timestamp": "2018-09-03T00:40:11.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "2 sightings on 1 source: Insikt Group. 2 reports including \"Fractured Block” Campaign Targets Korean Users. Most recent link (Dec 09, 2018): https://app.recordedfuture.com/live/sc/1RuTxKrDf8Qt", "MitigationString": "", @@ -377,7 +377,7 @@ "Timestamp": "2018-12-09T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: 000Webhost. Behavior observed: Malware Distribution. Last observed on Oct 16, 2021.", "MitigationString": "", @@ -412,20 +412,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"http://comunicador.duckdns.org/catalista/lixo/index.php\",\"78\",\"4/24\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged URL\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"38 sightings on 7 sources including: cybersecdn.com, WeLiveSecurity Spain, deepcheck.one, hackeridiot.com, PasteBin. Most recent link (May 27, 2021): https://cybersecdn.com/index.php/2021/05/27/janeleiro-the-time-traveler-a-new-old-banking-trojan-in-brazil/\"\", \"\"Sources\"\": [\"\"idn:cybersecdn.com\"\", \"\"fWD1r9\"\", \"\"idn:deepcheck.one\"\", \"\"idn:hackeridiot.com\"\", \"\"Jv_xrR\"\", \"\"ONMgMx\"\", \"\"idn:nationalcybersecuritynews.today\"\"], \"\"Timestamp\"\": \"\"2021-05-27T22:48:00.256Z\"\", \"\"Name\"\": \"\"defangedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Distribution\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 15, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-06-15T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recently Reported by Insikt Group\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Insikt Group. 1 report: New Janeleiro Banking Trojan Targets Corporate Users in Brazil. Most recent link (Apr 06, 2021): https://app.recordedfuture.com/live/sc/4wolQHrxLiwd\"\", \"\"Sources\"\": [\"\"VKz42X\"\"], \"\"Timestamp\"\": \"\"2021-04-06T00:00:00.000Z\"\", \"\"Name\"\": \"\"recentAnalystNote\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}, {\"\"Rule\"\": \"\"Recently Active URL on Weaponized Domain\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: DuckDNS. Behavior observed: Malware Distribution. Last observed on Oct 15, 2021.\"\", \"\"Sources\"\": [\"\"report:aRJ1CU\"\"], \"\"Timestamp\"\": \"\"2021-12-29T06:34:00.698Z\"\", \"\"Name\"\": \"\"recentWeaponizedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 78, + "risk_score": 78.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "38 sightings on 7 sources including: cybersecdn.com, WeLiveSecurity Spain, deepcheck.one, hackeridiot.com, PasteBin. Most recent link (May 27, 2021): https://cybersecdn.com/index.php/2021/05/27/janeleiro-the-time-traveler-a-new-old-banking-trojan-in-brazil/", "MitigationString": "", @@ -443,7 +443,7 @@ "Timestamp": "2021-05-27T22:48:00.256Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Jun 15, 2021.", "MitigationString": "", @@ -455,7 +455,7 @@ "Timestamp": "2021-06-15T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: New Janeleiro Banking Trojan Targets Corporate Users in Brazil. Most recent link (Apr 06, 2021): https://app.recordedfuture.com/live/sc/4wolQHrxLiwd", "MitigationString": "", @@ -467,7 +467,7 @@ "Timestamp": "2021-04-06T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: DuckDNS. Behavior observed: Malware Distribution. Last observed on Oct 15, 2021.", "MitigationString": "", @@ -502,20 +502,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"https://www.jeanninecatddns.chickenkiller.com/signin-authflow\",\"75\",\"3/24\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Recently Active URL on Weaponized Domain\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: Afraid.org. Behavior observed: Malware Distribution, Phishing Techniques. Last observed on Dec 28, 2021.\"\", \"\"Sources\"\": [\"\"report:aRJ1CU\"\"], \"\"Timestamp\"\": \"\"2021-12-28T22:15:49.631Z\"\", \"\"Name\"\": \"\"recentWeaponizedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}, {\"\"Rule\"\": \"\"Recently Detected Phishing Techniques\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"2 sightings on 2 sources: Bitdefender, Urlscan.io. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\", \"\"eKv4Jm\"\"], \"\"Timestamp\"\": \"\"2021-12-28T00:00:00.000Z\"\", \"\"Name\"\": \"\"recentPhishingSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}, {\"\"Rule\"\": \"\"Recently Detected Malware Distribution\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-12-28T00:00:00.000Z\"\", \"\"Name\"\": \"\"recentMalwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 75, + "risk_score": 75.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Recorded Future Domain Analysis URLs. Service provider: Afraid.org. Behavior observed: Malware Distribution, Phishing Techniques. Last observed on Dec 28, 2021.", "MitigationString": "", @@ -527,7 +527,7 @@ "Timestamp": "2021-12-28T22:15:49.631Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "2 sightings on 2 sources: Bitdefender, Urlscan.io. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.", "MitigationString": "", @@ -540,7 +540,7 @@ "Timestamp": "2021-12-28T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Dec 28, 2021.", "MitigationString": "", @@ -574,20 +574,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"http://coollab.jp/dir/root/p/09908.js\",\"75\",\"3/24\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged URL\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"24 sightings on 9 sources including: Malware News - Malware Analysis, News and Indicators, microsoft.com, sociabble.com, 4-traders.com, MarketScreener.com | Stock Market News. Most recent link (Aug 13, 2021): https://www.marketscreener.com/quote/stock/MICROSOFT-CORPORATION-4835/news/Microsoft-Attackers-use-Morse-code-other-encryption-methods-in-evasive-phishing-campaign-36161110/?utm_medium=RSS\u0026utm_content=20210813\"\", \"\"Sources\"\": [\"\"gBDK5G\"\", \"\"idn:microsoft.com\"\", \"\"idn:sociabble.com\"\", \"\"KBTQ2e\"\", \"\"dCotni\"\", \"\"g9rk5F\"\", \"\"Z7kln5\"\", \"\"idn:cda.ms\"\", \"\"idn:thewindowsupdate.com\"\"], \"\"Timestamp\"\": \"\"2021-08-13T17:03:19.000Z\"\", \"\"Name\"\": \"\"defangedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Malware Distribution\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Aug 13, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-08-13T00:00:00.000Z\"\", \"\"Name\"\": \"\"malwareSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recently Reported by Insikt Group\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Insikt Group. 1 report: Microsoft Warns of Attacks Targeting Microsoft Office 365 Users. Most recent link (Aug 12, 2021): https://app.recordedfuture.com/live/sc/4BBhpn1ApBQR\"\", \"\"Sources\"\": [\"\"VKz42X\"\"], \"\"Timestamp\"\": \"\"2021-08-12T00:00:00.000Z\"\", \"\"Name\"\": \"\"recentAnalystNote\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 75, + "risk_score": 75.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "24 sightings on 9 sources including: Malware News - Malware Analysis, News and Indicators, microsoft.com, sociabble.com, 4-traders.com, MarketScreener.com | Stock Market News. Most recent link (Aug 13, 2021): https://www.marketscreener.com/quote/stock/MICROSOFT-CORPORATION-4835/news/Microsoft-Attackers-use-Morse-code-other-encryption-methods-in-evasive-phishing-campaign-36161110/?utm_medium=RSS\u0026utm_content=20210813", "MitigationString": "", @@ -607,7 +607,7 @@ "Timestamp": "2021-08-13T17:03:19.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on Aug 13, 2021.", "MitigationString": "", @@ -619,7 +619,7 @@ "Timestamp": "2021-08-13T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: Microsoft Warns of Attacks Targeting Microsoft Office 365 Users. Most recent link (Aug 12, 2021): https://app.recordedfuture.com/live/sc/4BBhpn1ApBQR", "MitigationString": "", @@ -654,20 +654,20 @@ }, { "ecs": { - "version": "8.0" + "version": "8.3.0" }, "event": { "category": "threat", "dataset": "ti_recordedfuture.threat", "kind": "enrichment", "original": "\"https://blog.br0vvnn.io\",\"75\",\"3/24\",\"{\"\"EvidenceDetails\"\": [{\"\"Rule\"\": \"\"Historically Reported as a Defanged URL\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"23 sightings on 9 sources including: The Official Google Blog, eccouncil.org, frsecure.com, SoyaCincau, PasteBin. Most recent tweet: Actor controlled sites and accounts Research Blog https://blog.br0vvnn[.]io. Most recent link (Jan 27, 2021): https://twitter.com/techn0m4nc3r/statuses/1354296736357953539\"\", \"\"Sources\"\": [\"\"Gzt\"\", \"\"idn:eccouncil.org\"\", \"\"idn:frsecure.com\"\", \"\"J-8-Nr\"\", \"\"Jv_xrR\"\", \"\"g9rk5F\"\", \"\"cUg0pv\"\", \"\"K5LKj8\"\", \"\"fVAueu\"\"], \"\"Timestamp\"\": \"\"2021-01-27T05:14:38.000Z\"\", \"\"Name\"\": \"\"defangedURL\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Historically Detected Phishing Techniques\"\", \"\"CriticalityLabel\"\": \"\"Unusual\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on May 30, 2021.\"\", \"\"Sources\"\": [\"\"d3Awkm\"\"], \"\"Timestamp\"\": \"\"2021-05-30T00:00:00.000Z\"\", \"\"Name\"\": \"\"phishingSiteDetected\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 1.0}, {\"\"Rule\"\": \"\"Recently Reported by Insikt Group\"\", \"\"CriticalityLabel\"\": \"\"Malicious\"\", \"\"EvidenceString\"\": \"\"1 sighting on 1 source: Insikt Group. 1 report: Google Warns of Ongoing Attacks Targeting Security Researchers. Most recent link (Jan 25, 2021): https://app.recordedfuture.com/live/sc/5QCqZ2ZH4lwc\"\", \"\"Sources\"\": [\"\"VKz42X\"\"], \"\"Timestamp\"\": \"\"2021-01-25T00:00:00.000Z\"\", \"\"Name\"\": \"\"recentAnalystNote\"\", \"\"MitigationString\"\": \"\"\"\", \"\"Criticality\"\": 3.0}]}\"", - "risk_score": 75, + "risk_score": 75.0, "type": "indicator" }, "recordedfuture": { "evidence_details": [ { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "23 sightings on 9 sources including: The Official Google Blog, eccouncil.org, frsecure.com, SoyaCincau, PasteBin. Most recent tweet: Actor controlled sites and accounts Research Blog https://blog.br0vvnn[.]io. Most recent link (Jan 27, 2021): https://twitter.com/techn0m4nc3r/statuses/1354296736357953539", "MitigationString": "", @@ -687,7 +687,7 @@ "Timestamp": "2021-01-27T05:14:38.000Z" }, { - "Criticality": 1, + "Criticality": 1.0, "CriticalityLabel": "Unusual", "EvidenceString": "1 sighting on 1 source: Bitdefender. Detected malicious behavior from an endpoint agent via global telemetry. Last observed on May 30, 2021.", "MitigationString": "", @@ -699,7 +699,7 @@ "Timestamp": "2021-05-30T00:00:00.000Z" }, { - "Criticality": 3, + "Criticality": 3.0, "CriticalityLabel": "Malicious", "EvidenceString": "1 sighting on 1 source: Insikt Group. 1 report: Google Warns of Ongoing Attacks Targeting Security Researchers. Most recent link (Jan 25, 2021): https://app.recordedfuture.com/live/sc/5QCqZ2ZH4lwc", "MitigationString": "", diff --git a/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 2c2ec010474..8c2ee38e0d0 100644 --- a/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: # - set: field: ecs.version - value: "8.0" + value: "8.3.0" - set: field: event.dataset value: "ti_recordedfuture.threat" diff --git a/packages/ti_recordedfuture/data_stream/threat/sample_event.json b/packages/ti_recordedfuture/data_stream/threat/sample_event.json index b26841f9b8b..180cf3f68ac 100644 --- a/packages/ti_recordedfuture/data_stream/threat/sample_event.json +++ b/packages/ti_recordedfuture/data_stream/threat/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-04-11T09:21:48.260Z", + "@timestamp": "2022-06-28T00:51:15.439Z", "agent": { - "ephemeral_id": "b69c55be-abc6-4a16-900f-986a2cc693a0", - "id": "967e40bc-86fa-4632-b571-afd40cfbcb8a", + "ephemeral_id": "ab36e75a-d84f-4a16-9896-44e791dc923d", + "id": "33b93e16-9d01-4487-9b09-99db9e860912", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0" + "version": "8.2.2" }, "data_stream": { "dataset": "ti_recordedfuture.threat", @@ -13,18 +13,18 @@ "type": "logs" }, "ecs": { - "version": "8.0" + "version": "8.3.0" }, "elastic_agent": { - "id": "967e40bc-86fa-4632-b571-afd40cfbcb8a", + "id": "33b93e16-9d01-4487-9b09-99db9e860912", "snapshot": false, - "version": "8.0.0" + "version": "8.2.2" }, "event": { "agent_id_status": "verified", "category": "threat", "dataset": "ti_recordedfuture.threat", - "ingested": "2022-04-11T09:21:49Z", + "ingested": "2022-06-28T00:51:16Z", "kind": "enrichment", "risk_score": 87, "timezone": "+00:00", diff --git a/packages/ti_recordedfuture/docs/README.md b/packages/ti_recordedfuture/docs/README.md index 9bb11ff6fdf..783ebfd3ac2 100644 --- a/packages/ti_recordedfuture/docs/README.md +++ b/packages/ti_recordedfuture/docs/README.md @@ -14,13 +14,13 @@ An example event for `threat` looks as following: ```json { - "@timestamp": "2022-04-11T09:21:48.260Z", + "@timestamp": "2022-06-28T00:51:15.439Z", "agent": { - "ephemeral_id": "b69c55be-abc6-4a16-900f-986a2cc693a0", - "id": "967e40bc-86fa-4632-b571-afd40cfbcb8a", + "ephemeral_id": "ab36e75a-d84f-4a16-9896-44e791dc923d", + "id": "33b93e16-9d01-4487-9b09-99db9e860912", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0" + "version": "8.2.2" }, "data_stream": { "dataset": "ti_recordedfuture.threat", @@ -28,18 +28,18 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.0" + "version": "8.3.0" }, "elastic_agent": { - "id": "967e40bc-86fa-4632-b571-afd40cfbcb8a", + "id": "33b93e16-9d01-4487-9b09-99db9e860912", "snapshot": false, - "version": "8.0.0" + "version": "8.2.2" }, "event": { "agent_id_status": "verified", "category": "threat", "dataset": "ti_recordedfuture.threat", - "ingested": "2022-04-11T09:21:49Z", + "ingested": "2022-06-28T00:51:16Z", "kind": "enrichment", "risk_score": 87, "timezone": "+00:00", diff --git a/packages/ti_recordedfuture/manifest.yml b/packages/ti_recordedfuture/manifest.yml index 8be12cdaf1c..f29b37383f7 100644 --- a/packages/ti_recordedfuture/manifest.yml +++ b/packages/ti_recordedfuture/manifest.yml @@ -1,6 +1,6 @@ name: ti_recordedfuture title: Recorded Future -version: 1.0.1 +version: "1.1.0" release: ga description: Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent. type: integration diff --git a/packages/ti_threatq/_dev/build/build.yml b/packages/ti_threatq/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/ti_threatq/_dev/build/build.yml +++ b/packages/ti_threatq/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/ti_threatq/changelog.yml b/packages/ti_threatq/changelog.yml index 3c1f51c5a12..9f9972b5458 100644 --- a/packages/ti_threatq/changelog.yml +++ b/packages/ti_threatq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.2" changes: - description: update readme to include link to threatQ documentation diff --git a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json index 70f32e2a402..26ee9ece76e 100644 --- a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json +++ b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -52,7 +52,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -101,7 +101,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -150,7 +150,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -193,7 +193,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -242,7 +242,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -299,7 +299,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -348,7 +348,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -397,7 +397,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", @@ -446,7 +446,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "threat", diff --git a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 7b3718fcaac..8c33056a755 100644 --- a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_threatq/data_stream/threat/sample_event.json b/packages/ti_threatq/data_stream/threat/sample_event.json index b55645b939e..c37045d31a4 100644 --- a/packages/ti_threatq/data_stream/threat/sample_event.json +++ b/packages/ti_threatq/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "394964aa-5974-455c-bea7-5c0b89b470bd", diff --git a/packages/ti_threatq/docs/README.md b/packages/ti_threatq/docs/README.md index 9b1b660c602..3944ba6a5ea 100644 --- a/packages/ti_threatq/docs/README.md +++ b/packages/ti_threatq/docs/README.md @@ -118,7 +118,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "394964aa-5974-455c-bea7-5c0b89b470bd", diff --git a/packages/ti_threatq/manifest.yml b/packages/ti_threatq/manifest.yml index f54be7abeb9..8290b3a16e6 100644 --- a/packages/ti_threatq/manifest.yml +++ b/packages/ti_threatq/manifest.yml @@ -1,6 +1,6 @@ name: ti_threatq title: ThreatQuotient -version: 1.3.2 +version: "1.4.0" release: ga description: Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent. type: integration diff --git a/packages/tomcat/_dev/build/build.yml b/packages/tomcat/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/tomcat/_dev/build/build.yml +++ b/packages/tomcat/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/tomcat/changelog.yml b/packages/tomcat/changelog.yml index 67128a82eaf..db91ad1fc5c 100644 --- a/packages/tomcat/changelog.yml +++ b/packages/tomcat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.4.1" changes: - description: update readme to include link to Tomcat documentation diff --git a/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 2c749271703..21fa94a4c54 100644 --- a/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-1516-asdf: 10.251.224.219||eacommod||rci||[29/Jan/2016:6:09:59 OMST]||exercita||https://example.com/illumqui/ventore.html?min=ite#utl||vol||amremap||oremi||ntsunti||5293||https://mail.example.net/turadipi/aeca.htm?ntium=psaq#cer||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aliqu", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-259-CFYZ: 10.196.153.12||sequa||abo||[12/Feb/2016:1:12:33 PST]||umqui||https://www5.example.net/mdolo/mqui.htm?sumdo=litesse#orev||pisciv||uii||umexe||estlabo||5222||https://mail.example.com/uat/eporr.jpg?byCicer=luptat#agn||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||nulapari", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 26 20:15:08 ctetur5806.api.home %APACHETOMCAT- COOK: 10.156.194.38||gnaali||enatus||[26/Feb/2016:8:15:08 PT]||incid||https://internal.example.com/tetur/idolor.html?ntex=eius#luptat||emape||aer||lupt||tia||7019||https://www.example.com/quis/orisn.txt?anti=ofdeF#metcons||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||nul", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-1060-INDEX: 10.196.118.192||tinculp||tur||[12/Mar/2016:3:17:42 CT]||equat||https://www5.example.org/nci/ofdeFin.gif?amco=exe#iatu||ionofde||con||uia||quiavo||1156||https://mail.example.com/consec/taliquip.html?radip=tNequ#gelit||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||tconsec", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-4141-BADMTHD: 10.246.209.145||oluptas||llu||[26/Mar/2016:10:20:16 GMT+02:00]||ommod||https://internal.example.com/aqui/radipis.jpg?llumd=enatuse#magn||equuntu||eos||enimad||rmagni||1998||https://internal.example.net/onev/tenima.jpg?seq=olorema#ccaecat||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||fug", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-2964-BADMETHOD: 10.114.191.225||uian||tempo||[09/Apr/2016:5:22:51 PST]||exercit||https://internal.example.com/omnis/antium.txt?lupta=iusmodt#doloreeu||pori||occ||ect||reetdolo||2770||https://www5.example.org/uiano/mrema.htm?anim=autfugi#inBCSedu||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||tanimi", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 24 00:25:25 erep2696.www.home %APACHETOMCAT- INDEX: 10.38.77.13||aquaeab||liqu||[24/Apr/2016:12:25:25 PT]||ehend||https://www5.example.net/uidolore/niamqu.gif?iat=tevelit#nsequat||loremagn||ipis||gelits||tatevel||3856||https://api.example.com/uovol/dmi.txt?quunt=ptat#ore||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||tsed", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 8 07:27:59 mUt2398.invalid %APACHETOMCAT- DEBUG: 10.11.201.109||boree||ugits||[08/May/2016:7:27:59 CEST]||iinea||https://www.example.org/idexea/riat.txt?tvol=moll#tatione||inB||deomni||tquovol||ntsuntin||3341||https://mail.example.org/imav/ididu.htm?tion=orsitame#quiratio||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||iam", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-3097-BADMTHD: 10.182.166.181||apariat||mol||[22/May/2016:2:30:33 CT]||olupta||https://api.example.org/toccae/tatno.gif?taliqu=temUten#ccusan||iqu||ollit||usan||aper||5529||https://example.org/uaera/sitas.txt?aedic=atquovo#iumto||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||mquaera", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-6283-null: 10.185.126.247||vel||quu||[05/Jun/2016:9:33:08 OMST]||avol||https://mail.example.net/atuse/ddoeiu.gif?idolore=onse#liq||metcon||smo||litessec||emporinc||5075||https://internal.example.com/atcu/oremagna.jpg?remipsum=liq#ist||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||caecatc", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 20 04:35:42 siuta2896.www.localhost %APACHETOMCAT- SEARCH: 10.72.114.23||enia||nsequu||[20/Jun/2016:4:35:42 PST]||rsint||https://example.com/idestla/Nemoeni.htm?taed=lup#remeumf||antiumto||strude||ctetura||usmod||1640||https://mail.example.net/lor/fugit.jpg?rsitamet=lupt#xea||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||orain", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 4 11:38:16 oin6316.www5.host %APACHETOMCAT- TRACE: 10.129.241.147||lores||lapariat||[04/Jul/2016:11:38:16 PST]||etc||https://example.net/nimadmin/ditautfu.html?lpa=entsu#dun||onproide||luptat||itaut||imaven||152||https://internal.example.net/onproide/Nemoen.gif?pitla=ccu#urE||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||inculpaq", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 18 18:40:50 tionemu7691.www.local %APACHETOMCAT- BDMTHD: 10.185.101.76||errorsi||des||[18/Jul/2016:6:40:50 GMT+02:00]||stl||https://www5.example.com/ono/stru.jpg?emaperi=tame#tinvol||tectobe||colabor||iusmodt||etdolo||3768||https://internal.example.net/ommod/sequatur.txt?tlabo=suntexp#ugiatnu||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||itecto", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-3217-GET: 10.57.170.140||nsec||onse||[02/Aug/2016:1:43:25 OMST]||inibusBo||https://example.net/tion/eataev.htm?uiineavo=tisetq#irati||ici||giatquov||eritquii||dexeac||3088||https://www.example.org/oreseos/uames.txt?msequi=isnostru#iquaUten||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||iadese", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-1109-PUT: 10.33.153.47||hil||atquovo||[16/Aug/2016:8:45:59 GMT+02:00]||iineavo||https://internal.example.com/isno/taliq.htm?nnu=dolo#Loremip||idolor||emeumfu||CSed||lupt||6136||https://internal.example.net/quip/mporain.txt?uatD=iunt#temveleu||Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||tio", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 30 15:48:33 conse2991.internal.lan %APACHETOMCAT- FGET: 10.116.104.101||gnam||tat||[30/Aug/2016:3:48:33 CET]||lumqui||https://internal.example.net/mdolore/rQuisau.gif?iavolu=den#tutla||olorema||iades||siarchi||datatn||5076||https://internal.example.net/mipsumd/eFinib.jpg?remi=saute#ercit||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||remagn", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-3361-null: 10.202.194.67||samvolu||ittenbyC||[13/Sep/2016:10:51:07 ET]||eirure||https://internal.example.com/oidentsu/atiset.jpg?ntor=lpaqui#sitame||iadese||nsectet||utla||utei||2716||https://example.com/tlabori/oin.jpg?quisnos=ite#ationul||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||eritqu", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 28 05:53:42 wri2784.api.domain %APACHETOMCAT- PUT: 10.153.111.103||itquiin||modocon||[28/Sep/2016:5:53:42 PST]||taevit||https://www5.example.com/etconse/tincu.txt?lit=asun#estia||eaq||occae||ctetura||labore||4621||https://www.example.com/adeseru/emoe.html?atur=itanimi#itame||Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30||rehender", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-1637-DETECT_METHOD_TYPE: 10.52.186.29||equat||doloreme||[12/Oct/2016:12:56:16 GMT+02:00]||ione||https://www5.example.org/eriamea/amre.htm?magni=pisciv#iquidex||radipisc||tmo||fficiade||uscipit||4168||https://internal.example.net/oru/temqu.htm?etMalor=ipi#reseos||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mcolab", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 26 19:58:50 oquisqu2937.mail.domain %APACHETOMCAT- BDMTHD: 10.209.182.237||tper||olor||[26/Oct/2016:7:58:50 GMT-07:00]||osqui||https://www.example.org/iutali/fdeFi.jpg?liquide=etdol#uela||boN||eprehend||aevit||aboN||3423||https://example.net/tlabo/uames.gif?mpo=offi#giatnu||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||lor", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 10 03:01:24 dolore1287.internal.lan %APACHETOMCAT- CFYZ: 10.63.194.87||quisno||sin||[10/Nov/2016:3:01:24 CT]||aliquam||https://mail.example.net/itatione/isnis.html?oluptate=issus#osamn||isnisiu||bore||tsu||tcons||3128||https://api.example.org/lorinre/olorsita.gif?idata=rumwritt#magnid||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||dol", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-4307-TRACE: 10.62.191.18||tevelite||orporiss||[24/Nov/2016:10:03:59 OMST]||tlabo||https://www.example.org/emvel/tmollita.htm?numqua=veni#eveli||eroi||dtemp||aliquide||ofde||4940||https://www5.example.org/maven/hende.jpg?labor=didunt#uptatema||Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||udan", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-6040-CFYZ: 10.238.164.29||aturQui||utlabor||[08/Dec/2016:5:06:33 ET]||temvel||https://example.net/nisi/dant.txt?ecte=tinvolu#iurer||iciadese||quidolor||tessec||olupta||2660||https://example.org/idolor/uisau.jpg?llumdolo=nre#ercitat||Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||uiinea", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-1612-SEARCH: 10.155.230.17||eni||ionevo||[23/Dec/2016:12:09:07 CT]||Ute||https://internal.example.com/sintocc/tlabor.txt?tDuisaut=oinBC#quameius||ipsumdol||tet||etdo||urerepr||4674||https://example.com/tetu/stru.htm?tlabore=Exc#pora||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||uteirure", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 6 07:11:41 ide2767.www5.local %APACHETOMCAT- RNDMMTD: 10.102.229.102||nnum||tenbyCi||[06/Jan/2017:7:11:41 PST]||tco||https://example.net/officiad/itam.html?madmi=tur#roi||niamqui||orem||sno||atno||5263||https://mail.example.net/ntocca/ostru.txt?quiavol=rrorsi#temquiav||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||sec", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 20 14:14:16 sBon1759.invalid %APACHETOMCAT- HEAD: 10.194.14.7||ten||vita||[20/Jan/2017:2:14:16 OMST]||ullamcor||https://mail.example.org/tor/qui.txt?eavolup=fugiatn#docon||etconsec||ios||evolu||ersp||3536||https://www5.example.org/sauteiru/mod.gif?tes=mquame#nihilmol||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||orain", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-6113-get: 10.99.0.226||madmi||uidol||[03/Feb/2017:9:16:50 ET]||quameius||https://api.example.net/roid/inibusB.jpg?Nemoenim=squirati#Sedutp||utp||ema||rsitv||iciade||5649||https://example.com/lup/tatemUt.html?upida=tvolupt#eufugi||Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36||uredol", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-6945-DETECT_METHOD_TYPE: 10.107.174.213||tenimad||minimav||[18/Feb/2017:4:19:24 OMST]||taedicta||https://www.example.net/str/idolore.txt?eetdolo=cteturad#untut||uamni||ctet||ati||uine||2438||https://api.example.org/loreme/untu.htm?ven=con#nisist||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||ium", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 4 11:21:59 idunt4707.host %APACHETOMCAT- ABCD: 10.84.25.23||laudant||isnost||[04/Mar/2017:11:21:59 CET]||rQuisau||https://mail.example.org/iscinge/ofdeFini.jpg?molli=velitse#oditem||gitsedqu||borios||rsitvolu||quam||5315||https://www.example.org/ineavo/pexe.htm?iadolor=amcol#adeser||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||gitsed", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-4367-uGET: 10.193.143.108||idolo||luptate||[18/Mar/2017:6:24:33 PT]||atisun||https://www.example.org/epre/tobeata.html?quia=iduntu#idestlab||rnatur||ofdeFin||essequam||acommo||3105||https://api.example.com/cusant/atemq.gif?itecto=reetdol#totamre||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||ercita", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 2 01:27:07 emquia1497.www5.lan %APACHETOMCAT- INDEX: 10.190.51.22||uamei||siut||[02/Apr/2017:1:27:07 CT]||uisa||https://example.com/mexe/its.htm?ice=oles#edic||seq||tutlab||sau||atevelit||2450||https://example.org/aperia/ccaeca.gif?ttenby=boris#stenatu||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||orumSe", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 16 08:29:41 riat3854.www5.home %APACHETOMCAT- BADMETHOD: 10.194.90.130||siut||tconsect||[16/Apr/2017:8:29:41 PT]||piscinge||https://www.example.com/velitess/naali.htm?nre=veli#volupta||rnatu||elitse||ima||quasia||2382||https://www5.example.com/quamqua/eacommod.html?iumdol=tpersp#stla||mobmail android 2.1.3.3150||sequamni", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-6198-BDMTHD: 10.10.213.83||nea||psum||[30/Apr/2017:3:32:16 OMST]||ncididun||https://www.example.org/xeacomm/cinge.txt?apariat=vitaedi#lorsita||dolore||uptate||quidexea||ect||23||https://internal.example.com/ate/odoconse.jpg?quatu=veli#tenim||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||labo", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 14 22:34:50 aboreetd5461.host %APACHETOMCAT- uGET: 10.52.125.9||hit||urv||[14/May/2017:10:34:50 ET]||nimid||https://api.example.org/texpli/exeacom.jpg?rita=esseci#tametcon||liqua||mvele||isis||uasiar||2552||https://mail.example.net/loremqu/dantium.htm?teirured=onemulla#dolorem||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||rauto", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-5770-RNDMMTD: 10.19.17.202||nby||mve||[29/May/2017:5:37:24 PT]||isau||https://api.example.net/ibusBon/ven.gif?nsequat=doloreme#dun||reprehe||tincu||suntin||itse||814||https://www5.example.org/intocc/amcorp.html?ssecillu=liqua#olo||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aec", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 12 12:39:58 iquidexe304.mail.test %APACHETOMCAT- RNDMMTD: 10.195.64.5||oreetd||uat||[12/Jun/2017:12:39:58 PT]||moenimi||https://mail.example.org/oconsequ/edquiac.gif?preh=ercit#etMal||qua||rsita||ate||ipsamvo||344||https://api.example.com/tdol/upt.htm?asper=idunt#luptat||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||ica", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 26 19:42:33 remips4828.www5.host %APACHETOMCAT- POST: 10.209.77.194||tvolup||itesseq||[26/Jun/2017:7:42:33 OMST]||snost||https://internal.example.com/llamc/nte.htm?utali=porinc#tetur||xce||dat||aincidu||nimadmin||4843||https://mail.example.com/eumfugi/etdolor.htm?dic=cola#amcor||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||elites", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-1952-MKCOL: 10.168.6.90||rem||amvolupt||[11/Jul/2017:2:45:07 GMT+02:00]||atisund||https://example.net/ites/isetq.gif?nisiut=tur#avolupt||ariatur||rer||iconseq||porincid||6941||https://mail.example.org/nofd/dipisci.txt?ilmol=eri#quunt||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||tae", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-7717-rndmmtd: 10.89.137.238||plica||ore||[25/Jul/2017:9:47:41 OMST]||emqu||https://mail.example.com/acommod/itsedd.html?admin=stenatu#inibu||est||uptatemU||leumiu||tla||4765||https://api.example.org/isa/niamqui.jpg?dqu=pid#rExc||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||erun", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-4574-OPTIONS: 10.246.61.213||ntutlabo||iusmodte||[08/Aug/2017:4:50:15 CT]||loi||https://example.org/Nequepor/eirure.htm?idid=tesse#sequat||giatquov||tconsec||miurerep||toccaec||7645||https://www5.example.net/psaqua/ullamcor.txt?qui=cupi#tame||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||orroq", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 22 23:52:50 orin5238.host %APACHETOMCAT- MKCOL: 10.117.44.138||orem||rcit||[22/Aug/2017:11:52:50 PST]||enderit||https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo||oluptas||emvele||isnost||olorem||2760||https://www5.example.net/quunt/acommod.jpg?sit=rumSect#ita||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||aliq", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-4801-PRONECT: 10.69.30.196||tore||elits||[06/Sep/2017:6:55:24 OMST]||ruredo||https://example.net/temUt/ptassita.gif?uamnihi=risnis#uov||itlab||urmag||omm||equ||4808||https://www.example.net/siuta/urmagn.html?uptat=idex#ptateve||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||nimveni", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-7668-BADMTHD: 10.135.91.88||ercit||eporroq||[20/Sep/2017:1:57:58 CT]||ugiatn||https://api.example.com/dictasun/abore.txt?modocon=ipsu#ntNeq||tate||urExce||asi||ectiono||2241||https://example.org/onu/liquaUte.txt?velillu=ria#atDu||Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||emq", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 4 21:00:32 agnaaliq1829.mail.test %APACHETOMCAT- ABCD: 10.81.45.174||tin||fugitse||[04/Oct/2017:9:00:32 CEST]||liquide||https://example.net/Sedutpe/prehen.html?rcit=aecatcup#olabor||estl||erun||iruredol||incidid||7699||https://api.example.org/edquian/loremeu.gif?volupta=dmi#untexpl||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mipsamvo", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-3517-rndmmtd: 10.87.179.233||mnisiut||avolu||[19/Oct/2017:4:03:07 PST]||eum||https://www.example.org/umetMal/asper.htm?metcons=itasper#uae||mve||uia||iciad||lorem||6137||https://www.example.org/redol/gnaa.htm?aliquamq=dtempori#toditaut||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||dexerc", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-2669-COOK: 10.198.57.130||hitec||henderit||[02/Nov/2017:11:05:41 OMST]||perspici||https://api.example.net/mquisn/queips.gif?emUte=molestia#quir||eavolup||emip||ver||erc||294||https://example.com/iuntNequ/esseq.txt?remq=veniamq#occ||Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90||emo", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-494-GET: 10.218.0.197||dolor||econs||[16/Nov/2017:6:08:15 ET]||eritin||https://www.example.net/yCic/nder.jpg?itanim=nesciun#saqu||iscive||quasiar||aeab||teur||609||https://www.example.org/mol/tur.jpg?usmodi=ree#saquaea||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||eetd", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 1 01:10:49 iatqu7310.api.home %APACHETOMCAT- get: 10.123.199.198||irured||illumqui||[01/Dec/2017:1:10:49 PST]||tionula||https://mail.example.com/ecatcupi/uamei.html?nreprehe=onse#olorem||turvel||eratv||ipsa||asuntexp||1390||https://example.com/oremquel/lmole.jpg?boNem=iumt#tsed||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||mpo", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 15 08:13:24 uamnihil6127.api.domain %APACHETOMCAT- POST: 10.29.119.245||tatnon||leumiur||[15/Dec/2017:8:13:24 ET]||ore||https://internal.example.net/ection/roquisqu.html?ceroinB=nim#utaliqu||rsi||taliqui||mides||ciun||39||https://example.org/iatqu/inBCSedu.gif?urExcep=ema#suntex||Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36||anim", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 29 15:15:58 uov1629.internal.invalid %APACHETOMCAT- DETECT_METHOD_TYPE: 10.130.175.17||quide||quaU||[29/Dec/2017:3:15:58 PT]||inimav||https://mail.example.net/iutali/itat.txt?Finibus=radi#xeacom||des||atnulapa||billo||rroqu||2170||https://www.example.org/taedi/tquido.html?etconsec=elillum#upt||Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||onsectet", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-5752-PROPFIND: 10.166.90.130||mdolore||eosquira||[12/Jan/2018:10:18:32 CET]||lloinven||https://mail.example.net/lmolesti/apariatu.htm?moe=msequ#uat||lupta||npr||etconsec||caboNem||1043||https://internal.example.org/litesseq/atcupida.html?tob=dolores#equamnih||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||deF", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "January 27 05:21:06 orumw5960.www5.home %APACHETOMCAT- GET: 10.248.111.207||dolor||tiumto||[27/Jan/2018:5:21:06 GMT-07:00]||quiavol||https://api.example.org/ratv/alorum.jpg?tali=BCS#qui||ugiatquo||incidid||quin||autemv||6174||https://internal.example.org/mipsumqu/tatio.jpg?admi=onnu#olorema||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||atatnon", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-2940-asdf: 10.185.37.32||ame||tesseq||[10/Feb/2018:12:23:41 GMT+02:00]||tem||https://internal.example.net/gitse/ugitse.jpg?tvolup=tdolore#ventore||red||sinto||tatev||luptas||3286||https://api.example.net/aev/inrepr.gif?iadese=nisiu#imad||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||ptatem", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-4927-SEARCH: 10.5.194.202||onproide||ntmo||[24/Feb/2018:7:26:15 CET]||riosa||https://example.org/pisc/urEx.html?rautod=olest#eataev||atcupi||atem||qui||otamr||7278||https://internal.example.com/meaque/uid.htm?tion=tobeatae#maccusa||Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||iqua", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 11 02:28:49 deriti6952.mail.domain %APACHETOMCAT- PRONECT: 10.183.34.1||boree||isn||[11/Mar/2018:2:28:49 CEST]||der||https://www5.example.com/aconse/prehe.gif?diduntu=eiusmod#itation||veleum||piciatis||nes||lmolesti||1559||https://www.example.org/emaperia/Section.txt?iame=orroquis#aquio||Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30||ntmoll", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-4472-CFYZ: 10.101.163.40||abor||nBCSe||[25/Mar/2018:9:31:24 CEST]||remips||https://mail.example.net/reetdolo/rationev.html?reetdol=uelauda#ema||odi||ptatems||runtmo||ore||3512||https://internal.example.com/undeom/emullamc.jpg?quaer=eetdo#tlab||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||liq", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 8 16:33:58 nse3421.mail.localhost %APACHETOMCAT- uGET: 10.216.188.152||oremi||ugitsedq||[08/Apr/2018:4:33:58 ET]||atDuis||https://www5.example.com/mUteni/quira.htm?ore=tation#loinve||tatevel||iumdolo||untu||ict||2699||https://internal.example.com/riosamni/icta.gif?umetMa=imadmin#iqui||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||Nequepo", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-1033-nGET: 10.94.140.77||veniam||isnisiu||[22/Apr/2018:11:36:32 OMST]||dol||https://www5.example.org/setquas/minim.gif?tutlabor=reseosq#gna||isiutali||lumqu||onulamco||ons||5050||https://mail.example.net/unt/tass.html?tla=mquiad#CSe||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||psa", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-4133-PUT: 10.223.205.204||lor||ccaec||[07/May/2018:6:39:06 PST]||ommo||https://www.example.com/laudanti/umiurer.txt?rsitvolu=mnisi#usmo||iamea||imaveni||uiacon||iam||7526||https://mail.example.org/oin/itseddoe.html?citati=uamei#eursinto||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||tutla", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 21 13:41:41 tautfug689.localdomain %APACHETOMCAT- PUT: 10.85.137.156||atiset||serror||[21/May/2018:1:41:41 CEST]||isiut||https://mail.example.org/ici/nisiuta.jpg?itae=dtempo#atnula||ditautf||itametc||ori||uamqu||2804||https://example.com/quiac/sunt.gif?etdol=dolorsi#nturmag||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||Except", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 4 20:44:15 totam6886.api.localhost %APACHETOMCAT- QUALYS: 10.12.54.142||trudex||liquam||[04/Jun/2018:8:44:15 PST]||lor||https://mail.example.com/eseruntm/lpaquiof.html?magnaal=uscip#umS||iciadese||riatur||oeni||dol||3000||https://www5.example.net/teturadi/ditau.gif?piscivel=hend#eacommo||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aer", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-3864-RNDMMTD: 10.158.6.52||dolorem||sed||[19/Jun/2018:3:46:49 OMST]||Nemoenim||https://example.net/labori/porai.gif?utali=sed#xeac||umdolors||lumdo||acom||eFini||4262||https://internal.example.org/uovol/prehend.html?eque=eufug#est||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||ntincul", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 3 10:49:23 tquo854.api.domain %APACHETOMCAT- MKCOL: 10.195.160.182||ine||urerepre||[03/Jul/2018:10:49:23 CT]||itessequ||https://www5.example.org/orissu/fic.gif?ese=mmodoco#amni||atnul||umfugi||stquidol||Nemoenim||1325||https://example.com/tasnul/tuserr.jpg?amvo=tnul#expl||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||isau", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-6084-CONNECT: 10.20.68.117||rQuisaut||quas||[17/Jul/2018:5:51:58 ET]||metco||https://mail.example.com/iuntNeq/eddoei.jpg?sseq=eriam#pernat||udan||archi||iutaliq||urQuis||1742||https://example.net/orum/Bonoru.txt?agnamal=quei#quio||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||lamcola", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 1 00:54:32 venia6656.api.domain %APACHETOMCAT- CONNECT: 10.94.136.235||mmod||iti||[01/Aug/2018:12:54:32 PST]||amqu||https://www5.example.com/tanimid/onpr.gif?gelitse=oremqu#idex||radip||upta||tetura||rumet||6923||https://www5.example.org/lestia/nde.jpg?pisci=sunt#texplica||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||ore", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 15 07:57:06 veniam1216.www5.invalid %APACHETOMCAT- NCIRCLE: 10.152.11.26||expli||ugiat||[15/Aug/2018:7:57:06 GMT+02:00]||oinBCSed||https://www.example.net/ntorever/pisciv.gif?eritq=rehen#ipsamvol||elillum||veleumi||nsequatu||nula||2783||https://example.com/santi/ritati.gif?turadip=dip#idolo||Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10||aco", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 29 14:59:40 runtm5729.invalid %APACHETOMCAT- PRONECT: 10.82.118.95||bore||ptate||[29/Aug/2018:2:59:40 GMT+02:00]||labo||https://www5.example.com/quu/xeac.htm?abor=oreverit#scip||Finibus||Utenimad||olupta||tau||5211||https://www5.example.com/itametco/vel.htm?rere=pta#nonn||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||met", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-4322-id: 10.187.152.213||conse||ventor||[12/Sep/2018:10:02:15 CEST]||mag||https://www.example.net/mini/Loremip.html?tur=atnonpr#ita||amquaer||aqui||enby||lpa||3948||https://www5.example.net/iat/ffic.htm?cte=aparia#CSe||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||ugitsedq", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "September 27 05:04:49 pta6012.www.local %APACHETOMCAT- uGET: 10.98.71.45||destla||fugitse||[27/Sep/2018:5:04:49 GMT+02:00]||eirur||https://www.example.net/duntutla/lamco.txt?isci=Dui#reetdo||ever||civelits||eos||ipitlabo||5440||https://internal.example.net/nonn/hite.htm?ariatur=labo#sautei||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||unt", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-5971-uGET: 10.86.123.33||ugia||meum||[11/Oct/2018:12:07:23 OMST]||doei||https://www5.example.net/tev/nre.html?occaeca=eturadip#ent||rumSecti||Utenima||olore||orumS||757||https://www5.example.org/eursint/orio.txt?iameaqu=aaliquaU#olu||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||yCiceroi", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-2852-FGET: 10.6.112.183||deom||oluptat||[25/Oct/2018:7:09:57 GMT-07:00]||eni||https://www5.example.net/uamnih/nseq.txt?uidolo=umdolore#dmi||tam||oremip||eufugi||dunt||6169||https://api.example.net/uidexeac/sequa.html?modoc=magnam#uinesc||Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||idatat", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 9 02:12:32 orsi2109.internal.home %APACHETOMCAT- LOCK: 10.227.156.143||sis||idolo||[09/Nov/2018:2:12:32 CEST]||tsedquia||https://example.net/umdolor/isiu.html?mmodi=snostr#eniamqu||inimav||tatevel||midestl||nci||6587||https://www5.example.org/nvolupt/meiusm.htm?aturv=ectetura#obeataev||Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10||seq", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 23 09:15:06 quaeabil2539.www5.lan %APACHETOMCAT- get: 10.124.129.248||iamqui||quide||[23/Nov/2018:9:15:06 CT]||cididun||https://example.org/ibusBo/untincu.jpg?lesti=sintocca#mipsumqu||eprehen||hilmole||sequ||sectetu||7182||https://example.net/dolor/lorumwri.htm?mquis=lab#uido||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mwrit", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "December 7 16:17:40 aal1598.mail.host %APACHETOMCAT- CONNECT: 10.173.125.112||quiavolu||upta||[07/Dec/2018:4:17:40 OMST]||umtota||https://www5.example.org/magnaa/sumquiad.gif?oluptate=Duisa#consequa||eaqueip||itaedict||olorema||rep||3380||https://www5.example.net/siarc/fdeFin.jpg?tobeata=nesciun#amcolab||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||isnisiut", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-5227-GET: 10.37.156.140||uisnos||olores||[21/Dec/2018:11:20:14 PST]||epo||https://www.example.org/evolup/rvelil.gif?eavolup=ipsumq#evit||tno||iss||taspe||lum||5911||https://api.example.net/eturad/tDuis.htm?enimadmi=tateveli#osa||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||idolorem", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-5776-PRONECT: 10.121.225.135||ufugi||cin||[05/Jan/2019:6:22:49 ET]||byC||https://example.com/oremip/its.jpg?iavol=natuserr#ostrudex||nse||miurere||evit||uatu||2448||https://www5.example.org/uamestqu/mpor.jpg?hender=ptatemU#seq||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||tnulapa", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-7708-DEBUG: 10.123.68.56||expl||olore||[19/Jan/2019:1:25:23 CEST]||dentsunt||https://www.example.org/animid/upta.jpg?onnumqua=quioff#iuntN||ipis||itautfu||nesci||tam||1206||https://mail.example.net/tetura/eeufug.txt?modt=iduntutl#rsitam||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||ntor", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 2 20:27:57 oid218.api.invalid %APACHETOMCAT- RNDMMTD: 10.63.56.164||iquid||evo||[02/Feb/2019:8:27:57 GMT-07:00]||avolu||https://api.example.net/itesse/expl.html?prehende=lup#tpers||orsitv||temseq||uisaute||uun||4638||https://mail.example.net/nemulla/asp.html?ncul=taliq#tautfugi||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||umd", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "February 17 03:30:32 sectetur2674.www5.test %APACHETOMCAT- HEAD: 10.62.10.137||eeufugi||deomnisi||[17/Feb/2019:3:30:32 ET]||issus||https://example.net/deritinv/evelite.html?iav=odico#rsint||itl||ttenb||olor||quiav||6648||https://example.com/eumfu/lors.gif?upidata=ici#usant||Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10||con", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "March 3 10:33:06 sequatD4487.internal.localhost %APACHETOMCAT- INDEX: 10.89.154.115||oeiusmo||nimv||[03/Mar/2019:10:33:06 GMT+02:00]||tconse||https://example.org/tseddoei/teursint.htm?remagnaa=lamcolab#ceroinB||umqui||citation||temsequi||mquia||1119||https://api.example.net/iveli/conseq.htm?ercitat=taspe#yCiceroi||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||cti", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-4758-TRACE: 10.122.252.130||tuser||mmo||[17/Mar/2019:5:35:40 PST]||tlaboru||https://www5.example.com/ciad/ugiatqu.gif?turveli=isciv#natus||boreet||luptasnu||ento||snostr||3904||https://api.example.org/xerc/Nequep.htm?ria=beat#rro||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||uisau", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-2573-id: 10.195.152.53||ueporroq||ute||[01/Apr/2019:12:38:14 GMT-07:00]||tationu||https://api.example.com/olore/ntutlab.htm?ameaquei=gnama#esciun||tesse||olupta||isno||oluptas||5560||https://www.example.net/rinrepr/dutp.jpg?modo=uiavo#uisaut||mobmail android 2.1.3.3150||paq", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 15 07:40:49 nul5107.www5.domain %APACHETOMCAT- ABCD: 10.9.255.204||illoin||emUtenim||[15/Apr/2019:7:40:49 CT]||uid||https://mail.example.com/rvelil/adese.htm?incidi=aedictas#rumetMa||mexerci||urEx||ditaut||ctetur||3089||https://mail.example.com/oreeu/mea.jpg?tis=oluptat#emi||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||iaeconse", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "April 29 14:43:23 nimadmin5630.localdomain %APACHETOMCAT- RNDMMTD: 10.214.235.133||equ||nulapari||[29/Apr/2019:2:43:23 GMT-07:00]||tsunt||https://www.example.org/oremi/ectobeat.gif?oreeu=uasiarch#Malor||boriosa||cillumdo||ditau||moenimip||5930||https://internal.example.net/oreetd/lor.txt?etc=eturadip#nost||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||evel", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "May 13 21:45:57 sequuntu3563.internal.test %APACHETOMCAT- TRACE: 10.5.134.204||apari||iarchit||[13/May/2019:9:45:57 PT]||orum||https://api.example.com/orsitam/tiset.jpg?ati=rauto#doloreeu||lors||eumfu||docons||tur||3197||https://api.example.org/uasi/maveniam.html?rspicia=pitl#imi||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||taevit", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-6820-SEARCH: 10.144.111.42||sumquia||vento||[28/May/2019:4:48:31 CEST]||asnu||https://example.org/rep/mveni.txt?utpers=num#ctetura||quaerat||tDuisau||aturve||ptateve||7615||https://internal.example.com/tconsect/pariat.gif?etcon=ctobeat#isi||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||lorumw", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-3071-FGET: 10.122.0.80||olupt||ola||[11/Jun/2019:11:51:06 CT]||etquasia||https://example.net/adm/snostr.jpg?tec=itaspe#con||illumdo||antium||remaper||eseosq||2945||https://www.example.com/uae/ata.htm?snulap=cidu#hilmol||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||quamq", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "June 25 18:53:40 tdolo2150.www.example %APACHETOMCAT- ABCD: 10.165.33.19||uamqu||iusmodi||[25/Jun/2019:6:53:40 ET]||aparia||https://mail.example.com/ccusant/epteurs.htm?oidentsu=oditau#onsec||dit||namaliqu||yCic||tetura||1569||https://www.example.net/ttenb/eirure.txt?rem=exer#eeufug||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||lapari", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "July 10 01:56:14 cinge6032.api.local %APACHETOMCAT- BADMTHD: 10.87.92.17||utlabore||tamr||[10/Jul/2019:1:56:14 CT]||iutaliq||https://mail.example.org/onemul/trudexe.txt?ura=oreeufug#Quisa||quiav||ctionofd||elit||sam||6211||https://internal.example.org/unt/isni.htm?ecillum=olor#amei||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||quid", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-7615-BADMETHOD: 10.51.52.203||wri||itame||[24/Jul/2019:8:58:48 ET]||dictasun||https://example.com/lorese/olupta.jpg?onsec=idestl#litani||emp||arch||non||mollit||5823||https://internal.example.org/tobeatae/ntut.gif?exe=naa#equat||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mqu", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "August 7 16:01:23 ende6053.local %APACHETOMCAT- rndmmtd: 10.0.211.86||rsp||imipsa||[07/Aug/2019:4:01:23 CEST]||int||https://internal.example.net/llitani/uscipit.html?etcons=etco#iuntN||utfugi||ursintoc||tio||mmodicon||6776||https://internal.example.net/tvol/lup.gif?ollita=qua#ionula||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||cusa", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-264-OPTIONS: 10.106.34.244||eumiu||nim||[21/Aug/2019:11:03:57 PST]||rehen||https://mail.example.net/ptat/mipsu.htm?eturadip=amquaera#rsitamet||leumiur||ssequamn||ave||taliqui||3714||https://example.net/undeomn/ape.jpg?amco=ons#onsecte||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||atquo", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-2943-nGET: 10.191.210.188||inculpa||ruredol||[05/Sep/2019:6:06:31 OMST]||ipit||https://www.example.org/quae/periam.html?emoenimi=iquipex#mqu||onorume||abill||ametcon||ofdeFini||7052||https://example.net/tionev/uasiarch.html?qui=ehender#equa||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||nimides", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-6165-BDMTHD: 10.2.38.49||asiarc||lor||[19/Sep/2019:1:09:05 GMT+02:00]||snula||https://www.example.com/bori/dipi.gif?utf=dolor#dexe||nemul||Duis||lupt||quatur||5775||https://www.example.org/ipsa/con.gif?uianonnu=tatiset#quira||mobmail android 2.1.3.3150||aea", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 3 20:11:40 didun1193.example %APACHETOMCAT- id: 10.66.92.90||orumwri||atisu||[03/Oct/2019:8:11:40 PST]||tse||https://example.com/iat/tqui.gif?utaliqui=emse#emqui||cipitla||tlab||vel||ionevo||4580||https://mail.example.com/volupta/umfu.gif?tisetq=tDuisaut#dolo||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||samvol", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "October 18 03:14:14 apari2660.www5.lan %APACHETOMCAT- BADMTHD: 10.97.108.108||fficiad||teirured||[18/Oct/2019:3:14:14 PST]||sistena||https://example.com/caboN/imipsam.jpg?catcupid=ritquiin#quisnost||sequines||olor||sequa||lorum||7649||https://mail.example.com/Sedut/tatis.gif?reeufugi=sequines#minimve||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||toditau", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 1 10:16:48 nvolupta238.www.host %APACHETOMCAT- COOK: 10.147.147.248||onpr||uira||[01/Nov/2019:10:16:48 CET]||ptatev||https://api.example.net/uiaco/aliqu.txt?udexerci=uae#imveni||econ||aborio||rve||catcup||177||https://www5.example.org/busBon/norumetM.jpg?vitaedi=rna#cons||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||lupta", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 15 17:19:22 icer123.mail.example %APACHETOMCAT- NCIRCLE: 10.152.190.61||imvenia||culp||[15/Nov/2019:5:19:22 GMT-07:00]||nesciu||https://www.example.org/roinBCSe/eetdolor.html?tla=iaconseq#sed||sedd||atione||tvolup||oremeu||6708||https://api.example.com/dan/pta.html?oNem=itaedict#eroi||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||uptateve", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "November 30 00:21:57 lumqui6488.api.example %APACHETOMCAT- DETECT_METHOD_TYPE: 10.129.232.105||des||deFini||[30/Nov/2019:12:21:57 GMT-07:00]||aliquaU||https://www.example.net/tvolu/imve.txt?gnaaliq=quam#deriti||edictasu||eturadi||umS||noru||5321||https://api.example.org/taevitae/tevel.htm?vol=ita#iquipexe||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||quamqua", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "message": "%APACHETOMCAT-5473-TRACE: 10.12.173.112||Excepteu||mco||[14/Dec/2019:7:24:31 PT]||undeom||https://internal.example.org/teturadi/radipi.gif?upidatat=mod#niamqui||litsedd||nidol||inBC||hite||423||https://api.example.net/dminimve/remips.txt?uiac=tquii#tesse||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||emeumfu", "tags": [ diff --git a/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 2acd0481e2d..c2bdf786024 100644 --- a/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Apache Tomcat processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/tomcat/data_stream/log/sample_event.json b/packages/tomcat/data_stream/log/sample_event.json index 638afcab0c2..1f5e1506876 100644 --- a/packages/tomcat/data_stream/log/sample_event.json +++ b/packages/tomcat/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/tomcat/manifest.yml b/packages/tomcat/manifest.yml index ad5f1bae1c5..a00bbc7d31a 100644 --- a/packages/tomcat/manifest.yml +++ b/packages/tomcat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: tomcat title: Apache Tomcat -version: 1.4.1 +version: "1.5.0" description: Collect and parse logs from Apache Tomcat servers with Elastic Agent. categories: ["web", "security"] release: ga diff --git a/packages/udp/_dev/build/build.yml b/packages/udp/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/udp/_dev/build/build.yml +++ b/packages/udp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/udp/changelog.yml b/packages/udp/changelog.yml index 5df3dafc325..b1ae5cce6e7 100644 --- a/packages/udp/changelog.yml +++ b/packages/udp/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.1.1" changes: - description: Fixing typo in readme diff --git a/packages/udp/manifest.yml b/packages/udp/manifest.yml index 4fe38e8c84f..7fd16b13ce5 100644 --- a/packages/udp/manifest.yml +++ b/packages/udp/manifest.yml @@ -3,7 +3,7 @@ name: udp title: Custom UDP Logs description: Collect raw UDP data from listening UDP port with Elastic Agent. type: integration -version: 1.1.1 +version: "1.2.0" release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" diff --git a/packages/winlog/_dev/build/build.yml b/packages/winlog/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/winlog/_dev/build/build.yml +++ b/packages/winlog/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index 55131bcf24c..4d3145cdc75 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.5.2" changes: - description: Add correct field mapping for event.created diff --git a/packages/winlog/manifest.yml b/packages/winlog/manifest.yml index 3732b67a42f..afc29be4809 100644 --- a/packages/winlog/manifest.yml +++ b/packages/winlog/manifest.yml @@ -3,7 +3,7 @@ name: winlog title: Custom Windows Event Logs description: Collect and parse logs from any Windows event log channel with Elastic Agent. type: integration -version: 1.5.2 +version: "1.6.0" release: ga conditions: kibana.version: '^7.16.0 || ^8.0.0' diff --git a/packages/zeek/_dev/build/build.yml b/packages/zeek/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/zeek/_dev/build/build.yml +++ b/packages/zeek/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index b58caf339b4..eba186dbc89 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.2.0" changes: - description: Add new data sets for known_hosts, known_certs, known_services, & software logs files. diff --git a/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json b/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json index 3fc3bf2d6b9..300053625ff 100644 --- a/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json +++ b/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-09-10T16:19:28.465Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -27,7 +27,7 @@ { "@timestamp": "2021-03-30T00:04:00.941Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -51,7 +51,7 @@ { "@timestamp": "2021-03-30T00:19:00.942Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -75,7 +75,7 @@ { "@timestamp": "2021-03-30T00:34:00.942Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -99,7 +99,7 @@ { "@timestamp": "2021-03-30T00:49:00.942Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -123,7 +123,7 @@ { "@timestamp": "2019-09-10T16:19:28.465Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml index 64ee568df74..e3fba6a819d 100644 --- a/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml @@ -23,7 +23,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - date: field: zeek.capture_loss.ts formats: diff --git a/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json b/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json index fa7c6801da2..18237226eb4 100644 --- a/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json +++ b/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json @@ -10,7 +10,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -91,7 +91,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -172,7 +172,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -269,7 +269,7 @@ "packets": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -427,7 +427,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -506,7 +506,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -585,7 +585,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -646,7 +646,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -708,7 +708,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -770,7 +770,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -832,7 +832,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -894,7 +894,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -956,7 +956,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1016,7 +1016,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1076,7 +1076,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1154,7 +1154,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -1242,7 +1242,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml index bba287f0884..61e116a6417 100644 --- a/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json b/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json index 084ae9146cc..e56f7125c50 100644 --- a/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json +++ b/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "BrowserrQueryOtherDomains", @@ -62,7 +62,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "BrowserrQueryOtherDomains", diff --git a/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml index 23954cb743a..a68f24ec539 100644 --- a/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json b/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json index a35dfa2601d..d1c7415bf94 100644 --- a/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json +++ b/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json @@ -11,7 +11,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -91,7 +91,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -165,7 +165,7 @@ "port": 67 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml index ab1f20f072e..fc3a0a89ded 100644 --- a/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml @@ -23,7 +23,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json b/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json index 5d4153b6fb5..0fe9b091443 100644 --- a/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json +++ b/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json @@ -8,7 +8,7 @@ "port": 20000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "read", @@ -60,7 +60,7 @@ "port": 20000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "read", diff --git a/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml index cee9af148cc..5579bd04d6b 100644 --- a/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 9a37fb0ac59..bcd0e1e2ce1 100644 --- a/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -42,7 +42,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -125,7 +125,7 @@ "type": "query" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -201,7 +201,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -297,7 +297,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -534,7 +534,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -650,7 +650,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -734,7 +734,7 @@ "type": "answer" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index b644e013216..988eb36fbbe 100644 --- a/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json b/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json index f694dd8452c..cd567f7e298 100644 --- a/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json +++ b/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -57,7 +57,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml index 7b6b01f0cf7..4e669b14edf 100644 --- a/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json b/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json index 39f0e41e495..55661dd1682 100644 --- a/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json +++ b/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json @@ -6,7 +6,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -78,7 +78,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -150,7 +150,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -222,7 +222,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -298,7 +298,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -374,7 +374,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -450,7 +450,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -522,7 +522,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -598,7 +598,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml index ab428a1072f..2f8b6119bfe 100644 --- a/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: file diff --git a/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json b/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json index 1713c7838ac..7d21b02e9e5 100644 --- a/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json +++ b/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json @@ -8,7 +8,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "EPSV", @@ -77,7 +77,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "RETR", @@ -144,7 +144,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "STOR", @@ -208,7 +208,7 @@ "port": 21 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "STOR", diff --git a/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml index d9c6c67abe8..3200d47d1fa 100644 --- a/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json b/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json index 37e5108ea62..77fdcd7c84b 100644 --- a/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json +++ b/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json @@ -26,7 +26,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GET", @@ -138,7 +138,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GET", @@ -244,7 +244,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -335,7 +335,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -426,7 +426,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -517,7 +517,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -608,7 +608,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -699,7 +699,7 @@ "port": 80 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GET", @@ -795,7 +795,7 @@ "port": 7000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "GET", diff --git a/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml index 6890b37b9d5..9b62ffcd793 100644 --- a/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json b/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json index 180e91ec47e..0c65ec46e99 100644 --- a/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json +++ b/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json @@ -26,7 +26,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -98,7 +98,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml index 9b6de052b23..c18f783f7f3 100644 --- a/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: enrichment - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: threat diff --git a/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json b/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json index d8e4017f44b..a485596c733 100644 --- a/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json +++ b/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json @@ -26,7 +26,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "USER", @@ -97,7 +97,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NICK", @@ -174,7 +174,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "JOIN", @@ -252,7 +252,7 @@ "port": 8000 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "JOIN", diff --git a/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml index 7dab55e0643..8d0c219f53a 100644 --- a/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json b/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json index 6be34e35410..607806e7af8 100644 --- a/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json +++ b/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json @@ -11,7 +11,7 @@ "port": 88 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TGS", @@ -118,7 +118,7 @@ "port": 88 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "TGS", diff --git a/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml index 6833fe5a210..d1d0b080a9b 100644 --- a/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: ["network", "authentication"] diff --git a/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known_certs.log-expected.json b/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known_certs.log-expected.json index f4acc25c3d7..3476b22f2bf 100644 --- a/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known_certs.log-expected.json +++ b/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known_certs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-12-31T15:15:53.690Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml index 1a08b943668..e04e8689d64 100644 --- a/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml @@ -17,7 +17,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known_hosts.log-expected.json b/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known_hosts.log-expected.json index c4fae98020f..61a9081c354 100644 --- a/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known_hosts.log-expected.json +++ b/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known_hosts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-01-03T01:19:26.260Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -35,7 +35,7 @@ { "@timestamp": "2021-01-03T01:19:27.353Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -67,7 +67,7 @@ { "@timestamp": "2021-01-03T01:19:32.488Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -99,7 +99,7 @@ { "@timestamp": "2021-01-03T01:19:58.792Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -131,7 +131,7 @@ { "@timestamp": "2021-01-03T12:17:22.496Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml index 74babbe4c71..fb90c04ac80 100644 --- a/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml @@ -17,7 +17,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known_services.log-expected.json b/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known_services.log-expected.json index 97efbd8caaf..58281f96d7c 100644 --- a/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known_services.log-expected.json +++ b/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known_services.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-01-03T01:19:36.242Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml index c824b8a42c6..482e556aa00 100644 --- a/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml @@ -17,7 +17,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json b/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json index b2ab760d806..5aed449da5a 100644 --- a/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json +++ b/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json @@ -8,7 +8,7 @@ "port": 502 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "READ_COILS", @@ -59,7 +59,7 @@ "port": 502 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "READ_COILS", diff --git a/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml index eadf6392956..03a69cf6739 100644 --- a/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json b/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json index b415e326e08..cb1fc1398eb 100644 --- a/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json +++ b/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json @@ -8,7 +8,7 @@ "port": 3306 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "query", @@ -63,7 +63,7 @@ "port": 3306 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "query", diff --git a/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml index 73cc853ac05..c0f63a3e919 100644 --- a/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json b/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json index c96cacb1cc9..84e32a47d62 100644 --- a/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json +++ b/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-11-04T19:44:35.879Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -137,7 +137,7 @@ { "@timestamp": "2021-03-30T09:49:00.958Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -194,7 +194,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -270,7 +270,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml index 0e1ff118bd8..1a949bf2f12 100644 --- a/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: alert - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: intrusion_detection diff --git a/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json b/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json index aee721c9b39..e95e79dcba6 100644 --- a/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json +++ b/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml index f9a93083419..9902afaebe4 100644 --- a/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json b/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json index 9dc1279df56..5976c9e61bb 100644 --- a/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json +++ b/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json @@ -26,7 +26,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", @@ -122,7 +122,7 @@ "port": 123 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml index 4c4b978b5f2..f98936983f4 100644 --- a/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json b/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json index 010d35ac4cd..95d65f3268d 100644 --- a/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json +++ b/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-06-10T13:27:01.847Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -41,7 +41,7 @@ { "@timestamp": "2011-06-08T19:46:56.100Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -76,7 +76,7 @@ { "@timestamp": "2011-06-08T19:46:56.100Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml index a3623d50642..298dcd824d0 100644 --- a/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: network.transport value: tcp diff --git a/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json b/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json index 38af29f3453..09d26c842f4 100644 --- a/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json +++ b/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-10-09T16:13:19.578Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -49,7 +49,7 @@ { "@timestamp": "2017-10-09T16:13:19.578Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml index d088ca43e66..b4403ef2ec5 100644 --- a/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: file diff --git a/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json b/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json index 69b99e53823..2478a501092 100644 --- a/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json +++ b/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json @@ -8,7 +8,7 @@ "port": 1812 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -67,7 +67,7 @@ "port": 1812 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml index 68bc5af8ec6..d894229551c 100644 --- a/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json b/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json index 7d0ca13c8ef..e43a44efbac 100644 --- a/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json +++ b/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json @@ -8,7 +8,7 @@ "port": 3389 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -65,7 +65,7 @@ "port": 3389 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml index 0b9239802b6..e0f8a1440df 100644 --- a/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json b/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json index 3185c231ad8..a551c07d02d 100644 --- a/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json +++ b/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json @@ -8,7 +8,7 @@ "port": 5900 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ "port": 5900 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml index d4a40669195..e7c709893b3 100644 --- a/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json b/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json index b188eddbaf3..ca4240d1363 100644 --- a/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json +++ b/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json @@ -26,7 +26,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml index 496fef99875..770f1c638d5 100644 --- a/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: alert diff --git a/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json b/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json index ea6626fbd25..1492f37e31d 100644 --- a/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json @@ -26,7 +26,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REGISTER", @@ -126,7 +126,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "INVITE", @@ -245,7 +245,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REGISTER", @@ -343,7 +343,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "OPTIONS", @@ -432,7 +432,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "OPTIONS", @@ -539,7 +539,7 @@ "port": 5060 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "REGISTER", diff --git a/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml index 5715594d2bb..65ea4b85ad3 100644 --- a/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json b/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json index 8778d4660a2..3ce6aca7260 100644 --- a/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json +++ b/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NT_CREATE_ANDX", @@ -74,7 +74,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "NT_CREATE_ANDX", diff --git a/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml index 95e997eaaf4..b0de33b8962 100644 --- a/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json b/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json index 5d8dd6e1557..bf656fc1580 100644 --- a/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json +++ b/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SMB::FILE_OPEN", @@ -78,7 +78,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "SMB::FILE_OPEN", diff --git a/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml index b83f7694983..1563413f8eb 100644 --- a/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json b/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json index 6faab414fa3..e6267dd4f70 100644 --- a/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json +++ b/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -58,7 +58,7 @@ "port": 445 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml index 16e5f99675a..3b950519bf2 100644 --- a/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json b/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json index 0c2767f1701..0a9f1354dfc 100644 --- a/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json +++ b/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json @@ -8,7 +8,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 25 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml index bb7b23af88a..60a5fb04330 100644 --- a/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json b/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json index 95d10024f49..0b4d82d69e9 100644 --- a/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json +++ b/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json @@ -8,7 +8,7 @@ "port": 161 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 161 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -145,7 +145,7 @@ "port": 161 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml index dc178f2c1f6..4b30d278bc6 100644 --- a/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json b/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json index c3ee99484db..a9ac5cffe9d 100644 --- a/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json +++ b/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json @@ -8,7 +8,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -66,7 +66,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml index 2550b213faa..8f94b1b5289 100644 --- a/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json b/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json index 773da936f8c..7015de42e2c 100644 --- a/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json +++ b/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-01-03T00:16:22.694Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml index 48db0aff86b..cdbaf46587e 100644 --- a/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml @@ -21,7 +21,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json b/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json index 87b984d74b5..3f138d41edc 100644 --- a/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json +++ b/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json @@ -8,7 +8,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -143,7 +143,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -214,7 +214,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -285,7 +285,7 @@ "port": 22 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml index 514d34d1d30..baf5ed09366 100644 --- a/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json b/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json index 7e5603217ef..ff14f1ffd7d 100644 --- a/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json +++ b/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json @@ -29,7 +29,7 @@ "port": 9243 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -154,7 +154,7 @@ "port": 9243 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -279,7 +279,7 @@ "port": 9243 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -386,7 +386,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -523,7 +523,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -587,7 +587,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -667,7 +667,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -747,7 +747,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -845,7 +845,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -919,7 +919,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1017,7 +1017,7 @@ "port": 9243 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -1124,7 +1124,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml index 449a24acde4..03e01fe992f 100644 --- a/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json b/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json index d77fac9a811..554bc0ed0dd 100644 --- a/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json +++ b/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2016-10-16T08:17:58.714Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -65,7 +65,7 @@ { "@timestamp": "2016-10-16T08:17:58.714Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml index cbff62956ee..d313c4aac62 100644 --- a/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: zeek.stats.mem target_field: zeek.stats.memory diff --git a/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json b/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json index 9c9048954f1..fb4fd1c51ba 100644 --- a/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json +++ b/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json @@ -8,7 +8,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -64,7 +64,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -120,7 +120,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -176,7 +176,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -232,7 +232,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -288,7 +288,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -344,7 +344,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -400,7 +400,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -456,7 +456,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -512,7 +512,7 @@ "port": 514 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml index 43bc9bfc50a..2d1ecfaad32 100644 --- a/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - set: field: network.protocol value: syslog diff --git a/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json b/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json index 24e31991b53..ca9cd4cd972 100644 --- a/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json +++ b/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -81,7 +81,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml index 0f3451e3043..42f8ab707c5 100644 --- a/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json b/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json index 4b890281863..50faa4a4f3f 100644 --- a/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json +++ b/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json @@ -26,7 +26,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Tunnel::DISCOVER", @@ -104,7 +104,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "Tunnel::DISCOVER", diff --git a/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index d118d8f285c..06ac4e2e98c 100644 --- a/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json b/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json index d2ed6f6ca88..bcc9934dc72 100644 --- a/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json +++ b/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json @@ -8,7 +8,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -48,7 +48,7 @@ { "@timestamp": "2020-01-28T16:00:59.342Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -80,7 +80,7 @@ "port": 53 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml index 7d2b1edcf35..769edeba106 100644 --- a/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json b/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json index 8fa0a412f49..635998f6faf 100644 --- a/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json +++ b/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-12-03T20:00:00.143Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -225,7 +225,7 @@ { "@timestamp": "2018-12-03T20:00:00.143Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml index ddaa08d64ba..ac55284daf2 100644 --- a/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - append: field: event.type value: info diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index f0e8a759886..afb95dfc9ae 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek Logs -version: 2.2.0 +version: "2.3.0" release: ga description: Collect and parse logs from Zeek network security with Elastic Agent. type: integration diff --git a/packages/zerofox/_dev/build/build.yml b/packages/zerofox/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/zerofox/_dev/build/build.yml +++ b/packages/zerofox/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/zerofox/changelog.yml b/packages/zerofox/changelog.yml index c23abcba564..82598c4c1f2 100644 --- a/packages/zerofox/changelog.yml +++ b/packages/zerofox/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.1" changes: - description: update readme added a ink to zerofox readme diff --git a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json index e0d30ca46fa..110d68d653e 100644 --- a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json +++ b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json @@ -3,182 +3,182 @@ { "@timestamp": "2021-04-29T18:56:51.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "created": "2017-01-10T11:00:00.000Z", + "id": "123456789", + "kind": "alert", + "original": "{ \"alert_type\": \"search query\", \"logs\": [{ \"id\": 205171631, \"timestamp\": \"2021-04-29T18:56:52+00:00\", \"actor\": \"ZeroFox Platform Specialist\", \"subject\": \"\", \"action\": \"modify tags\" }, { \"id\": 205171630, \"timestamp\": \"2021-04-29T18:56:51+00:00\", \"actor\": \"\", \"subject\": \"\", \"action\": \"open\" } ], \"offending_content_url\": \"hxxp://abc.biz?entity=123456\", \"asset_term\": \"\", \"assignee\": \"\", \"entity\": { \"id\": 123456, \"name\": \"abc.com\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1.jpg\", \"labels\": [{ \"id\": 17700, \"name\": \"Brand\" }], \"entity_group\": { \"id\": 2857, \"name\": \"Default\" } }, \"entity_term\": \"\", \"content_created_at\": \"2017-01-10T11:00:00+00:00\", \"id\": 123456789, \"protected_account\": \"\", \"severity\": 4, \"perpetrator\": { \"name\": \"Concealed\", \"display_name\": \"Concealed\", \"id\": 123456789, \"url\": \"hxxp://abc.biz?entity=123456\", \"content\": \"Variation of protected domain abc.com found: abc.biz\", \"type\": \"page\", \"timestamp\": \"2017-01-10T11:00:00+00:00\", \"network\": \"domains\" },\"rule_group_id\": 457, \"metadata\": \"{}\", \"status\": \"Open\", \"timestamp\": \"2021-04-29T18:56:51+00:00\", \"rule_name\": \"Advanced Domain Analysis - Typosquat Match\", \"last_modified\": \"2021-04-29T18:56:52Z\", \"protected_locations\": \"\", \"darkweb_term\": \"\", \"business_network\": \"\", \"reviewed\": false, \"escalated\": false, \"network\": \"domains\", \"protected_social_object\": \"\", \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 38160, \"entity_account\": \"\", \"entity_email_receiver_id\": \"\", \"tags\": [], \"asset\": { \"id\": 123456, \"name\": \"abc.com\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1.jpg\", \"labels\": [{ \"id\": 17700, \"name\": \"Brand\" }], \"entity_group\": { \"id\": 2857, \"name\": \"Default\" } } }", + "severity": 4, + "url": "hxxp://abc.biz?entity=123456" + }, + "network": { + "name": "domains" }, "rule": { - "name": "Advanced Domain Analysis - Typosquat Match", - "ruleset": "457", + "category": "search query", "id": "38160", - "category": "search query" + "name": "Advanced Domain Analysis - Typosquat Match", + "ruleset": "457" }, + "tags": [ + "preserve_original_event" + ], "zerofox": { - "reviewed": false, - "last_modified": "2021-04-29T18:56:52.000Z", - "perpetrator": { - "name": "Concealed", - "id": "123456789", - "display_name": "Concealed", - "type": "page", - "url": "hxxp://abc.biz?entity=123456", - "content": "Variation of protected domain abc.com found: abc.biz", - "timestamp": "2017-01-10T11:00:00.000Z", - "network": "domains" - }, "entity": { - "name": "abc.com", "entity_group": { - "name": "Default", - "id": "2857" + "id": "2857", + "name": "Default" }, - "image": "https://cdn.zerofox.com/media/entityimages/1.jpg", "id": "123456", + "image": "https://cdn.zerofox.com/media/entityimages/1.jpg", "labels": [ { - "name": "Brand", - "id": "17700" + "id": "17700", + "name": "Brand" } - ] + ], + "name": "abc.com" }, "escalated": false, + "last_modified": "2021-04-29T18:56:52.000Z", + "perpetrator": { + "content": "Variation of protected domain abc.com found: abc.biz", + "display_name": "Concealed", + "id": "123456789", + "name": "Concealed", + "network": "domains", + "timestamp": "2017-01-10T11:00:00.000Z", + "type": "page", + "url": "hxxp://abc.biz?entity=123456" + }, + "reviewed": false, "status": "Open" - }, - "event": { - "severity": 4, - "original": "{ \"alert_type\": \"search query\", \"logs\": [{ \"id\": 205171631, \"timestamp\": \"2021-04-29T18:56:52+00:00\", \"actor\": \"ZeroFox Platform Specialist\", \"subject\": \"\", \"action\": \"modify tags\" }, { \"id\": 205171630, \"timestamp\": \"2021-04-29T18:56:51+00:00\", \"actor\": \"\", \"subject\": \"\", \"action\": \"open\" } ], \"offending_content_url\": \"hxxp://abc.biz?entity=123456\", \"asset_term\": \"\", \"assignee\": \"\", \"entity\": { \"id\": 123456, \"name\": \"abc.com\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1.jpg\", \"labels\": [{ \"id\": 17700, \"name\": \"Brand\" }], \"entity_group\": { \"id\": 2857, \"name\": \"Default\" } }, \"entity_term\": \"\", \"content_created_at\": \"2017-01-10T11:00:00+00:00\", \"id\": 123456789, \"protected_account\": \"\", \"severity\": 4, \"perpetrator\": { \"name\": \"Concealed\", \"display_name\": \"Concealed\", \"id\": 123456789, \"url\": \"hxxp://abc.biz?entity=123456\", \"content\": \"Variation of protected domain abc.com found: abc.biz\", \"type\": \"page\", \"timestamp\": \"2017-01-10T11:00:00+00:00\", \"network\": \"domains\" },\"rule_group_id\": 457, \"metadata\": \"{}\", \"status\": \"Open\", \"timestamp\": \"2021-04-29T18:56:51+00:00\", \"rule_name\": \"Advanced Domain Analysis - Typosquat Match\", \"last_modified\": \"2021-04-29T18:56:52Z\", \"protected_locations\": \"\", \"darkweb_term\": \"\", \"business_network\": \"\", \"reviewed\": false, \"escalated\": false, \"network\": \"domains\", \"protected_social_object\": \"\", \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 38160, \"entity_account\": \"\", \"entity_email_receiver_id\": \"\", \"tags\": [], \"asset\": { \"id\": 123456, \"name\": \"abc.com\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1.jpg\", \"labels\": [{ \"id\": 17700, \"name\": \"Brand\" }], \"entity_group\": { \"id\": 2857, \"name\": \"Default\" } } }", - "created": "2017-01-10T11:00:00.000Z", - "kind": "alert", - "id": "123456789", - "url": "hxxp://abc.biz?entity=123456" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "name": "domains" } }, { "@timestamp": "2021-05-06T13:50:48.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" + }, + "event": { + "created": "2021-05-06T13:29:27.000Z", + "id": "137814029", + "kind": "alert", + "original": "{\"alert_type\": \"search query\", \"logs\": [{\"id\": 206587078, \"timestamp\": \"2021-05-06T13:50:48+00:00\", \"actor\": \"\", \"subject\": \"\", \"action\": \"open\"} ], \"offending_content_url\": \"https://twitter.com/NOWMG/status/1390297659475365894\", \"asset_term\": {\"id\": 673804, \"name\": \"#darksocial\", \"deleted\": false }, \"assignee\": \"\", \"entity\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entity_term\": {\"id\": 673804, \"name\": \"#darksocial\", \"deleted\": false }, \"content_created_at\": \"2021-05-06T13:29:27+00:00\", \"id\": 137814029, \"protected_account\": null, \"severity\": 1, \"perpetrator\": {\"id\": 6830162495, \"username\": \"NOWMG\", \"display_name\": \"NOW Marketing Group\", \"account_number\": \"178236715\", \"destination_account_number\": \"178236715\", \"parent_post_number\": null, \"parent_post_url\": null, \"parent_post_account_number\": null, \"post_number\": \"1390297659475365894\", \"network\": \"twitter\", \"image\": \"https://pbs.twimg.com/profile_images/1356266220065009667/dTlGFDCM.jpg\", \"url\": \"https://twitter.com/NOWMG/status/1390297659475365894\", \"type\": \"post\", \"post_type\": \"post\", \"timestamp\": \"2021-05-06T13:29:27+00:00\"}, \"rule_group_id\": null, \"asset\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entered_by\": \"\", \"metadata\": \"\", \"status\": \"Open\", \"timestamp\": \"2021-05-06T13:50:48+00:00\", \"rule_name\": \"Mentions\", \"last_modified\": \"2021-05-06T13:50:48Z\", \"protected_locations\": null, \"darkweb_term\": null, \"business_network\": null, \"reviewed\": false, \"escalated\": false, \"network\": \"twitter\", \"protected_social_object\": \"#darksocial\", \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 40816, \"entity_account\": null, \"entity_email_receiver_id\": null, \"tags\": [] }", + "severity": 1, + "url": "https://twitter.com/NOWMG/status/1390297659475365894" + }, + "network": { + "name": "twitter" }, "rule": { - "name": "Mentions", "category": "search query", - "id": "40816" + "id": "40816", + "name": "Mentions" }, + "tags": [ + "preserve_original_event" + ], "zerofox": { - "protected_social_object": "#darksocial", - "perpetrator": { - "account_number": "178236715", - "image": "https://pbs.twimg.com/profile_images/1356266220065009667/dTlGFDCM.jpg", - "destination_account_number": "178236715", - "post_type": "post", - "id": "6830162495", - "display_name": "NOW Marketing Group", - "type": "post", - "post_number": "1390297659475365894", - "url": "https://twitter.com/NOWMG/status/1390297659475365894", - "network": "twitter", - "username": "NOWMG", - "timestamp": "2021-05-06T13:29:27.000Z" - }, - "escalated": false, - "reviewed": false, - "last_modified": "2021-05-06T13:50:48.000Z", - "entity_term": { - "name": "#darksocial", - "deleted": false, - "id": "673804" - }, "entity": { - "name": "Dark Social", "entity_group": { - "name": "Default", - "id": "6444" + "id": "6444", + "name": "Default" }, - "image": "https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png", "id": "1181330", + "image": "https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png", "labels": [ { - "name": "brand", - "id": "2048750" + "id": "2048750", + "name": "brand" } - ] + ], + "name": "Dark Social" + }, + "entity_term": { + "deleted": false, + "id": "673804", + "name": "#darksocial" + }, + "escalated": false, + "last_modified": "2021-05-06T13:50:48.000Z", + "perpetrator": { + "account_number": "178236715", + "destination_account_number": "178236715", + "display_name": "NOW Marketing Group", + "id": "6830162495", + "image": "https://pbs.twimg.com/profile_images/1356266220065009667/dTlGFDCM.jpg", + "network": "twitter", + "post_number": "1390297659475365894", + "post_type": "post", + "timestamp": "2021-05-06T13:29:27.000Z", + "type": "post", + "url": "https://twitter.com/NOWMG/status/1390297659475365894", + "username": "NOWMG" }, + "protected_social_object": "#darksocial", + "reviewed": false, "status": "Open" + } + }, + { + "@timestamp": "2021-05-05T19:22:00.000Z", + "ecs": { + "version": "8.3.0" }, "event": { - "severity": 1, - "original": "{\"alert_type\": \"search query\", \"logs\": [{\"id\": 206587078, \"timestamp\": \"2021-05-06T13:50:48+00:00\", \"actor\": \"\", \"subject\": \"\", \"action\": \"open\"} ], \"offending_content_url\": \"https://twitter.com/NOWMG/status/1390297659475365894\", \"asset_term\": {\"id\": 673804, \"name\": \"#darksocial\", \"deleted\": false }, \"assignee\": \"\", \"entity\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entity_term\": {\"id\": 673804, \"name\": \"#darksocial\", \"deleted\": false }, \"content_created_at\": \"2021-05-06T13:29:27+00:00\", \"id\": 137814029, \"protected_account\": null, \"severity\": 1, \"perpetrator\": {\"id\": 6830162495, \"username\": \"NOWMG\", \"display_name\": \"NOW Marketing Group\", \"account_number\": \"178236715\", \"destination_account_number\": \"178236715\", \"parent_post_number\": null, \"parent_post_url\": null, \"parent_post_account_number\": null, \"post_number\": \"1390297659475365894\", \"network\": \"twitter\", \"image\": \"https://pbs.twimg.com/profile_images/1356266220065009667/dTlGFDCM.jpg\", \"url\": \"https://twitter.com/NOWMG/status/1390297659475365894\", \"type\": \"post\", \"post_type\": \"post\", \"timestamp\": \"2021-05-06T13:29:27+00:00\"}, \"rule_group_id\": null, \"asset\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entered_by\": \"\", \"metadata\": \"\", \"status\": \"Open\", \"timestamp\": \"2021-05-06T13:50:48+00:00\", \"rule_name\": \"Mentions\", \"last_modified\": \"2021-05-06T13:50:48Z\", \"protected_locations\": null, \"darkweb_term\": null, \"business_network\": null, \"reviewed\": false, \"escalated\": false, \"network\": \"twitter\", \"protected_social_object\": \"#darksocial\", \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 40816, \"entity_account\": null, \"entity_email_receiver_id\": null, \"tags\": [] }", - "created": "2021-05-06T13:29:27.000Z", + "created": "2014-08-09T16:00:16.000Z", + "id": "137731395", "kind": "alert", - "id": "137814029", - "url": "https://twitter.com/NOWMG/status/1390297659475365894" + "original": "{\"alert_type\": \"impersonating account\", \"logs\": [{\"id\": 206433935, \"timestamp\": \"2021-05-05T19:36:38+00:00\", \"actor\": \"jedmunds@zerofox.com\", \"subject\": \"\", \"action\": \"review\"}, {\"id\": 206431230, \"timestamp\": \"2021-05-05T19:22:00+00:00\", \"actor\": \"jedmunds@zerofox.com\", \"subject\": \"\", \"action\": \"open\"} ], \"offending_content_url\": \"https://twitter.com/TheDarkSocial\", \"asset_term\": null, \"assignee\": \"\", \"entity\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entity_term\": null, \"content_created_at\": \"2014-08-09T16:00:16+00:00\", \"id\": 137731395, \"protected_account\": null, \"severity\": 1, \"perpetrator\": {\"id\": 958871039, \"username\": \"TheDarkSocial\", \"display_name\": \"Dark Social\", \"account_number\": \"2719621658\", \"image\": \"https://pbs.twimg.com/profile_images/498137972940603392/45HEzP-B.jpeg\", \"network\": \"twitter\", \"url\": \"https://twitter.com/TheDarkSocial\", \"type\": \"account\", \"timestamp\": \"2014-08-09T16:00:16+00:00\"}, \"rule_group_id\": 4, \"asset\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entered_by\": \"jedmunds@zerofox.com\", \"metadata\": \"\", \"status\": \"Open\", \"timestamp\": \"2021-05-05T19:22:00+00:00\", \"rule_name\": \"Impersonation - Name\", \"last_modified\": \"2021-05-05T19:36:38Z\", \"protected_locations\": null, \"darkweb_term\": null, \"business_network\": null, \"reviewed\": true, \"escalated\": false, \"network\": \"twitter\", \"protected_social_object\": null, \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 32, \"entity_account\": null, \"entity_email_receiver_id\": null, \"tags\": [] }", + "severity": 1, + "url": "https://twitter.com/TheDarkSocial" }, - "tags": [ - "preserve_original_event" - ], "network": { "name": "twitter" - } - }, - { - "@timestamp": "2021-05-05T19:22:00.000Z", - "ecs": { - "version": "8.2.0" }, "rule": { - "name": "Impersonation - Name", - "ruleset": "4", + "category": "impersonating account", "id": "32", - "category": "impersonating account" + "name": "Impersonation - Name", + "ruleset": "4" }, + "tags": [ + "preserve_original_event" + ], "zerofox": { - "reviewed": true, - "last_modified": "2021-05-05T19:36:38.000Z", - "perpetrator": { - "account_number": "2719621658", - "image": "https://pbs.twimg.com/profile_images/498137972940603392/45HEzP-B.jpeg", - "id": "958871039", - "display_name": "Dark Social", - "type": "account", - "url": "https://twitter.com/TheDarkSocial", - "username": "TheDarkSocial", - "network": "twitter", - "timestamp": "2014-08-09T16:00:16.000Z" - }, "entity": { - "name": "Dark Social", "entity_group": { - "name": "Default", - "id": "6444" + "id": "6444", + "name": "Default" }, - "image": "https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png", "id": "1181330", + "image": "https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png", "labels": [ { - "name": "brand", - "id": "2048750" + "id": "2048750", + "name": "brand" } - ] + ], + "name": "Dark Social" }, "escalated": false, + "last_modified": "2021-05-05T19:36:38.000Z", + "perpetrator": { + "account_number": "2719621658", + "display_name": "Dark Social", + "id": "958871039", + "image": "https://pbs.twimg.com/profile_images/498137972940603392/45HEzP-B.jpeg", + "network": "twitter", + "timestamp": "2014-08-09T16:00:16.000Z", + "type": "account", + "url": "https://twitter.com/TheDarkSocial", + "username": "TheDarkSocial" + }, + "reviewed": true, "status": "Open" - }, - "event": { - "severity": 1, - "original": "{\"alert_type\": \"impersonating account\", \"logs\": [{\"id\": 206433935, \"timestamp\": \"2021-05-05T19:36:38+00:00\", \"actor\": \"jedmunds@zerofox.com\", \"subject\": \"\", \"action\": \"review\"}, {\"id\": 206431230, \"timestamp\": \"2021-05-05T19:22:00+00:00\", \"actor\": \"jedmunds@zerofox.com\", \"subject\": \"\", \"action\": \"open\"} ], \"offending_content_url\": \"https://twitter.com/TheDarkSocial\", \"asset_term\": null, \"assignee\": \"\", \"entity\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entity_term\": null, \"content_created_at\": \"2014-08-09T16:00:16+00:00\", \"id\": 137731395, \"protected_account\": null, \"severity\": 1, \"perpetrator\": {\"id\": 958871039, \"username\": \"TheDarkSocial\", \"display_name\": \"Dark Social\", \"account_number\": \"2719621658\", \"image\": \"https://pbs.twimg.com/profile_images/498137972940603392/45HEzP-B.jpeg\", \"network\": \"twitter\", \"url\": \"https://twitter.com/TheDarkSocial\", \"type\": \"account\", \"timestamp\": \"2014-08-09T16:00:16+00:00\"}, \"rule_group_id\": 4, \"asset\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entered_by\": \"jedmunds@zerofox.com\", \"metadata\": \"\", \"status\": \"Open\", \"timestamp\": \"2021-05-05T19:22:00+00:00\", \"rule_name\": \"Impersonation - Name\", \"last_modified\": \"2021-05-05T19:36:38Z\", \"protected_locations\": null, \"darkweb_term\": null, \"business_network\": null, \"reviewed\": true, \"escalated\": false, \"network\": \"twitter\", \"protected_social_object\": null, \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 32, \"entity_account\": null, \"entity_email_receiver_id\": null, \"tags\": [] }", - "created": "2014-08-09T16:00:16.000Z", - "kind": "alert", - "id": "137731395", - "url": "https://twitter.com/TheDarkSocial" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "name": "twitter" } } ] diff --git a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 1f26dc9c1e0..75a24d305a1 100644 --- a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: ## ECS version. - set: field: ecs.version - value: "8.2.0" + value: "8.3.0" ## Event JSON decoding. - rename: diff --git a/packages/zerofox/manifest.yml b/packages/zerofox/manifest.yml index 1fa5e21ffa0..bb715d9c16a 100644 --- a/packages/zerofox/manifest.yml +++ b/packages/zerofox/manifest.yml @@ -1,6 +1,6 @@ name: zerofox title: ZeroFox -version: 1.3.1 +version: "1.4.0" release: ga description: Collect data from ZeroFox Cloud Platform with Elastic Agent. type: integration diff --git a/packages/zoom/_dev/build/build.yml b/packages/zoom/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/zoom/_dev/build/build.yml +++ b/packages/zoom/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/zoom/changelog.yml b/packages/zoom/changelog.yml index 73b7806e5e5..1b221192ec2 100644 --- a/packages/zoom/changelog.yml +++ b/packages/zoom/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.3.1" changes: - description: Fix content-type handling. diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json index 52245b2e5f7..1e10a8efe17 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json @@ -1,143 +1,133 @@ { "expected": [ { + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "account.created", + "category": [ + "iam" + ], + "kind": [ + "event" + ], + "type": [ + "user", + "creation" + ] + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLohghhRgfgrbTayCX6r2Q_qQsQ", "e2ZHO5RSGqyfrmFnElxw" ] }, + "user": { + "email": "youramazingemailhere@somemail.com", + "id": "uLohghhRgfgrbTayCX6r2Q_qQsQ", + "target": { + "email": "thesubaccountowneremail@somemail.com", + "id": "e2ZHO5RSGqyfrmFnElxw" + } + }, "zoom": { - "master_account_id": "lq8KK_EoRCq6ByEyA73qCA", - "sub_account_id": "aIxE1yiRR8WghhUIO6eu9L", - "operator_id": "uLohghhRgfgrbTayCX6r2Q_qQsQ", - "operator": "youramazingemailhere@somemail.com", "account": { "owner_email": "thesubaccountowneremail@somemail.com", "owner_id": "e2ZHO5RSGqyfrmFnElxw" - } + }, + "master_account_id": "lq8KK_EoRCq6ByEyA73qCA", + "operator": "youramazingemailhere@somemail.com", + "operator_id": "uLohghhRgfgrbTayCX6r2Q_qQsQ", + "sub_account_id": "aIxE1yiRR8WghhUIO6eu9L" + } + }, + { + "@timestamp": "2019-07-01T17:03:04.527Z", + "ecs": { + "version": "8.3.0" }, "event": { - "action": "account.created", + "action": "account.updated", "category": [ "iam" ], - "type": [ - "user", - "creation" - ], "kind": [ "event" + ], + "type": [ + "user", + "change" ] }, - "user": { - "email": "youramazingemailhere@somemail.com", - "id": "uLohghhRgfgrbTayCX6r2Q_qQsQ", - "target": { - "email": "thesubaccountowneremail@somemail.com", - "id": "e2ZHO5RSGqyfrmFnElxw" - } - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2019-07-01T17:03:04.527Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "iKoRgfbaTazDX6r2Q_eQsQL", "eFs_EGRCq6ByEyA73qCA" ] }, + "user": { + "changes": { + "full_name": "Michael Harris", + "name": "MH" + }, + "email": "theoperatoremail@someemail.com", + "id": "iKoRgfbaTazDX6r2Q_eQsQL", + "target": { + "full_name": "Mike Harris", + "id": "eFs_EGRCq6ByEyA73qCA" + } + }, "zoom": { + "account": { + "account_alias": "MH", + "account_name": "Michael Harris" + }, + "master_account_id": "abKKcd_IGRCq63yEy673lCA", "old_values": { "account_name": "Mike Harris", "id": "eFs_EGRCq6ByEyA73qCA" }, - "master_account_id": "abKKcd_IGRCq63yEy673lCA", - "sub_account_id": "eFs_EGRCq6ByEyA73qCA", - "operator_id": "iKoRgfbaTazDX6r2Q_eQsQL", "operator": "theoperatoremail@someemail.com", - "account": { - "account_alias": "MH", - "account_name": "Michael Harris" - } + "operator_id": "iKoRgfbaTazDX6r2Q_eQsQL", + "sub_account_id": "eFs_EGRCq6ByEyA73qCA" + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "account.updated", + "action": "account.disassociated", "category": [ "iam" ], + "kind": [ + "event" + ], "type": [ "user", "change" - ], - "kind": [ - "event" ] }, - "user": { - "changes": { - "name": "MH", - "full_name": "Michael Harris" - }, - "id": "iKoRgfbaTazDX6r2Q_eQsQL", - "email": "theoperatoremail@someemail.com", - "target": { - "full_name": "Mike Harris", - "id": "eFs_EGRCq6ByEyA73qCA" - } - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "gdjfdhjLsuhfvhjd", "eZbcHO5RSGqyKAUmFnElxw" ] }, - "zoom": { - "master_account_id": "aBcd_dgfoeq6ByEyA73qCA", - "sub_account_id": "LdjkfxE1yiRR8Wdfggeu9LfBQ", - "operator_id": "gdjfdhjLsuhfvhjd", - "operator": "youremail@someemail.com", - "account": { - "owner_email": "theowneremail@someemail.com", - "owner_id": "eZbcHO5RSGqyKAUmFnElxw" - } - }, - "event": { - "action": "account.disassociated", - "category": [ - "iam" - ], - "type": [ - "user", - "change" - ], - "kind": [ - "event" - ] - }, "user": { "email": "youremail@someemail.com", "id": "gdjfdhjLsuhfvhjd", @@ -145,6 +135,16 @@ "email": "theowneremail@someemail.com", "id": "eZbcHO5RSGqyKAUmFnElxw" } + }, + "zoom": { + "account": { + "owner_email": "theowneremail@someemail.com", + "owner_id": "eZbcHO5RSGqyKAUmFnElxw" + }, + "master_account_id": "aBcd_dgfoeq6ByEyA73qCA", + "operator": "youremail@someemail.com", + "operator_id": "gdjfdhjLsuhfvhjd", + "sub_account_id": "LdjkfxE1yiRR8Wdfggeu9LfBQ" } } ] diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json index 803d8188705..7e0796b4049 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json @@ -1,14 +1,23 @@ { "expected": [ { + "@timestamp": "2020-02-10T21:39:50.388Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "chat_channel.created", + "kind": [ + "event" + ], + "type": [ + "creation" + ] + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2020-02-10T21:39:50.388Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8dfgdfguQrdfgdf", @@ -17,115 +26,115 @@ "sdfdsfdsKIrrCYw" ] }, + "user": { + "email": "somememai@gmtsffjdfhail.com", + "id": "z8dfgdfguQrdfgdf" + }, "zoom": { + "account_id": "vbbvnvAdsfe", "chat_channel": { + "id": "6dfgdfgdg444447b0egga", "name": "Delivering Happiness", - "type": 1, - "id": "6dfgdfgdg444447b0egga" + "type": 1 }, - "account_id": "vbbvnvAdsfe", - "operator_id": "z8dfgdfguQrdfgdf", - "operator": "somememai@gmtsffjdfhail.com" + "operator": "somememai@gmtsffjdfhail.com", + "operator_id": "z8dfgdfguQrdfgdf" + } + }, + { + "@timestamp": "2020-02-10T21:59:05.584Z", + "ecs": { + "version": "8.3.0" }, "event": { - "action": "chat_channel.created", - "type": [ - "creation" - ], + "action": "chat_channel.updated", "kind": [ "event" + ], + "type": [ + "change" ] }, - "user": { - "email": "somememai@gmtsffjdfhail.com", - "id": "z8dfgdfguQrdfgdf" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2020-02-10T21:59:05.584Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8dfgdfguQrdfgdf" ] }, + "user": { + "email": "somememai@gmtsffjdfhail.com", + "id": "z8dfgdfguQrdfgdf" + }, "zoom": { + "account_id": "vbbvnvAdsfe", "chat_channel": { + "id": "6dfgdfgdg444447b0egga", "name": "Building Happy", - "type": 1, - "id": "6dfgdfgdg444447b0egga" + "type": 1 }, - "account_id": "vbbvnvAdsfe", - "operator_id": "z8dfgdfguQrdfgdf", - "operator": "somememai@gmtsffjdfhail.com" + "operator": "somememai@gmtsffjdfhail.com", + "operator_id": "z8dfgdfguQrdfgdf" + } + }, + { + "@timestamp": "2020-02-10T21:59:05.584Z", + "ecs": { + "version": "8.3.0" }, "event": { - "action": "chat_channel.updated", - "type": [ - "change" - ], + "action": "chat_channel.deleted", "kind": [ "event" + ], + "type": [ + "deletion" ] }, - "user": { - "email": "somememai@gmtsffjdfhail.com", - "id": "z8dfgdfguQrdfgdf" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2020-02-10T21:59:05.584Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8dfgdfguQrdfgdf" ] }, + "user": { + "email": "somememai@gmtsffjdfhail.com", + "id": "z8dfgdfguQrdfgdf" + }, "zoom": { + "account_id": "vbbvnvAdsfe", "chat_channel": { + "id": "6dfgdfgdg444447b0egga", "name": "Building Happy", - "type": 1, - "id": "6dfgdfgdg444447b0egga" + "type": 1 }, - "account_id": "vbbvnvAdsfe", - "operator_id": "z8dfgdfguQrdfgdf", - "operator": "somememai@gmtsffjdfhail.com" + "operator": "somememai@gmtsffjdfhail.com", + "operator_id": "z8dfgdfguQrdfgdf" + } + }, + { + "@timestamp": "2020-02-10T21:39:50.388Z", + "ecs": { + "version": "8.3.0" }, "event": { - "action": "chat_channel.deleted", - "type": [ - "deletion" - ], + "action": "chat_channel.member_invited", "kind": [ "event" + ], + "type": [ + "user" ] }, - "user": { - "email": "somememai@gmtsffjdfhail.com", - "id": "z8dfgdfguQrdfgdf" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2020-02-10T21:39:50.388Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8dfgdfguQrdfgdf", @@ -133,104 +142,95 @@ "s0hhFOCYw" ] }, + "user": { + "email": "somememai@gmtsffjdfhail.com", + "id": "z8dfgdfguQrdfgdf" + }, "zoom": { + "account_id": "vbbvnvAdsfe", "chat_channel": { + "id": "6dfgdfgdg444447b0egga", "name": "Delivering Happiness", - "type": 1, - "id": "6dfgdfgdg444447b0egga" + "type": 1 }, - "account_id": "vbbvnvAdsfe", - "operator_id": "z8dfgdfguQrdfgdf", - "operator": "somememai@gmtsffjdfhail.com" + "operator": "somememai@gmtsffjdfhail.com", + "operator_id": "z8dfgdfguQrdfgdf" + } + }, + { + "@timestamp": "2020-02-10T21:39:50.388Z", + "ecs": { + "version": "8.3.0" }, "event": { - "action": "chat_channel.member_invited", - "type": [ - "user" - ], + "action": "chat_channel.member_joined", "kind": [ "event" + ], + "type": [ + "user" ] }, - "user": { - "email": "somememai@gmtsffjdfhail.com", - "id": "z8dfgdfguQrdfgdf" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2020-02-10T21:39:50.388Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8dfgdfguQrdfgdf" ] }, + "user": { + "email": "somememai@gmtsffjdfhail.com", + "id": "z8dfgdfguQrdfgdf" + }, "zoom": { + "account_id": "vbbvnvAdsfe", "chat_channel": { + "id": "6dfgdfgdg444447b0egga", "name": "Delivering Happiness", - "type": 1, - "id": "6dfgdfgdg444447b0egga" + "type": 1 }, - "account_id": "vbbvnvAdsfe", - "operator_id": "z8dfgdfguQrdfgdf", - "operator": "somememai@gmtsffjdfhail.com" + "operator": "somememai@gmtsffjdfhail.com", + "operator_id": "z8dfgdfguQrdfgdf" + } + }, + { + "@timestamp": "2020-02-10T21:39:50.388Z", + "ecs": { + "version": "8.3.0" }, "event": { - "action": "chat_channel.member_joined", - "type": [ - "user" - ], + "action": "chat_channel.member_left", "kind": [ "event" + ], + "type": [ + "user" ] }, - "user": { - "email": "somememai@gmtsffjdfhail.com", - "id": "z8dfgdfguQrdfgdf" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2020-02-10T21:39:50.388Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8dfgdfguQrdfgdf" ] }, + "user": { + "email": "somememai@gmtsffjdfhail.com", + "id": "z8dfgdfguQrdfgdf" + }, "zoom": { + "account_id": "vbbvnvAdsfe", "chat_channel": { + "id": "6dfgdfgdg444447b0egga", "name": "Delivering Happiness", - "type": 1, - "id": "6dfgdfgdg444447b0egga" + "type": 1 }, - "account_id": "vbbvnvAdsfe", - "operator_id": "z8dfgdfguQrdfgdf", - "operator": "somememai@gmtsffjdfhail.com" - }, - "event": { - "action": "chat_channel.member_left", - "type": [ - "user" - ], - "kind": [ - "event" - ] - }, - "user": { - "email": "somememai@gmtsffjdfhail.com", - "id": "z8dfgdfguQrdfgdf" + "operator": "somememai@gmtsffjdfhail.com", + "operator_id": "z8dfgdfguQrdfgdf" } } ] diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json index fe24b6ba896..20006257712 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json @@ -1,128 +1,128 @@ { "expected": [ { + "@timestamp": "2020-02-11T22:02:11.930Z", + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "chat_message.sent", + "kind": [ + "event" + ], + "type": [ + "info", + "creation" + ] + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2020-02-11T22:02:11.930Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "zfdgdfgdfgfp8uQ" ] }, + "user": { + "email": "someoperatoremail@somekindofmailservice123.com", + "id": "zfdgdfgdfgfp8uQ" + }, "zoom": { "account_id": "EPsdvdsgfdgxHMA", "chat_message": { + "channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "channel_name": "AlwaysBeCodingChannel", - "session_id": "fcffdgfgffghfghgfhghgb10", "id": "EwwwwA-87F4-222222-8CD9-FA00000E6B9", "message": "asd", - "type": "to_channel", - "channel_id": "fsdgdgdgdfgdfgdfgdfgb10" + "session_id": "fcffdgfgffghfghgfhghgb10", + "type": "to_channel" }, - "operator_id": "zfdgdfgdfgfp8uQ", - "operator": "someoperatoremail@somekindofmailservice123.com" + "operator": "someoperatoremail@somekindofmailservice123.com", + "operator_id": "zfdgdfgdfgfp8uQ" + } + }, + { + "@timestamp": "2020-02-11T23:00:08.594Z", + "ecs": { + "version": "8.3.0" }, "event": { - "action": "chat_message.sent", - "type": [ - "info", - "creation" - ], + "action": "chat_message.updated", "kind": [ "event" + ], + "type": [ + "info", + "change" ] }, - "user": { - "email": "someoperatoremail@somekindofmailservice123.com", - "id": "zfdgdfgdfgfp8uQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2020-02-11T23:00:08.594Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "zfdgdfgdfgfp8uQ" ] }, + "user": { + "email": "someoperatoremail@somekindofmailservice123.com", + "id": "zfdgdfgdfgfp8uQ" + }, "zoom": { "account_id": "EPsdvdsgfdgxHMA", "chat_message": { + "channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "channel_name": "AlwaysBeCodingChannel", - "session_id": "fcffdgfgffghfghgfhghgb10", "id": "Ell123-87F4-222222-8CD9-FA00000E6B9", "message": "gfd", - "type": "to_channel", - "channel_id": "fsdgdgdgdfgdfgdfgdfgb10" + "session_id": "fcffdgfgffghfghgfhghgb10", + "type": "to_channel" }, - "operator_id": "zfdgdfgdfgfp8uQ", - "operator": "someoperatoremail@somekindofmailservice123.com" + "operator": "someoperatoremail@somekindofmailservice123.com", + "operator_id": "zfdgdfgdfgfp8uQ" + } + }, + { + "@timestamp": "2020-02-11T23:00:08.594Z", + "ecs": { + "version": "8.3.0" }, "event": { "action": "chat_message.updated", + "kind": [ + "event" + ], "type": [ "info", "change" - ], - "kind": [ - "event" ] }, - "user": { - "email": "someoperatoremail@somekindofmailservice123.com", - "id": "zfdgdfgdfgfp8uQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2020-02-11T23:00:08.594Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "zfdgdfgdfgfp8uQ" ] }, + "user": { + "email": "someoperatoremail@somekindofmailservice123.com", + "id": "zfdgdfgdfgfp8uQ" + }, "zoom": { "account_id": "EPsdvdsgfdgxHMA", "chat_message": { + "channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "channel_name": "AlwaysBeCodingChannel", - "session_id": "fcffdgfgffghfghgfhghgb10", "id": "Ell123-87F4-222222-8CD9-FA00000E6B9", - "type": "to_channel", - "channel_id": "fsdgdgdgdfgdfgdfgdfgb10" + "session_id": "fcffdgfgffghfghgfhghgb10", + "type": "to_channel" }, - "operator_id": "zfdgdfgdfgfp8uQ", - "operator": "someoperatoremail@somekindofmailservice123.com" - }, - "event": { - "action": "chat_message.updated", - "type": [ - "info", - "change" - ], - "kind": [ - "event" - ] - }, - "user": { - "email": "someoperatoremail@somekindofmailservice123.com", - "id": "zfdgdfgdfgfp8uQ" + "operator": "someoperatoremail@somekindofmailservice123.com", + "operator_id": "zfdgdfgdfgfp8uQ" } } ] diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json index fc4b699ee8d..8b99429f81b 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json @@ -1,691 +1,691 @@ { "expected": [ { + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "meeting.alert", + "duration": 3600000000000, + "kind": [ + "event" + ], + "type": [ + "error" + ] + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8yCxTTTTSiw02QgCAp8uQ" ] }, + "user": { + "id": "z8yCxTTTTSiw02QgCAp8uQ" + }, "zoom": { "meeting": { + "host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "id": "6962400003", + "issues": "Unstable audio quality", "start_time": "2019-07-16T17:14:39Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": "6962400003", "type": 2, - "issues": "Unstable audio quality", - "uuid": "4118UHIiRCAAAtBlDkcVyw==", - "host_id": "z8yCxTTTTSiw02QgCAp8uQ" + "uuid": "4118UHIiRCAAAtBlDkcVyw==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { + "action": "meeting.created", "duration": 3600000000000, - "action": "meeting.alert", - "type": [ - "error" - ], "kind": [ "event" + ], + "type": [ + "info", + "creation" ] }, - "user": { - "id": "z8yCxTTTTSiw02QgCAp8uQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLoRgfbbTayCX6r2Q_qQsQ" ] }, + "user": { + "email": "someemail@email.com", + "id": "uLoRgfbbTayCX6r2Q_qQsQ" + }, "zoom": { "account_id": "o8KK_AAACq6BBEyA70CA", "meeting": { + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "id": 111111111, "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": 111111111, "type": 2, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, - "operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", - "operator": "someemail@email.com" + "operator": "someemail@email.com", + "operator_id": "uLoRgfbbTayCX6r2Q_qQsQ" + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "duration": 3600000000000, - "action": "meeting.created", - "type": [ - "info", - "creation" - ], + "action": "meeting.updated", + "duration": 7200000000000, "kind": [ "event" + ], + "type": [ + "info", + "change" ] }, - "user": { - "email": "someemail@email.com", - "id": "uLoRgfbbTayCX6r2Q_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "BBBBBBBBBB" ] }, + "url": { + "full": "https://zoom.us/j/00000000" + }, + "user": { + "email": "someemail@email.com", + "id": "BBBBBBBBBB" + }, "zoom": { + "account_id": "AAAAAAAAAAA", + "meeting": { + "id": 155184668, + "start_time": "2019-07-11T20:00:00Z", + "type": 2 + }, "old_values": { + "id": 155184668, + "join_url": "https://zoom.us/j/00000000", "settings": { "join_before_host": true, - "use_pmi": false, - "participant_video": true + "participant_video": true, + "use_pmi": false }, - "join_url": "https://zoom.us/j/00000000", - "id": 155184668, "type": 8 }, + "operator": "someemail@email.com", + "operator_id": "BBBBBBBBBB", "settings": { "join_before_host": false, - "use_pmi": true, - "participant_video": false - }, - "account_id": "AAAAAAAAAAA", - "meeting": { - "type": 2, - "start_time": "2019-07-11T20:00:00Z", - "id": 155184668 - }, - "operator_id": "BBBBBBBBBB", - "operator": "someemail@email.com" + "participant_video": false, + "use_pmi": true + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "duration": 7200000000000, - "action": "meeting.updated", - "type": [ - "info", - "change" - ], + "action": "meeting.deleted", + "duration": 3600000000000, "kind": [ "event" + ], + "type": [ + "info", + "deletion" ] }, - "user": { - "email": "someemail@email.com", - "id": "BBBBBBBBBB" - }, - "url": { - "full": "https://zoom.us/j/00000000" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "BBBBBBBBBB" ] }, + "user": { + "email": "someemail@email.com", + "id": "BBBBBBBBBB" + }, "zoom": { "account_id": "AAAAAAAAAA", "meeting": { + "host_id": "BBBBBBBBBB", + "id": 809321987, "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": 809321987, "type": 2, - "uuid": "KJpz1gbpTC8ke68xXmQa0==", - "host_id": "BBBBBBBBBB" + "uuid": "KJpz1gbpTC8ke68xXmQa0==" }, - "operator_id": "BBBBBBBBBB", - "operator": "someemail@email.com" + "operator": "someemail@email.com", + "operator_id": "BBBBBBBBBB" + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { + "action": "meeting.started", "duration": 3600000000000, - "action": "meeting.deleted", - "type": [ - "info", - "deletion" - ], "kind": [ "event" + ], + "type": [ + "info", + "start" ] }, - "user": { - "email": "someemail@email.com", - "id": "BBBBBBBBBB" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLoRgfbbTayCX6r2Q_qQsQ" ] }, + "user": { + "id": "uLoRgfbbTayCX6r2Q_qQsQ" + }, "zoom": { + "account_id": "o8KK_AAACq6BBEyA70CA", "meeting": { - "topic": "My Meeting", + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "id": "111111111", - "type": 2, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", "timezone": "America/Los_Angeles", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" - }, - "account_id": "o8KK_AAACq6BBEyA70CA" + "topic": "My Meeting", + "type": 2, + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "duration": 3600000000000, - "action": "meeting.started", - "type": [ - "info", - "start" - ], + "action": "meeting.ended", + "duration": 600000000000, "kind": [ "event" + ], + "type": [ + "info", + "end" ] }, - "user": { - "id": "uLoRgfbbTayCX6r2Q_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLoRgfbbTayCX6r2Q_qQsQ" ] }, + "user": { + "id": "uLoRgfbbTayCX6r2Q_qQsQ" + }, "zoom": { + "account_id": "o8KK_AAACq6BBEyA70CA", "meeting": { + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "id": "111111111", "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": "111111111", "type": 2, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" - }, - "account_id": "o8KK_AAACq6BBEyA70CA" + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "duration": 600000000000, - "action": "meeting.ended", - "type": [ - "info", - "end" - ], + "action": "meeting.registration_created", + "duration": 7200000000000, "kind": [ "event" + ], + "type": [ + "info", + "creation" ] }, - "user": { - "id": "uLoRgfbbTayCX6r2Q_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "url": { + "full": "https://zoom.us/w/someendpointhere" + }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "meeting": { + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, - "account_id": "lAAAAAAAAAAAAA", "registrant": { - "last_name": "Person", - "id": "U0BBBBBBBBBBfrUz1Q", - "first_name": "Cool", "email": "coolemail@email.com", + "first_name": "Cool", + "id": "U0BBBBBBBBBBfrUz1Q", + "last_name": "Person", "status": "approved" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "duration": 7200000000000, - "action": "meeting.registration_created", - "type": [ - "info", - "creation" - ], + "action": "meeting.registration_approved", + "duration": 3600000000000, "kind": [ "event" + ], + "type": [ + "info", + "allowed" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - }, - "url": { - "full": "https://zoom.us/w/someendpointhere" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "Lobbbbbbbbbb_qQsQ", "uLobbbbbbbbbb_qQsQ" ] }, + "user": { + "email": "somemail@email.com", + "id": "Lobbbbbbbbbb_qQsQ" + }, "zoom": { "account_id": "lAAAAAAAAAAAAA", - "registrant": { - "last_name": "Person", - "id": "U0BBBBBBBBBBfrUz1Q", - "first_name": "Cool", - "email": "coolemail@email.com" - }, "meeting": { + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, + "operator": "somemail@email.com", "operator_id": "Lobbbbbbbbbb_qQsQ", - "operator": "somemail@email.com" + "registrant": { + "email": "coolemail@email.com", + "first_name": "Cool", + "id": "U0BBBBBBBBBBfrUz1Q", + "last_name": "Person" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "duration": 3600000000000, - "action": "meeting.registration_approved", - "type": [ - "info", - "allowed" - ], + "action": "meeting.registration_cancelled", + "duration": 7200000000000, "kind": [ "event" + ], + "type": [ + "info" ] }, - "user": { - "email": "somemail@email.com", - "id": "Lobbbbbbbbbb_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { "account_id": "lAAAAAAAAAAAAA", - "registrant": { - "last_name": "Person", - "id": "U0BBBBBBBBBBfrUz1Q", - "first_name": "Cool", - "email": "coolemail@email.com" - }, "meeting": { + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, - "operator": "coolemail@email.com" + "operator": "coolemail@email.com", + "registrant": { + "email": "coolemail@email.com", + "first_name": "Cool", + "id": "U0BBBBBBBBBBfrUz1Q", + "last_name": "Person" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "duration": 7200000000000, - "action": "meeting.registration_cancelled", - "type": [ - "info" - ], + "action": "meeting.sharing_started", + "duration": 3600000000000, "kind": [ "event" + ], + "type": [ + "info", + "start" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "s0AAAASoSE1V8KIFOCYw", "z8yCxTTTTSiw02QgCAp8uQ" ] }, + "user": { + "full_name": "Arya Arya", + "id": "s0AAAASoSE1V8KIFOCYw" + }, "zoom": { + "account_id": "EPeQtiABC000VYxHMA", "meeting": { + "host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "id": "6962400003", "start_time": "2019-07-16T17:14:39Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": "6962400003", "type": 2, - "uuid": "4118UHIiRCAAAtBlDkcVyw==", - "host_id": "z8yCxTTTTSiw02QgCAp8uQ" + "uuid": "4118UHIiRCAAAtBlDkcVyw==" }, "participant": { "id": "s0AAAASoSE1V8KIFOCYw", - "user_id": "16778000", - "user_name": "Arya Arya", "sharing_details": { - "link_source": "in_meeting", "content": "application", + "link_source": "in_meeting", "source": "dropbox" - } - }, - "account_id": "EPeQtiABC000VYxHMA" + }, + "user_id": "16778000", + "user_name": "Arya Arya" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { + "action": "meeting.sharing_ended", "duration": 3600000000000, - "action": "meeting.sharing_started", - "type": [ - "info", - "start" - ], "kind": [ "event" + ], + "type": [ + "info", + "end" ] }, - "user": { - "full_name": "Arya Arya", - "id": "s0AAAASoSE1V8KIFOCYw" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "s0AAAASoSE1V8KIFOCYw", "z8yCxTTTTSiw02QgCAp8uQ" ] }, + "user": { + "full_name": "Arya Arya", + "id": "s0AAAASoSE1V8KIFOCYw" + }, "zoom": { + "account_id": "EPeQtiABC000VYxHMA", "meeting": { + "host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "id": "6962400003", "start_time": "2019-07-16T17:14:39Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": "6962400003", "type": 2, - "uuid": "4118UHIiRCAAAtBlDkcVyw==", - "host_id": "z8yCxTTTTSiw02QgCAp8uQ" + "uuid": "4118UHIiRCAAAtBlDkcVyw==" }, "participant": { "id": "s0AAAASoSE1V8KIFOCYw", - "user_id": "16778000", - "user_name": "Arya Arya", "sharing_details": { - "link_source": "in_meeting", - "source": "dropbox", + "content": "application", "date_time": "2019-07-16T17:19:11Z", - "content": "application" - } - }, - "account_id": "EPeQtiABC000VYxHMA" + "link_source": "in_meeting", + "source": "dropbox" + }, + "user_id": "16778000", + "user_name": "Arya Arya" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { + "action": "meeting.participant_jbh_waiting", "duration": 3600000000000, - "action": "meeting.sharing_ended", - "type": [ - "info", - "end" - ], "kind": [ "event" + ], + "type": [ + "info" ] }, - "user": { - "full_name": "Arya Arya", - "id": "s0AAAASoSE1V8KIFOCYw" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8yCxjjyTAAAA2QgCfp8uQ" ] }, + "user": { + "full_name": "Shrijana Shrijana", + "id": "z8yCxjjyTAAAA2QgCfp8uQ" + }, "zoom": { + "account_id": "EPeQti9EQsiyO30GVYxHMA", "meeting": { - "topic": "Mytestmeeting", + "host_id": "z8yCxjjyTAAAA2QgCfp8uQ", "id": "5590000000", - "type": 2, - "uuid": "WnxYNY9mQu6aSa/kYLu1lA==", "timezone": "America/Los_Angeles", - "host_id": "z8yCxjjyTAAAA2QgCfp8uQ" + "topic": "Mytestmeeting", + "type": 2, + "uuid": "WnxYNY9mQu6aSa/kYLu1lA==" }, "participant": { "user_name": "Shrijana Shrijana" - }, - "account_id": "EPeQti9EQsiyO30GVYxHMA" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { + "action": "meeting.participant_jbh_joined", "duration": 3600000000000, - "action": "meeting.participant_jbh_waiting", - "type": [ - "info" - ], "kind": [ "event" + ], + "type": [ + "info" ] }, - "user": { - "full_name": "Shrijana Shrijana", - "id": "z8yCxjjyTAAAA2QgCfp8uQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "zf8yCxjjyTSdteriw02QgCfp8uQ" ] }, + "user": { + "full_name": "Tom Harry", + "id": "zf8yCxjjyTSdteriw02QgCfp8uQ" + }, "zoom": { + "account_id": "APeeQti9ErttQsiyO30GVYxHMA", "meeting": { - "topic": "Mytestmeeting", + "host_id": "zf8yCxjjyTSdteriw02QgCfp8uQ", "id": "5594913504", - "type": 2, - "uuid": "WnxYNryyY9mQu6aSa/kYLu1lA==", "timezone": "America/Los_Angeles", - "host_id": "zf8yCxjjyTSdteriw02QgCfp8uQ" + "topic": "Mytestmeeting", + "type": 2, + "uuid": "WnxYNryyY9mQu6aSa/kYLu1lA==" }, "participant": { "user_name": "Tom Harry" - }, - "account_id": "APeeQti9ErttQsiyO30GVYxHMA" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { + "action": "meeting.participant_joined", "duration": 3600000000000, - "action": "meeting.participant_jbh_joined", - "type": [ - "info" - ], "kind": [ "event" + ], + "type": [ + "info" ] }, - "user": { - "full_name": "Tom Harry", - "id": "zf8yCxjjyTSdteriw02QgCfp8uQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "iFxeBPYun6SAiWUzBcEkX", "uLoRgfbbTayCX6r2Q_qQsQ" ] }, + "user": { + "full_name": "shree", + "id": "iFxeBPYun6SAiWUzBcEkX" + }, "zoom": { + "account_id": "o8KK_AAACq6BBEyA70CA", "meeting": { + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "id": "111111111", "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": "111111111", "type": 2, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, "participant": { + "id": "iFxeBPYun6SAiWUzBcEkX", "user_id": "167782040", - "user_name": "shree", - "id": "iFxeBPYun6SAiWUzBcEkX" - }, - "account_id": "o8KK_AAACq6BBEyA70CA" + "user_name": "shree" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { + "action": "meeting.participant_left", "duration": 3600000000000, - "action": "meeting.participant_joined", - "type": [ - "info" - ], "kind": [ "event" + ], + "type": [ + "info" ] }, - "user": { - "full_name": "shree", - "id": "iFxeBPYun6SAiWUzBcEkX" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "iFxeBPYun6SAiWUzBcEkX", "uLoRgfbbTayCX6r2Q_qQsQ" ] }, + "user": { + "full_name": "shree", + "id": "iFxeBPYun6SAiWUzBcEkX" + }, "zoom": { + "account_id": "o8KK_AAACq6BBEyA70CA", "meeting": { + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "id": "111111111", "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": "111111111", "type": 2, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, "participant": { + "id": "iFxeBPYun6SAiWUzBcEkX", "user_id": "167782040", - "user_name": "shree", - "id": "iFxeBPYun6SAiWUzBcEkX" - }, - "account_id": "o8KK_AAACq6BBEyA70CA" - }, - "event": { - "duration": 3600000000000, - "action": "meeting.participant_left", - "type": [ - "info" - ], - "kind": [ - "event" - ] - }, - "user": { - "full_name": "shree", - "id": "iFxeBPYun6SAiWUzBcEkX" + "user_name": "shree" + } } } ] diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json index aeafa9f8c7a..1fb2e252e90 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json @@ -1,478 +1,478 @@ { "expected": [ { + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "phone.caller_ringing", + "kind": [ + "event" + ], + "type": [ + "info", + "creation" + ] + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "cadsd32wA" ] }, + "source": { + "user": { + "id": "cadsd32wA" + } + }, "zoom": { + "account_id": "EPeQ33fdf34YxHMA", "phone": { - "ringing_start_time": "2020-07-22T01:41:55Z", + "call_id": "ddd5540", + "callee": { + "extension_number": 10800, + "phone_number": "10800" + }, "caller": { "device_type": "Android_Phone(5.1.2)", + "extension_number": 10803, "phone_number": "10803", - "user_id": "cadsd32wA", "timezone": "America/Los_Angeles", - "extension_number": 10803 - }, - "callee": { - "phone_number": "10800", - "extension_number": 10800 + "user_id": "cadsd32wA" }, - "call_id": "ddd5540" - }, - "account_id": "EPeQ33fdf34YxHMA" - }, - "source": { - "user": { - "id": "cadsd32wA" + "ringing_start_time": "2020-07-22T01:41:55Z" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "phone.caller_ringing", - "type": [ - "info", - "creation" - ], + "action": "phone.caller_connected", "kind": [ "event" + ], + "type": [ + "info", + "start" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "cajhdsf3wA" ] }, + "source": { + "user": { + "id": "cajhdsf3wA" + } + }, "zoom": { + "account_id": "EPeQdfg34VYxHMA", "phone": { - "ringing_start_time": "2020-07-22T01:41:55Z", - "connected_start_time": "2020-07-22T01:42:04Z", + "call_id": "684445540", + "callee": { + "extension_number": 10800, + "phone_number": "10800" + }, "caller": { "device_type": "Android_Phone", + "extension_number": 10803, "phone_number": "10803", - "user_id": "cajhdsf3wA", "timezone": "America/Los_Angeles", - "extension_number": 10803 + "user_id": "cajhdsf3wA" }, - "callee": { - "phone_number": "10800", - "extension_number": 10800 - }, - "call_id": "684445540" - }, - "account_id": "EPeQdfg34VYxHMA" - }, - "source": { - "user": { - "id": "cajhdsf3wA" + "connected_start_time": "2020-07-22T01:42:04Z", + "ringing_start_time": "2020-07-22T01:41:55Z" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "phone.caller_connected", - "type": [ - "info", - "start" - ], + "action": "phone.caller_ringing", "kind": [ "event" + ], + "type": [ + "info", + "creation" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8yCxjgjsuyd58uQ" ] }, + "source": { + "user": { + "id": "z8yCxjgjsuyd58uQ" + } + }, "zoom": { + "account_id": "cbvxnYyO30GVYxHMA", "phone": { - "ringing_start_time": "2020-07-22T01:38:40Z", + "call_id": "68sdsasdda7", + "callee": { + "phone_number": "16654444444444446" + }, "caller": { "device_type": "MAC_Client(5.1.2856436)", + "extension_number": 10800, "phone_number": "+1200000001", - "user_id": "z8yCxjgjsuyd58uQ", "timezone": "America/Los_Angeles", - "extension_number": 10800 + "user_id": "z8yCxjgjsuyd58uQ" }, - "callee": { - "phone_number": "16654444444444446" - }, - "call_id": "68sdsasdda7" - }, - "account_id": "cbvxnYyO30GVYxHMA" - }, - "source": { + "ringing_start_time": "2020-07-22T01:38:40Z" + } + } + }, + { + "destination": { "user": { - "id": "z8yCxjgjsuyd58uQ" + "id": "z8yCDSSQWSSWuQ" } }, + "ecs": { + "version": "8.3.0" + }, "event": { - "action": "phone.caller_ringing", - "type": [ - "info", - "creation" - ], + "action": "phone.callee_answered", "kind": [ "event" + ], + "type": [ + "info", + "start" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8yCDSSQWSSWuQ" ] }, - "destination": { - "user": { - "id": "z8yCDSSQWSSWuQ" - } - }, "zoom": { + "account_id": "EPsjdhgffgHMA", "phone": { "answer_start_time": "2020-07-22T01:42:04Z", - "ringing_start_time": "2020-07-22T01:41:56Z", - "caller": { - "phone_number": "10803", - "extension_number": 10803 - }, + "call_id": "685dfvhzsza5540", "callee": { "device_type": "MAC_Client", + "extension_number": 10800, "phone_number": "10800", - "user_id": "z8yCDSSQWSSWuQ", "timezone": "America/Los_Angeles", - "extension_number": 10800 + "user_id": "z8yCDSSQWSSWuQ" }, - "call_id": "685dfvhzsza5540" - }, - "account_id": "EPsjdhgffgHMA" + "caller": { + "extension_number": 10803, + "phone_number": "10803" + }, + "ringing_start_time": "2020-07-22T01:41:56Z" + } + } + }, + { + "destination": { + "user": { + "id": "z66jfgjdg2QgCfp8uQ" + } + }, + "ecs": { + "version": "8.3.0" }, "event": { - "action": "phone.callee_answered", - "type": [ - "info", - "start" - ], + "action": "phone.callee_missed", "kind": [ "event" + ], + "type": [ + "info", + "end" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z66jfgjdg2QgCfp8uQ" ] }, - "destination": { - "user": { - "id": "z66jfgjdg2QgCfp8uQ" - } - }, "zoom": { + "account_id": "EPeQjuh6768MA", "phone": { - "caller": { - "phone_number": "+1000000" - }, "call_end_time": "2020-07-22T21:09:24Z", + "call_id": "6dfdg07-22T21:09:17Z", "callee": { - "user_id": "z66jfgjdg2QgCfp8uQ", + "extension_number": "10800", "timezone": "America/Los_Angeles", - "extension_number": "10800" + "user_id": "z66jfgjdg2QgCfp8uQ" }, - "call_id": "6dfdg07-22T21:09:17Z" - }, - "account_id": "EPeQjuh6768MA" + "caller": { + "phone_number": "+1000000" + } + } + } + }, + { + "destination": { + "user": { + "id": "z66jfgjdg2QgCfp8uQ" + } + }, + "ecs": { + "version": "8.3.0" }, "event": { - "action": "phone.callee_missed", + "action": "phone.callee_ended", + "duration": 4000000000, + "end": "2020-07-22T21:09:24Z", + "kind": [ + "event" + ], + "start": "2020-07-22T21:09:20Z", "type": [ "info", "end" - ], - "kind": [ - "event" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z66jfgjdg2QgCfp8uQ" ] }, - "destination": { - "user": { - "id": "z66jfgjdg2QgCfp8uQ" - } - }, "zoom": { + "account_id": "EPeQjuh6768MA", "phone": { "answer_start_time": "2020-07-22T21:09:20Z", - "caller": { - "phone_number": "+1000000" - }, "call_end_time": "2020-07-22T21:09:24Z", + "call_id": "6dfdg07-22T21:09:17Z", "callee": { - "user_id": "z66jfgjdg2QgCfp8uQ", + "extension_number": "10800", "timezone": "America/Los_Angeles", - "extension_number": "10800" + "user_id": "z66jfgjdg2QgCfp8uQ" }, - "call_id": "6dfdg07-22T21:09:17Z" - }, - "account_id": "EPeQjuh6768MA" + "caller": { + "phone_number": "+1000000" + } + } + } + }, + { + "destination": { + "user": { + "id": "z66jfgjdg2QgCfp8uQ" + } + }, + "ecs": { + "version": "8.3.0" }, "event": { + "action": "phone.caller_ended", "duration": 4000000000, + "end": "2020-07-22T21:09:24Z", "kind": [ "event" ], "start": "2020-07-22T21:09:20Z", - "action": "phone.callee_ended", - "end": "2020-07-22T21:09:24Z", "type": [ "info", "end" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z66jfgjdg2QgCfp8uQ" ] }, - "destination": { - "user": { - "id": "z66jfgjdg2QgCfp8uQ" - } - }, "zoom": { + "account_id": "EPeQjuh6768MA", "phone": { "answer_start_time": "2020-07-22T21:09:20Z", - "caller": { - "phone_number": "+1000000" - }, "call_end_time": "2020-07-22T21:09:24Z", + "call_id": "6dfdg07-22T21:09:17Z", "callee": { - "user_id": "z66jfgjdg2QgCfp8uQ", + "extension_number": "10800", "timezone": "America/Los_Angeles", - "extension_number": "10800" + "user_id": "z66jfgjdg2QgCfp8uQ" }, - "call_id": "6dfdg07-22T21:09:17Z" - }, - "account_id": "EPeQjuh6768MA" + "caller": { + "phone_number": "+1000000" + } + } + } + }, + { + "destination": { + "user": { + "id": "sfcg43FOCYw" + } + }, + "ecs": { + "version": "8.3.0" }, "event": { - "duration": 4000000000, + "action": "phone.callee_rejected", + "duration": 6000000000, + "end": "2020-07-22T21:06:39Z", "kind": [ "event" ], - "start": "2020-07-22T21:09:20Z", - "action": "phone.caller_ended", - "end": "2020-07-22T21:09:24Z", + "start": "2020-07-22T21:06:33Z", "type": [ - "info", - "end" + "info" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "sfcg43FOCYw" ] }, - "destination": { - "user": { - "id": "sfcg43FOCYw" - } - }, "zoom": { + "account_id": "MKDRWo34535wow", "phone": { - "ringing_start_time": "2020-07-22T21:06:33Z", - "caller": { - "phone_number": "+12044444444" - }, "call_end_time": "2020-07-22T21:06:39Z", + "call_id": "6dfhggtrh93", "callee": { - "user_id": "sfcg43FOCYw", + "extension_number": "9001", "timezone": "America/Los_Angeles", - "extension_number": "9001" + "user_id": "sfcg43FOCYw" + }, + "caller": { + "phone_number": "+12044444444" }, - "call_id": "6dfhggtrh93" - }, - "account_id": "MKDRWo34535wow" + "ringing_start_time": "2020-07-22T21:06:33Z" + } + } + }, + { + "destination": { + "user": { + "id": "543234" + } + }, + "ecs": { + "version": "8.3.0" }, "event": { - "duration": 6000000000, + "action": "phone.voicemail_received", "kind": [ "event" ], - "start": "2020-07-22T21:06:33Z", - "action": "phone.callee_rejected", - "end": "2020-07-22T21:06:39Z", "type": [ "info" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "543234" ] }, - "destination": { - "user": { - "id": "543234" - } + "url": { + "full": "https://testurl.com/file.mp4" }, "zoom": { + "account_id": "test", "phone": { - "duration": 1235, - "caller": { - "name": "Testaccount", - "phone_number": "+12044444444", - "number_type": "3" - }, - "id": "235435", "callee": { - "name": "Testaccount2", - "phone_number": "+12044444444", + "extension_type": "2", "id": "1234", + "name": "Testaccount2", "number_type": "2", - "extension_type": "2", + "phone_number": "+12044444444", "user_id": "543234" - } - }, - "account_id": "test" + }, + "caller": { + "name": "Testaccount", + "number_type": "3", + "phone_number": "+12044444444" + }, + "duration": 1235, + "id": "235435" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "phone.voicemail_received", - "type": [ - "info" - ], + "action": "phone.caller_call_log_completed", "kind": [ "event" + ], + "type": [ + "info" ] }, - "url": { - "full": "https://testurl.com/file.mp4" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, "zoom": { + "account_id": "EPebnxvbdn342MA", "phone": { "user_id": "caddsfsdfv_VaHE53wA" - }, - "account_id": "EPebnxvbdn342MA" - }, + } + } + }, + { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { - "action": "phone.caller_call_log_completed", - "type": [ - "info" - ], + "action": "phone.callee_call_log_completed", "kind": [ "event" + ], + "type": [ + "info" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, "zoom": { + "account_id": "EPeQt3543hvxzc", "phone": { "user_id": "z8sdfsdfds3uQ" - }, - "account_id": "EPeQt3543hvxzc" - }, - "ecs": { - "version": "8.2.0" - }, - "event": { - "action": "phone.callee_call_log_completed", - "type": [ - "info" - ], - "kind": [ - "event" - ] + } } } ] diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json index 3673c15ed53..bed75aff08d 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json @@ -1,597 +1,597 @@ { "expected": [ { + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "recording.started", + "kind": [ + "event" + ], + "start": "2019-07-31T22:41:02Z", + "type": [ + "info", + "start" + ] + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 1, - "start_time": "2019-07-11T20:00:00Z", + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "recording_file": { "recording_start": "2019-07-31T22:41:02Z" }, + "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" - }, - "account_id": "lAAAAAAAAAAAAA" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "start": "2019-07-31T22:41:02Z", - "action": "recording.started", - "type": [ - "info", - "start" - ], + "action": "recording.paused", "kind": [ "event" + ], + "type": [ + "info", + "change" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 1, - "start_time": "2019-07-11T20:00:00Z", + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "recording_file": { "recording_start": "2019-07-31T22:41:02Z" }, + "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" - }, - "account_id": "lAAAAAAAAAAAAA" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.paused", + "action": "recording.resumed", + "kind": [ + "event" + ], "type": [ "info", "change" - ], - "kind": [ - "event" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 1, - "start_time": "2019-07-11T20:00:00Z", + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "recording_file": { "recording_start": "2019-07-31T22:45:02Z" }, + "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" - }, - "account_id": "lAAAAAAAAAAAAA" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.resumed", - "type": [ - "info", - "change" - ], + "action": "recording.stopped", + "end": "2019-07-31T22:43:29Z", "kind": [ "event" + ], + "type": [ + "info", + "end" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 8, - "start_time": "2019-07-11T20:00:00Z", + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "recording_file": { "recording_end": "2019-07-31T22:43:29Z", "recording_start": "2019-07-31T22:41:02Z" }, + "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" - }, - "account_id": "lAAAAAAAAAAAAA" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.stopped", - "end": "2019-07-31T22:43:29Z", + "action": "recording.completed", + "kind": [ + "event" + ], "type": [ "info", "end" - ], - "kind": [ - "event" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "url": { + "full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh" + }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 1, + "host_email": "somemeail@someemailservice.fjdjf", + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, + "recording_count": 4, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", - "total_size": 529758, - "recording_count": 4, "topic": "A test meeting", - "id": 150000008, + "total_size": 529758, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ", - "host_email": "somemeail@someemailservice.fjdjf" - }, - "account_id": "lAAAAAAAAAAAAA" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" + } + } + }, + { + "@timestamp": "2019-12-04T23:00:57.395Z", + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.completed", - "type": [ - "info", - "end" - ], + "action": "recording.renamed", "kind": [ "event" + ], + "type": [ + "info", + "change" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - }, - "url": { - "full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2019-12-04T23:00:57.395Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "zdhghgCfp8uQ" ] }, + "user": { + "email": "shrifdfdh@kjdmail.com", + "id": "zdhghgCfp8uQ" + }, "zoom": { + "account_id": "EPhgfhfghfYxHMA", "old_values": { - "topic": "My Fancy Recording Title", "id": 7000000, + "topic": "My Fancy Recording Title", "type": 1, "uuid": "9xxxkifpPUz+Ow==" }, + "operator": "shrifdfdh@kjdmail.com", + "operator_id": "zdhghgCfp8uQ", "recording": { - "topic": "Edited Recording Title", "id": 7000000, + "topic": "Edited Recording Title", "type": 1, "uuid": "9xxxkifpPUz+Ow==" - }, - "account_id": "EPhgfhfghfYxHMA", - "operator_id": "zdhghgCfp8uQ", - "operator": "shrifdfdh@kjdmail.com" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.renamed", - "type": [ - "info", - "change" - ], + "action": "recording.trashed", "kind": [ "event" + ], + "type": [ + "info", + "deletion" ] }, - "user": { - "email": "shrifdfdh@kjdmail.com", - "id": "zdhghgCfp8uQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "url": { + "full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh" + }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 1, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, + "recording_count": 4, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", - "total_size": 529758, - "recording_count": 4, "topic": "A test meeting", - "id": 150000008, + "total_size": 529758, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" - }, - "account_id": "lAAAAAAAAAAAAA" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.trashed", + "action": "recording.deleted", + "kind": [ + "event" + ], "type": [ "info", "deletion" - ], - "kind": [ - "event" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - }, - "url": { - "full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "url": { + "full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh" + }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 1, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, + "recording_count": 4, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", - "total_size": 529758, - "recording_count": 4, "topic": "A test meeting", - "id": 150000008, + "total_size": 529758, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" - }, - "account_id": "lAAAAAAAAAAAAA" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.deleted", - "type": [ - "info", - "deletion" - ], + "action": "recording.recovered", "kind": [ "event" + ], + "type": [ + "info", + "change" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - }, - "url": { - "full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "url": { + "full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh" + }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 1, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, + "recording_count": 4, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", - "total_size": 529758, - "recording_count": 4, "topic": "A test meeting", - "id": 150000008, + "total_size": 529758, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" - }, - "account_id": "lAAAAAAAAAAAAA" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.recovered", - "type": [ - "info", - "change" - ], + "action": "recording.transcript_completed", "kind": [ "event" + ], + "type": [ + "info", + "end" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - }, - "url": { - "full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ" ] }, + "url": { + "full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh" + }, + "user": { + "id": "uLobbbbbbbbbb_qQsQ" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 1, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, + "recording_count": 4, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", - "total_size": 529758, - "recording_count": 4, "topic": "A test meeting", - "id": 150000008, + "total_size": 529758, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" - }, - "account_id": "lAAAAAAAAAAAAA" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.transcript_completed", - "type": [ - "info", - "end" - ], + "action": "recording.registration_created", "kind": [ "event" + ], + "type": [ + "info", + "creation" ] }, - "user": { - "id": "uLobbbbbbbbbb_qQsQ" - }, - "url": { - "full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ", "U0BBBBBBBBBBfrUz1Q" ] }, + "user": { + "email": "coolemail@email.com", + "full_name": "Cool Person", + "id": "U0BBBBBBBBBBfrUz1Q" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 120, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, - "account_id": "lAAAAAAAAAAAAA", "registrant": { - "last_name": "Person", - "id": "U0BBBBBBBBBBfrUz1Q", + "email": "coolemail@email.com", "first_name": "Cool", - "email": "coolemail@email.com" + "id": "U0BBBBBBBBBBfrUz1Q", + "last_name": "Person" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.registration_created", - "type": [ - "info", - "creation" - ], + "action": "recording.registration_approved", "kind": [ "event" + ], + "type": [ + "info", + "allowed" ] }, - "user": { - "email": "coolemail@email.com", - "full_name": "Cool Person", - "id": "U0BBBBBBBBBBfrUz1Q" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ", "U0BBBBBBBBBBfrUz1Q" ] }, + "user": { + "email": "coolemail@email.com", + "full_name": "Cool Person", + "id": "U0BBBBBBBBBBfrUz1Q" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 120, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, - "account_id": "lAAAAAAAAAAAAA", "registrant": { - "last_name": "Person", - "id": "U0BBBBBBBBBBfrUz1Q", + "email": "coolemail@email.com", "first_name": "Cool", - "email": "coolemail@email.com" + "id": "U0BBBBBBBBBBfrUz1Q", + "last_name": "Person" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "recording.registration_approved", - "type": [ - "info", - "allowed" - ], + "action": "recording.registration_denied", "kind": [ "event" + ], + "type": [ + "info", + "denied" ] }, - "user": { - "email": "coolemail@email.com", - "full_name": "Cool Person", - "id": "U0BBBBBBBBBBfrUz1Q" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ", "U0BBBBBBBBBBfrUz1Q" ] }, + "user": { + "email": "coolemail@email.com", + "full_name": "Cool Person", + "id": "U0BBBBBBBBBBfrUz1Q" + }, "zoom": { + "account_id": "lAAAAAAAAAAAAA", "recording": { "duration": 120, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, - "account_id": "lAAAAAAAAAAAAA", "registrant": { - "last_name": "Person", - "id": "U0BBBBBBBBBBfrUz1Q", + "email": "coolemail@email.com", "first_name": "Cool", - "email": "coolemail@email.com" + "id": "U0BBBBBBBBBBfrUz1Q", + "last_name": "Person" } - }, - "event": { - "action": "recording.registration_denied", - "type": [ - "info", - "denied" - ], - "kind": [ - "event" - ] - }, - "user": { - "email": "coolemail@email.com", - "full_name": "Cool Person", - "id": "U0BBBBBBBBBBfrUz1Q" } } ] diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json index 07593caa4a7..663a510d519 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json @@ -1,173 +1,200 @@ { "expected": [ { + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "user.created", + "category": [ + "iam" + ], + "kind": [ + "event" + ] + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "abcD3ojfdbjfg" ] }, + "user": { + "email": "anawesomeuser@email.com", + "target": { + "email": "henrysemail@email.com", + "full_name": "Henry Phan", + "id": "abcD3ojfdbjfg" + } + }, "zoom": { "account_id": "AAAAAA", + "creation_type": "create", + "operator": "anawesomeuser@email.com", "user": { - "last_name": "Phan", - "id": "abcD3ojfdbjfg", - "type": "3", + "email": "henrysemail@email.com", "first_name": "Henry", - "email": "henrysemail@email.com" - }, - "operator": "anawesomeuser@email.com", - "creation_type": "create" + "id": "abcD3ojfdbjfg", + "last_name": "Phan", + "type": "3" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "user.created", + "action": "user.invitation_accepted", "category": [ "iam" ], "kind": [ "event" + ], + "type": [ + "creation" ] }, - "user": { - "email": "anawesomeuser@email.com", - "target": { - "email": "henrysemail@email.com", - "full_name": "Henry Phan", - "id": "abcD3ojfdbjfg" - } - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "sbyjt3ODg" ] }, + "user": { + "email": "maria@maria.developer.dfgfdgf", + "full_name": "Maria CoolPerson", + "id": "sbyjt3ODg" + }, "zoom": { + "account_id": "EPjyjVYxHMA", "user": { - "last_name": "CoolPerson", - "id": "sbyjt3ODg", - "type": 1, + "email": "maria@maria.developer.dfgfdgf", "first_name": "Maria", - "email": "maria@maria.developer.dfgfdgf" - }, - "account_id": "EPjyjVYxHMA" + "id": "sbyjt3ODg", + "last_name": "CoolPerson", + "type": 1 + } + } + }, + { + "@timestamp": "2019-07-19T18:10:54.861Z", + "ecs": { + "version": "8.3.0" }, "event": { - "action": "user.invitation_accepted", + "action": "user.updated", "category": [ "iam" ], - "type": [ - "creation" - ], "kind": [ "event" + ], + "type": [ + "creation", + "change" ] }, - "user": { - "email": "maria@maria.developer.dfgfdgf", - "full_name": "Maria CoolPerson", - "id": "sbyjt3ODg" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2019-07-19T18:10:54.861Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbb_qQsQ", "uLobbbbbbbb_qQsQ" ] }, + "user": { + "email": "shrija2016+dev_ma@gmail.com", + "id": "uLobbbbbbbb_qQsQ", + "target": { + "id": "uLobbbbbbbb_qQsQ" + } + }, "zoom": { + "account_id": "lAA_EBBBBBBB", "old_values": { "company": "NotZoom", "id": "uLobbbbbbbb_qQsQ" }, - "account_id": "lAA_EBBBBBBB", + "operator": "shrija2016+dev_ma@gmail.com", + "operator_id": "uLobbbbbbbb_qQsQ", "user": { "company": "Zoom", "id": "uLobbbbbbbb_qQsQ" - }, - "operator_id": "uLobbbbbbbb_qQsQ", - "operator": "shrija2016+dev_ma@gmail.com" + } + } + }, + { + "@timestamp": "2019-07-19T21:47:06.929Z", + "ecs": { + "version": "8.3.0" }, "event": { - "action": "user.updated", + "action": "user.settings_updated", "category": [ + "configuration", "iam" ], + "kind": [ + "event" + ], "type": [ "creation", "change" - ], - "kind": [ - "event" ] }, - "user": { - "email": "shrija2016+dev_ma@gmail.com", - "id": "uLobbbbbbbb_qQsQ", - "target": { - "id": "uLobbbbbbbb_qQsQ" - } - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2019-07-19T21:47:06.929Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLoRgfbbTayCX6r2Q_qQsQ", "uL34AAbbbbAAAAAAQsQ" ] }, + "user": { + "email": "iamtheoperator@gmail.com", + "id": "uLoRgfbbTayCX6r2Q_qQsQ", + "target": { + "id": "uL34AAbbbbAAAAAAQsQ" + } + }, "zoom": { + "account_id": "CAl6ByEyAq8KK_CCCCCC", "old_values": { + "id": "uL34AAbbbbAAAAAAQsQ", "settings": { "in_meeting": { "private_chat": true } - }, - "id": "uL34AAbbbbAAAAAAQsQ" + } }, + "operator": "iamtheoperator@gmail.com", + "operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", "settings": { "in_meeting": { "private_chat": false } }, - "account_id": "CAl6ByEyAq8KK_CCCCCC", "user": { "id": "uL34AAbbbbAAAAAAQsQ" - }, - "operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", - "operator": "iamtheoperator@gmail.com" + } + } + }, + { + "@timestamp": "2020-06-29T17:32:19.427Z", + "ecs": { + "version": "8.3.0" }, "event": { "action": "user.settings_updated", @@ -175,115 +202,76 @@ "configuration", "iam" ], + "kind": [ + "event" + ], "type": [ "creation", "change" - ], - "kind": [ - "event" ] }, - "user": { - "email": "iamtheoperator@gmail.com", - "id": "uLoRgfbbTayCX6r2Q_qQsQ", - "target": { - "id": "uL34AAbbbbAAAAAAQsQ" - } - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "@timestamp": "2020-06-29T17:32:19.427Z", - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "fdhjfdhsj536274gfd", "fdhjfdhsj536274gfd" ] }, + "user": { + "email": "somememail@randommailer28.com", + "id": "fdhjfdhsj536274gfd", + "target": { + "id": "fdhjfdhsj536274gfd" + } + }, "zoom": { + "account_id": "EPbbbbb@@@@@2sfdfdA", "old_values": { + "id": "fdhjfdhsj536274gfd", "settings": { "meeting_authentication": true - }, - "id": "fdhjfdhsj536274gfd" + } }, + "operator": "somememail@randommailer28.com", + "operator_id": "fdhjfdhsj536274gfd", "settings": { "meeting_authentication": false }, - "account_id": "EPbbbbb@@@@@2sfdfdA", "user": { "id": "fdhjfdhsj536274gfd" - }, - "operator_id": "fdhjfdhsj536274gfd", - "operator": "somememail@randommailer28.com" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "user.settings_updated", + "action": "user.deactivated", "category": [ - "configuration", "iam" ], + "kind": [ + "event" + ], "type": [ "creation", "change" - ], - "kind": [ - "event" ] }, - "user": { - "email": "somememail@randommailer28.com", - "id": "fdhjfdhsj536274gfd", - "target": { - "id": "fdhjfdhsj536274gfd" - } - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8yCxjabcdEFGHfp8uQ", "abcD3ojfdbjfg" ] }, - "zoom": { - "account_id": "AAAAAABBBB", - "user": { - "last_name": "Phan", - "id": "abcD3ojfdbjfg", - "type": 1, - "first_name": "Henry", - "email": "henrysemail@email.com" - }, - "operator_id": "z8yCxjabcdEFGHfp8uQ", - "operator": "anawesomeuser@email.com" - }, - "event": { - "action": "user.deactivated", - "category": [ - "iam" - ], - "type": [ - "creation", - "change" - ], - "kind": [ - "event" - ] - }, "user": { "email": "anawesomeuser@email.com", "id": "z8yCxjabcdEFGHfp8uQ", @@ -292,143 +280,143 @@ "full_name": "Henry Phan", "id": "abcD3ojfdbjfg" } - } - }, - { - "observer": { - "product": "Webhook", - "vendor": "Zoom" - }, - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "z8yCxjabcdEFGHfp8uQ", - "abcD3ojfdbjfg" - ] }, "zoom": { "account_id": "AAAAAABBBB", + "operator": "anawesomeuser@email.com", + "operator_id": "z8yCxjabcdEFGHfp8uQ", "user": { - "last_name": "Phan", - "id": "abcD3ojfdbjfg", - "type": 3, + "email": "henrysemail@email.com", "first_name": "Henry", - "email": "henrysemail@email.com" - }, - "operator_id": "z8yCxjabcdEFGHfp8uQ", - "operator": "anawesomeuser@email.com" + "id": "abcD3ojfdbjfg", + "last_name": "Phan", + "type": 1 + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { "action": "user.activated", "category": [ "iam" ], + "kind": [ + "event" + ], "type": [ "creation", "change" - ], - "kind": [ - "event" ] }, - "user": { - "email": "anawesomeuser@email.com", - "id": "z8yCxjabcdEFGHfp8uQ", - "target": { - "email": "henrysemail@email.com", - "full_name": "Henry Phan", - "id": "abcD3ojfdbjfg" - } - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8yCxjabcdEFGHfp8uQ", "abcD3ojfdbjfg" ] }, + "user": { + "email": "anawesomeuser@email.com", + "id": "z8yCxjabcdEFGHfp8uQ", + "target": { + "email": "henrysemail@email.com", + "full_name": "Henry Phan", + "id": "abcD3ojfdbjfg" + } + }, "zoom": { "account_id": "AAAAAABBBB", + "operator": "anawesomeuser@email.com", + "operator_id": "z8yCxjabcdEFGHfp8uQ", "user": { - "last_name": "Phan", - "id": "abcD3ojfdbjfg", - "type": 3, + "email": "henrysemail@email.com", "first_name": "Henry", - "email": "henrysemail@email.com" - }, - "operator_id": "z8yCxjabcdEFGHfp8uQ", - "operator": "anawesomeuser@email.com" + "id": "abcD3ojfdbjfg", + "last_name": "Phan", + "type": 3 + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { "action": "user.disassociated", "category": [ "iam" ], + "kind": [ + "event" + ], "type": [ "creation", "change" - ], - "kind": [ - "event" ] }, - "user": { - "email": "anawesomeuser@email.com", - "id": "z8yCxjabcdEFGHfp8uQ", - "target": { - "email": "henrysemail@email.com", - "full_name": "Henry Phan", - "id": "abcD3ojfdbjfg" - } - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8yCxjabcdEFGHfp8uQ", "abcD3ojfdbjfg" ] }, + "user": { + "email": "anawesomeuser@email.com", + "id": "z8yCxjabcdEFGHfp8uQ", + "target": { + "email": "henrysemail@email.com", + "full_name": "Henry Phan", + "id": "abcD3ojfdbjfg" + } + }, "zoom": { "account_id": "AAAAAABBBB", + "operator": "anawesomeuser@email.com", + "operator_id": "z8yCxjabcdEFGHfp8uQ", "user": { - "last_name": "Phan", - "id": "abcD3ojfdbjfg", - "type": "3", + "email": "henrysemail@email.com", "first_name": "Henry", - "email": "henrysemail@email.com" - }, - "operator_id": "z8yCxjabcdEFGHfp8uQ", - "operator": "anawesomeuser@email.com" + "id": "abcD3ojfdbjfg", + "last_name": "Phan", + "type": 3 + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { "action": "user.deleted", "category": [ "iam" ], + "kind": [ + "event" + ], "type": [ "creation", "deletion" - ], - "kind": [ - "event" + ] + }, + "observer": { + "product": "Webhook", + "vendor": "Zoom" + }, + "related": { + "user": [ + "z8yCxjabcdEFGHfp8uQ", + "abcD3ojfdbjfg" ] }, "user": { @@ -439,82 +427,83 @@ "full_name": "Henry Phan", "id": "abcD3ojfdbjfg" } + }, + "zoom": { + "account_id": "AAAAAABBBB", + "operator": "anawesomeuser@email.com", + "operator_id": "z8yCxjabcdEFGHfp8uQ", + "user": { + "email": "henrysemail@email.com", + "first_name": "Henry", + "id": "abcD3ojfdbjfg", + "last_name": "Phan", + "type": "3" + } } }, { - "observer": { - "product": "Webhook", - "vendor": "Zoom" - }, "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "z8ycx1223fq" - ] - }, - "zoom": { - "user": { - "email": "sfdhfghfgh@dkjdfd.com", - "presence_status": "Available", - "id": "z8ycx1223fq" - }, - "account_id": "EPjfyjxHMA" + "version": "8.3.0" }, "event": { "action": "user.presence_status_updated", "category": [ "iam" ], + "kind": [ + "event" + ], "type": [ "creation", "change" - ], - "kind": [ - "event" ] }, - "user": { - "email": "sfdhfghfgh@dkjdfd.com", - "id": "z8ycx1223fq" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ - "z8aggp8uq" + "z8ycx1223fq" ] }, + "user": { + "email": "sfdhfghfgh@dkjdfd.com", + "id": "z8ycx1223fq" + }, "zoom": { - "old_values": { - "personal_notes": "this is the old note" - }, + "account_id": "EPjfyjxHMA", "user": { - "personal_notes": "Out of Office until February 31", - "email": "sdfsgdfg@fjghg.ghm", - "id": "z8aggp8uq" - }, - "account_id": "EPfhhdrYxHMA" + "email": "sfdhfghfgh@dkjdfd.com", + "id": "z8ycx1223fq", + "presence_status": "Available" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { "action": "user.personal_notes_updated", "category": [ "iam" ], + "kind": [ + "event" + ], "type": [ "creation", "change" - ], - "kind": [ - "event" + ] + }, + "observer": { + "product": "Webhook", + "vendor": "Zoom" + }, + "related": { + "user": [ + "z8aggp8uq" ] }, "user": { @@ -524,86 +513,97 @@ "email": "sdfsgdfg@fjghg.ghm", "id": "z8aggp8uq" } + }, + "zoom": { + "account_id": "EPfhhdrYxHMA", + "old_values": { + "personal_notes": "this is the old note" + }, + "user": { + "email": "sdfsgdfg@fjghg.ghm", + "id": "z8aggp8uq", + "personal_notes": "Out of Office until February 31" + } } }, { - "observer": { - "product": "Webhook", - "vendor": "Zoom" - }, "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "djkglfdgkjdflghfdpe" - ] - }, - "zoom": { - "user": { - "client_type": "android", - "id": "djkglfdgkjdflghfdpe", - "version": "4.5.3308.0902", - "email": "awesomeuser@awesomemeail.ghkgf" - }, - "account_id": "dsjfosdfpdosgifdjg" + "version": "8.3.0" }, "event": { "action": "user.signed_in", "category": [ "authentication" ], + "kind": [ + "event" + ], "type": [ "creation", "start" - ], - "kind": [ - "event" ] }, - "user": { - "email": "awesomeuser@awesomemeail.ghkgf", - "id": "djkglfdgkjdflghfdpe" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "djkglfdgkjdflghfdpe" ] }, + "user": { + "email": "awesomeuser@awesomemeail.ghkgf", + "id": "djkglfdgkjdflghfdpe" + }, "zoom": { + "account_id": "dsjfosdfpdosgifdjg", "user": { "client_type": "android", + "email": "awesomeuser@awesomemeail.ghkgf", "id": "djkglfdgkjdflghfdpe", - "version": "4.5.3308.0902", - "email": "awesomeuser@awesomemeail.ghkgf" - }, - "account_id": "dsjfosdfpdosgifdjg" + "version": "4.5.3308.0902" + } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { "action": "user.signed_out", "category": [ "authentication" ], + "kind": [ + "event" + ], "type": [ "creation", "end" - ], - "kind": [ - "event" + ] + }, + "observer": { + "product": "Webhook", + "vendor": "Zoom" + }, + "related": { + "user": [ + "djkglfdgkjdflghfdpe" ] }, "user": { "email": "awesomeuser@awesomemeail.ghkgf", "id": "djkglfdgkjdflghfdpe" + }, + "zoom": { + "account_id": "dsjfosdfpdosgifdjg", + "user": { + "client_type": "android", + "email": "awesomeuser@awesomemeail.ghkgf", + "id": "djkglfdgkjdflghfdpe", + "version": "4.5.3308.0902" + } } } ] diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json index bd9392fc9d2..0087fccdaf2 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json @@ -1,235 +1,244 @@ { "expected": [ { + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "webinar.created", + "kind": [ + "event" + ], + "type": [ + "info", + "creation" + ] + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLoRgfbbTayCX6r2Q_qQsQ" ] }, + "user": { + "email": "someemail@email.com", + "id": "uLoRgfbbTayCX6r2Q_qQsQ" + }, "zoom": { "account_id": "o8KK_AAACq6BBEyA70CA", - "operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", "operator": "someemail@email.com", + "operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", "webinar": { "duration": 60, + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "id": 111111111, "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": 111111111, "type": 5, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.created", - "type": [ - "info", - "creation" - ], + "action": "webinar.updated", "kind": [ "event" + ], + "type": [ + "info", + "change" ] }, - "user": { - "email": "someemail@email.com", - "id": "uLoRgfbbTayCX6r2Q_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "BBBBBBBBBB" ] }, + "user": { + "email": "someemail@email.com", + "id": "BBBBBBBBBB" + }, "zoom": { + "account_id": "AAAAAAAAAAA", "old_values": { + "id": 155184668, + "join_url": "https://zoom.us/j/00000000", "settings": { "join_before_host": true, - "use_pmi": false, - "participant_video": true + "participant_video": true, + "use_pmi": false }, - "join_url": "https://zoom.us/j/00000000", - "id": 155184668, "time_stamp": 1562791953209, "type": 9 }, + "operator": "someemail@email.com", + "operator_id": "BBBBBBBBBB", "settings": { "host_video": "false" }, - "account_id": "AAAAAAAAAAA", - "operator_id": "BBBBBBBBBB", - "operator": "someemail@email.com", "webinar": { "duration": 120, - "start_time": "2019-07-11T20:00:00Z", - "join_url": "https://zoom.us/j/00000000", "id": 155184668, + "join_url": "https://zoom.us/j/00000000", + "start_time": "2019-07-11T20:00:00Z", "type": 5 } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.updated", - "type": [ - "info", - "change" - ], + "action": "webinar.deleted", "kind": [ "event" + ], + "type": [ + "info", + "deletion" ] }, - "user": { - "email": "someemail@email.com", - "id": "BBBBBBBBBB" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLoRgfbbTayCX6r2Q_qQsQ" ] }, + "user": { + "email": "someemail@email.com", + "id": "uLoRgfbbTayCX6r2Q_qQsQ" + }, "zoom": { "account_id": "o8KK_AAACq6BBEyA70CA", - "operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", "operator": "someemail@email.com", + "operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", "webinar": { "duration": 60, + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "id": 111111111, "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": 111111111, "type": 5, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.deleted", - "type": [ - "info", - "deletion" - ], + "action": "webinar.started", "kind": [ "event" + ], + "type": [ + "info", + "start" ] }, - "user": { - "email": "someemail@email.com", - "id": "uLoRgfbbTayCX6r2Q_qQsQ" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLoRgfbbTayCX6r2Q_qQsQ" ] }, + "user": { + "email": "someemail@email.com" + }, "zoom": { - "operator": "someemail@email.com", "account_id": "o8KK_AAACq6BBEyA70CA", + "operator": "someemail@email.com", "webinar": { "duration": 0, + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "id": 111111111, "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": 111111111, "type": 5, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.started", - "type": [ - "info", - "start" - ], + "action": "webinar.ended", "kind": [ "event" + ], + "type": [ + "info", + "end" ] }, - "user": { - "email": "someemail@email.com" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLoRgfbbTayCX6r2Q_qQsQ" ] }, + "user": { + "email": "someemail@email.com" + }, "zoom": { - "operator": "someemail@email.com", "account_id": "o8KK_AAACq6BBEyA70CA", + "operator": "someemail@email.com", "webinar": { "duration": 0, + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "id": 111111111, "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": 111111111, "type": 5, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.ended", - "type": [ - "info", - "end" - ], + "action": "webinar.alert", "kind": [ "event" + ], + "type": [ + "error" ] }, - "user": { - "email": "someemail@email.com" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8yCxTTTTSiw02QgCAp8uQ" @@ -238,191 +247,193 @@ "zoom": { "webinar": { "duration": 60, + "host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "id": "6962400003", + "issues": "Unstable audio quality", "start_time": "2019-07-16T17:14:39Z", "timezone": "America/Los_Angeles", "topic": "My Webinar", - "id": "6962400003", "type": 2, - "issues": "Unstable audio quality", - "uuid": "4118UHIiRCAAAtBlDkcVyw==", - "host_id": "z8yCxTTTTSiw02QgCAp8uQ" + "uuid": "4118UHIiRCAAAtBlDkcVyw==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.alert", - "type": [ - "error" - ], + "action": "webinar.sharing_started", "kind": [ "event" + ], + "type": [ + "info", + "start" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8yCxTTTTSiw02QgCAp8uQ", "s0AAAASoSE1V8KIFOCYw" ] }, + "user": { + "full_name": "Arya Arya", + "id": "s0AAAASoSE1V8KIFOCYw" + }, "zoom": { + "account_id": "EPeQtiABC000VYxHMA", "participant": { "id": "s0AAAASoSE1V8KIFOCYw", - "user_id": "16778000", - "user_name": "Arya Arya", "sharing_details": { - "link_source": "in_meeting", - "source": "dropbox", + "content": "application", "date_time": "2019-07-16T17:19:11Z", - "content": "application" - } + "link_source": "in_meeting", + "source": "dropbox" + }, + "user_id": "16778000", + "user_name": "Arya Arya" }, - "account_id": "EPeQtiABC000VYxHMA", "webinar": { "duration": 60, + "host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "id": "6962400003", "start_time": "2019-07-16T17:14:39Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": "6962400003", "type": 5, - "uuid": "4118UHIiRCAAAtBlDkcVyw==", - "host_id": "z8yCxTTTTSiw02QgCAp8uQ" + "uuid": "4118UHIiRCAAAtBlDkcVyw==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { "action": "webinar.sharing_started", + "kind": [ + "event" + ], "type": [ "info", "start" - ], - "kind": [ - "event" ] }, - "user": { - "full_name": "Arya Arya", - "id": "s0AAAASoSE1V8KIFOCYw" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "z8yCxTTTTSiw02QgCAp8uQ", "s0AAAASoSE1V8KIFOCYw" ] }, + "user": { + "full_name": "Arya Arya", + "id": "s0AAAASoSE1V8KIFOCYw" + }, "zoom": { + "account_id": "EPeQtiABC000VYxHMA", "participant": { "id": "s0AAAASoSE1V8KIFOCYw", - "user_id": "16778000", - "user_name": "Arya Arya", "sharing_details": { - "link_source": "in_meeting", - "source": "dropbox", + "content": "application", "date_time": "2019-07-16T17:19:11Z", - "content": "application" - } + "link_source": "in_meeting", + "source": "dropbox" + }, + "user_id": "16778000", + "user_name": "Arya Arya" }, - "account_id": "EPeQtiABC000VYxHMA", "webinar": { "duration": 60, + "host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "id": "6962400003", "start_time": "2019-07-16T17:14:39Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": "6962400003", "type": 5, - "uuid": "4118UHIiRCAAAtBlDkcVyw==", - "host_id": "z8yCxTTTTSiw02QgCAp8uQ" + "uuid": "4118UHIiRCAAAtBlDkcVyw==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.sharing_started", - "type": [ - "info", - "start" - ], + "action": "webinar.registration_created", "kind": [ "event" + ], + "type": [ + "info", + "creation" ] }, - "user": { - "full_name": "Arya Arya", - "id": "s0AAAASoSE1V8KIFOCYw" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ", "U0BBBBBBBBBBfrUz1Q" ] }, + "user": { + "email": "coolemail@email.com", + "full_name": "Cool Person", + "id": "U0BBBBBBBBBBfrUz1Q" + }, "zoom": { "account_id": "lAAAAAAAAAAAAA", "registrant": { - "last_name": "Person", - "join_url": "https://zoom.us/w/someendpointhere", - "id": "U0BBBBBBBBBBfrUz1Q", - "first_name": "Cool", "email": "coolemail@email.com", + "first_name": "Cool", + "id": "U0BBBBBBBBBBfrUz1Q", + "join_url": "https://zoom.us/w/someendpointhere", + "last_name": "Person", "status": "approved" }, "webinar": { "duration": 120, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.registration_created", - "type": [ - "info", - "creation" - ], + "action": "webinar.registration_approved", "kind": [ "event" + ], + "type": [ + "info", + "allowed", + "change" ] }, - "user": { - "email": "coolemail@email.com", - "full_name": "Cool Person", - "id": "U0BBBBBBBBBBfrUz1Q" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "Lobbbbbbbbbb_qQsQ", @@ -430,239 +441,228 @@ "U0BBBBBBBBBBfrUz1Q" ] }, + "user": { + "email": "coolemail@email.com", + "full_name": "Cool Person", + "id": "U0BBBBBBBBBBfrUz1Q" + }, "zoom": { "account_id": "lAAAAAAAAAAAAA", + "operator": "somemail@email.com", + "operator_id": "Lobbbbbbbbbb_qQsQ", "registrant": { - "last_name": "Person", - "id": "U0BBBBBBBBBBfrUz1Q", + "email": "coolemail@email.com", "first_name": "Cool", - "email": "coolemail@email.com" + "id": "U0BBBBBBBBBBfrUz1Q", + "last_name": "Person" }, - "operator_id": "Lobbbbbbbbbb_qQsQ", - "operator": "somemail@email.com", "webinar": { "duration": 120, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 2, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.registration_approved", + "action": "webinar.registration_denied", + "kind": [ + "event" + ], "type": [ "info", - "allowed", + "denied", "change" - ], - "kind": [ - "event" ] }, - "user": { - "email": "coolemail@email.com", - "full_name": "Cool Person", - "id": "U0BBBBBBBBBBfrUz1Q" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ", "U0BBBBBBBBBBfrUz1Q" ] }, + "user": { + "email": "coolemail@email.com", + "full_name": "Cool Person", + "id": "U0BBBBBBBBBBfrUz1Q" + }, "zoom": { "account_id": "lAAAAAAAAAAAAA", + "operator": "coolemail@email.com", "registrant": { - "last_name": "Person", - "id": "U0BBBBBBBBBBfrUz1Q", + "email": "coolemail@email.com", "first_name": "Cool", - "email": "coolemail@email.com" + "id": "U0BBBBBBBBBBfrUz1Q", + "last_name": "Person" }, - "operator": "coolemail@email.com", "webinar": { "duration": 120, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 5, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.registration_denied", + "action": "webinar.registration_cancelled", + "kind": [ + "event" + ], "type": [ "info", - "denied", "change" - ], - "kind": [ - "event" ] }, - "user": { - "email": "coolemail@email.com", - "full_name": "Cool Person", - "id": "U0BBBBBBBBBBfrUz1Q" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLobbbbbbbbbb_qQsQ", "U0BBBBBBBBBBfrUz1Q" ] }, + "user": { + "email": "coolemail@email.com", + "full_name": "Cool Person", + "id": "U0BBBBBBBBBBfrUz1Q" + }, "zoom": { "account_id": "lAAAAAAAAAAAAA", + "operator": "coolemail@email.com", "registrant": { - "last_name": "Person", - "id": "U0BBBBBBBBBBfrUz1Q", + "email": "coolemail@email.com", "first_name": "Cool", - "email": "coolemail@email.com" + "id": "U0BBBBBBBBBBfrUz1Q", + "last_name": "Person" }, - "operator": "coolemail@email.com", "webinar": { "duration": 120, + "host_id": "uLobbbbbbbbbb_qQsQ", + "id": 150000008, "start_time": "2019-07-11T20:00:00Z", "timezone": "America/Los_Angeles", "topic": "A test meeting", - "id": 150000008, "type": 5, - "uuid": "dj12vck6sdTn6yy7qdy3dQg==", - "host_id": "uLobbbbbbbbbb_qQsQ" + "uuid": "dj12vck6sdTn6yy7qdy3dQg==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.registration_cancelled", - "type": [ - "info", - "change" - ], + "action": "webinar.participant_joined", "kind": [ "event" + ], + "type": [ + "info" ] }, - "user": { - "email": "coolemail@email.com", - "full_name": "Cool Person", - "id": "U0BBBBBBBBBBfrUz1Q" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLoRgfbbTayCX6r2Q_qQsQ", "iFxeBPYun6SAiWUzBcEkX" ] }, + "user": { + "full_name": "shree", + "id": "iFxeBPYun6SAiWUzBcEkX" + }, "zoom": { "account_id": "o8KK_AAACq6BBEyA70CA", "operator": "someemail@email.com", "participant": { "id": "iFxeBPYun6SAiWUzBcEkX", + "join_time": "2019-07-16T17:13:13Z", "user_id": "16782040", - "user_name": "shree", - "join_time": "2019-07-16T17:13:13Z" + "user_name": "shree" }, "webinar": { "duration": 60, + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "id": "111111111", "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": "111111111", "type": 2, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" } + } + }, + { + "ecs": { + "version": "8.3.0" }, "event": { - "action": "webinar.participant_joined", - "type": [ - "info" - ], + "action": "webinar.participant_left", "kind": [ "event" + ], + "type": [ + "info" ] }, - "user": { - "full_name": "shree", - "id": "iFxeBPYun6SAiWUzBcEkX" - } - }, - { "observer": { "product": "Webhook", "vendor": "Zoom" }, - "ecs": { - "version": "8.2.0" - }, "related": { "user": [ "uLoRgfbbTayCX6r2Q_qQsQ", "iFxeBPYun6SAiWUzBcEkX" ] }, + "user": { + "full_name": "shree", + "id": "iFxeBPYun6SAiWUzBcEkX" + }, "zoom": { "account_id": "o8KK_AAACq6BBEyA70CA", "operator": "someemail@email.com", "participant": { - "leave_time": "2019-07-16T17:13:13Z", "id": "iFxeBPYun6SAiWUzBcEkX", + "leave_time": "2019-07-16T17:13:13Z", "user_id": "16782040", "user_name": "shree" }, "webinar": { "duration": 60, + "host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "id": "111111111", "start_time": "2019-07-09T17:00:00Z", "timezone": "America/Los_Angeles", "topic": "My Meeting", - "id": "111111111", "type": 2, - "uuid": "czLF6FFFoQOKgAB99DlDb9g==", - "host_id": "uLoRgfbbTayCX6r2Q_qQsQ" + "uuid": "czLF6FFFoQOKgAB99DlDb9g==" } - }, - "event": { - "action": "webinar.participant_left", - "type": [ - "info" - ], - "kind": [ - "event" - ] - }, - "user": { - "full_name": "shree", - "id": "iFxeBPYun6SAiWUzBcEkX" } } ] diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json index c2200868d34..3e2c2af63e5 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json @@ -1,123 +1,123 @@ { "expected": [ { + "ecs": { + "version": "8.3.0" + }, + "event": { + "action": "zoomroom.alert", + "kind": [ + "event" + ] + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, "zoom": { + "account_id": "EPAbcdefyZslakjflP", "zoomroom": { - "room_name": "MyFabulousZoomRoom", - "component": 2, - "issue": "Room Controller disconnected", "alert_kind": 1, - "id": "EbY5jzz2R5KVPn6ZY9wh0A", - "calendar_name": "myemailforcalendarintegration@somedomain.com", "alert_type": 1, - "email": "myemailforzoomroom@somedomain.com" - }, - "account_id": "EPAbcdefyZslakjflP" - }, + "calendar_name": "myemailforcalendarintegration@somedomain.com", + "component": 2, + "email": "myemailforzoomroom@somedomain.com", + "id": "EbY5jzz2R5KVPn6ZY9wh0A", + "issue": "Room Controller disconnected", + "room_name": "MyFabulousZoomRoom" + } + } + }, + { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { - "action": "zoomroom.alert", + "action": "zoomroom.delayed_alert", "kind": [ "event" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, "zoom": { + "account_id": "EPAbcdefyZslakjflP", "zoomroom": { - "room_name": "MyFabulousZoomRoom", - "component": 2, - "issue": "Room Controller disconnected", "alert_kind": 1, - "id": "EbY5jzz2R5KVPn6ZY9wh0A", - "calendar_name": "myemailforcalendarintegration@somedomain.com", "alert_type": 1, - "email": "myemailforzoomroom@somedomain.com" - }, - "account_id": "EPAbcdefyZslakjflP" - }, + "calendar_name": "myemailforcalendarintegration@somedomain.com", + "component": 2, + "email": "myemailforzoomroom@somedomain.com", + "id": "EbY5jzz2R5KVPn6ZY9wh0A", + "issue": "Room Controller disconnected", + "room_name": "MyFabulousZoomRoom" + } + } + }, + { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { - "action": "zoomroom.delayed_alert", + "action": "zoomroom.checked_in", "kind": [ "event" + ], + "type": [ + "info", + "start" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, "zoom": { + "account_id": "vhdnmf673q2543rfhgsca", "zoomroom": { - "room_name": "Sharks Room", + "calendar_id": "mytestemailaddress123444@zoom.us", + "calendar_name": "zoom.us_abcd783r894v4nigh8@group.calendar.google.com", "change_key": "DwAAABYAAABQ/N0JvB/FRqv5UT2rFfkVAAE2XqVw", + "email": "jdfhdsk@dgjfh.sfgjgdf", "event_id": "AbbbbbGYxLTc3OTVkMzFmZDc0MwBGAAAAAAD48FI58voYSqDgJePOSZblBwBQ/N0JvB/FRqv5UT2rFfkVAAAAAAENAABQ/N0JvB/FRqv5UT2rFfkVAAE2YC8DAAA=", - "calendar_id": "mytestemailaddress123444@zoom.us", - "resource_email": "public.test@testmail123gdgds.com", "id": "365743fgshfh63", - "calendar_name": "zoom.us_abcd783r894v4nigh8@group.calendar.google.com", - "email": "jdfhdsk@dgjfh.sfgjgdf" - }, - "account_id": "vhdnmf673q2543rfhgsca" - }, + "resource_email": "public.test@testmail123gdgds.com", + "room_name": "Sharks Room" + } + } + }, + { "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "zoomroom.checked_in", + "kind": [ + "event" + ], "type": [ "info", "start" - ], - "kind": [ - "event" ] - } - }, - { + }, "observer": { "product": "Webhook", "vendor": "Zoom" }, "zoom": { + "account_id": "vhdnmf673q2543rfhgsca", "zoomroom": { - "room_name": "Sharks Room", + "calendar_id": "mytestemailaddress123444@zoom.us", + "calendar_name": "zoom.us_abcd783r894v4nigh8@group.calendar.google.com", "change_key": "DwAAABYAAABQ/N0JvB/FRqv5UT2rFfkVAAE2XqVw", + "email": "jdfhdsk@dgjfh.sfgjgdf", "event_id": "AbbbbbGYxLTc3OTVkMzFmZDc0MwBGAAAAAAD48FI58voYSqDgJePOSZblBwBQ/N0JvB/FRqv5UT2rFfkVAAAAAAENAABQ/N0JvB/FRqv5UT2rFfkVAAE2YC8DAAA=", - "calendar_id": "mytestemailaddress123444@zoom.us", - "resource_email": "public.test@testmail123gdgds.com", "id": "365743fgshfh63", - "calendar_name": "zoom.us_abcd783r894v4nigh8@group.calendar.google.com", - "email": "jdfhdsk@dgjfh.sfgjgdf" - }, - "account_id": "vhdnmf673q2543rfhgsca" - }, - "ecs": { - "version": "8.2.0" - }, - "event": { - "action": "zoomroom.checked_in", - "type": [ - "info", - "start" - ], - "kind": [ - "event" - ] + "resource_email": "public.test@testmail123gdgds.com", + "room_name": "Sharks Room" + } } } ] diff --git a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml index 018e6ce9f9f..731b936daed 100644 --- a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: Webhook - set: field: ecs.version - value: 8.2.0 + value: 8.3.0 - script: description: Drops null/empty values recursively lang: painless diff --git a/packages/zoom/manifest.yml b/packages/zoom/manifest.yml index 4dfa1433b31..98354bdbd93 100644 --- a/packages/zoom/manifest.yml +++ b/packages/zoom/manifest.yml @@ -1,6 +1,6 @@ name: zoom title: Zoom -version: 1.3.1 +version: "1.4.0" release: ga description: Collect data from Zoom Platform API with Elastic Agent. type: integration diff --git a/packages/zscaler_zia/_dev/build/build.yml b/packages/zscaler_zia/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/zscaler_zia/_dev/build/build.yml +++ b/packages/zscaler_zia/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index 0b7ad86fdcf..114b261a0b9 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "2.1.0" changes: - description: Make GA diff --git a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json index 54b51a184ea..1c11d5c3d85 100644 --- a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json +++ b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json @@ -8,7 +8,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "original": "\u003c114\u003eDec 31 12:01:04 [175.16.199.1] ZscalerNSS: Zscaler cloud configuration connection to 175.16.199.1:443 lost and unavailable for the past 2325.00 minutes" @@ -41,7 +41,7 @@ "port": 9012 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "original": "\u003c114\u003eDec 31 13:02:05 [81.2.69.193] ZscalerNSS: SIEM Feed connection \"DNS Logs Feed\" to 81.2.69.193:9012 lost and unavailable for the past 2440.00 minutes" @@ -74,7 +74,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "original": "\u003c114\u003eDec 31 14:03:06 [81.2.69.193] Hey, that's a new type of alert. Isn't it?" diff --git a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index f29273dfca2..b77c894f4e3 100644 --- a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler alert logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/alerts/sample_event.json b/packages/zscaler_zia/data_stream/alerts/sample_event.json index 22f6aca8890..37f7cd78887 100644 --- a/packages/zscaler_zia/data_stream/alerts/sample_event.json +++ b/packages/zscaler_zia/data_stream/alerts/sample_event.json @@ -18,7 +18,7 @@ "port": 9012 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "638019f9-173e-4c24-9e28-64b128c92162", diff --git a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http_endpoint.log-expected.json b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http_endpoint.log-expected.json index a893ab0c5b6..b83141b3957 100644 --- a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http_endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http_endpoint.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 21b35962c29..31cf33229b8 100644 --- a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index db3c13014f7..b8da3defb91 100644 --- a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler dns logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/dns/sample_event.json b/packages/zscaler_zia/data_stream/dns/sample_event.json index ae3effed418..b4b7db9f2aa 100644 --- a/packages/zscaler_zia/data_stream/dns/sample_event.json +++ b/packages/zscaler_zia/data_stream/dns/sample_event.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f6f3ddbc-7ab7-4a74-aeeb-152405dea56f", diff --git a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http_endpoint.log-expected.json b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http_endpoint.log-expected.json index 85fa703c017..24aefb223d2 100644 --- a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http_endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http_endpoint.log-expected.json @@ -11,7 +11,7 @@ "port": 456 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "outofrange", diff --git a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json index c6aca3f6086..fcc11db16e5 100644 --- a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json @@ -11,7 +11,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "drop", diff --git a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index 1648f4b32f0..d8bf9b4a4b3 100644 --- a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler firewall logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/firewall/sample_event.json b/packages/zscaler_zia/data_stream/firewall/sample_event.json index 1d138bf5253..6804a2a0114 100644 --- a/packages/zscaler_zia/data_stream/firewall/sample_event.json +++ b/packages/zscaler_zia/data_stream/firewall/sample_event.json @@ -21,7 +21,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f6f3ddbc-7ab7-4a74-aeeb-152405dea56f", diff --git a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http_endpoint.log-expected.json b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http_endpoint.log-expected.json index 0dbb202cad3..5c161b139e0 100644 --- a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http_endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http_endpoint.log-expected.json @@ -7,7 +7,7 @@ "ip": "0.0.0.0" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json index e32d8473920..6af12891d06 100644 --- a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json +++ b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -98,7 +98,7 @@ "port": 500 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -166,7 +166,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "IPsec tunnel is up", diff --git a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index 3391e5bf916..c6f8b4d74c7 100644 --- a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler tunnel logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/tunnel/sample_event.json b/packages/zscaler_zia/data_stream/tunnel/sample_event.json index 83379d7618b..1fb7b88a3ed 100644 --- a/packages/zscaler_zia/data_stream/tunnel/sample_event.json +++ b/packages/zscaler_zia/data_stream/tunnel/sample_event.json @@ -16,7 +16,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f6f3ddbc-7ab7-4a74-aeeb-152405dea56f", diff --git a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http_endpoint.log-expected.json b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http_endpoint.log-expected.json index de31572f0e5..fc92f87634a 100644 --- a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http_endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http_endpoint.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blocked", diff --git a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json index 0526a059941..771cdbc6a4c 100644 --- a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json +++ b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blocked", @@ -121,7 +121,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blocked", @@ -231,7 +231,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blocked", @@ -346,7 +346,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blocked", @@ -461,7 +461,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "action": "blocked", diff --git a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml index aa47aedd596..c4eb9e4d8a6 100644 --- a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler web logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/web/sample_event.json b/packages/zscaler_zia/data_stream/web/sample_event.json index 6c8fd65b273..275f7dade44 100644 --- a/packages/zscaler_zia/data_stream/web/sample_event.json +++ b/packages/zscaler_zia/data_stream/web/sample_event.json @@ -16,7 +16,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f6f3ddbc-7ab7-4a74-aeeb-152405dea56f", diff --git a/packages/zscaler_zia/docs/README.md b/packages/zscaler_zia/docs/README.md index acb933e22c8..160580ae529 100644 --- a/packages/zscaler_zia/docs/README.md +++ b/packages/zscaler_zia/docs/README.md @@ -238,7 +238,7 @@ An example event for `alerts` looks as following: "port": 9012 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "638019f9-173e-4c24-9e28-64b128c92162", @@ -423,7 +423,7 @@ An example event for `dns` looks as following: } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f6f3ddbc-7ab7-4a74-aeeb-152405dea56f", @@ -632,7 +632,7 @@ An example event for `firewall` looks as following: "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f6f3ddbc-7ab7-4a74-aeeb-152405dea56f", @@ -848,7 +848,7 @@ An example event for `tunnel` looks as following: "ip": "81.2.69.143" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f6f3ddbc-7ab7-4a74-aeeb-152405dea56f", @@ -1083,7 +1083,7 @@ An example event for `web` looks as following: "ip": "81.2.69.145" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "f6f3ddbc-7ab7-4a74-aeeb-152405dea56f", diff --git a/packages/zscaler_zia/manifest.yml b/packages/zscaler_zia/manifest.yml index a75aff23776..14b5edab0f6 100644 --- a/packages/zscaler_zia/manifest.yml +++ b/packages/zscaler_zia/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zia title: Zscaler Internet Access -version: 2.1.0 +version: "2.2.0" license: basic description: Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent. type: integration diff --git a/packages/zscaler_zpa/_dev/build/build.yml b/packages/zscaler_zpa/_dev/build/build.yml index 57064cc41b0..5661d603a89 100644 --- a/packages/zscaler_zpa/_dev/build/build.yml +++ b/packages/zscaler_zpa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.3.0 diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index b9d3f3f006b..21d2baba42a 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json b/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json index 1111bb2246e..4134452043f 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json +++ b/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "package", diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml index ea84f5ecb96..72acbd37aea 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler app connector status logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json b/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json index d54089c0742..f5608e1c94a 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json +++ b/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 2bd84609931..7bdcab05689 100644 --- a/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-17T04:29:38.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ @@ -63,7 +63,7 @@ { "@timestamp": "2021-11-17T04:29:38.000Z", "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index f013b24c634..d3a2b75f765 100644 --- a/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler audit logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/audit/sample_event.json b/packages/zscaler_zpa/data_stream/audit/sample_event.json index d12e0465a82..1185bd2ab92 100644 --- a/packages/zscaler_zpa/data_stream/audit/sample_event.json +++ b/packages/zscaler_zpa/data_stream/audit/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json b/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json index 1657f26bfe2..0e7c9e7a0e2 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json +++ b/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json @@ -19,7 +19,7 @@ "port": 60006 }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml index 2cedb9ec2f0..d27f76413d8 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler browser access logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/browser_access/sample_event.json b/packages/zscaler_zpa/data_stream/browser_access/sample_event.json index b01dbb2515f..b10efe026a4 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/sample_event.json +++ b/packages/zscaler_zpa/data_stream/browser_access/sample_event.json @@ -30,7 +30,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "acf7dca8-817d-4681-bad3-1cc9bfefc49c", diff --git a/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json b/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json index 9e6cf20d057..31ec4328362 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json +++ b/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "iam", diff --git a/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml index 689b5a60acc..f7161bbfaa2 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler user activity logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/user_activity/sample_event.json b/packages/zscaler_zpa/data_stream/user_activity/sample_event.json index bbe9478dc52..eb8f6ebb3a4 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/sample_event.json +++ b/packages/zscaler_zpa/data_stream/user_activity/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json b/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json index 87d6daaa0a4..fc47906fedb 100644 --- a/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json +++ b/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "event": { "category": "iam", diff --git a/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml index 6412e4ae129..7a0d65a8258 100644 --- a/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler user status logs processors: - set: field: ecs.version - value: '8.2.0' + value: '8.3.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/user_status/sample_event.json b/packages/zscaler_zpa/data_stream/user_status/sample_event.json index 10f701d32fc..3ce762575a0 100644 --- a/packages/zscaler_zpa/data_stream/user_status/sample_event.json +++ b/packages/zscaler_zpa/data_stream/user_status/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/docs/README.md b/packages/zscaler_zpa/docs/README.md index a608135e53b..b643ebf6d1c 100644 --- a/packages/zscaler_zpa/docs/README.md +++ b/packages/zscaler_zpa/docs/README.md @@ -228,7 +228,7 @@ An example event for `app_connector_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -444,7 +444,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -661,7 +661,7 @@ An example event for `browser_access` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "acf7dca8-817d-4681-bad3-1cc9bfefc49c", @@ -925,7 +925,7 @@ An example event for `user_activity` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -1168,7 +1168,7 @@ An example event for `user_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.3.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index 6413662ac98..5ca3aff1d42 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zpa title: "Zscaler Private Access" -version: 1.0.0 +version: "1.1.0" license: basic description: Collect logs from Zscaler Private Access (ZPA) with Elastic Agent. type: integration